Solved PC started running extremely slow past few days... (logs attached)

Status
Not open for further replies.
M

mcIrishgurl

Posts: 187   +1
my pc for the last few days has suddenly started to run extremely slow including downloads ...more so when using IE (version 8), but firefox seems to be affected as well. not sure if something was picked up. attached are my logs. thanks in advance for taking a look...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6965

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/28/2011 12:12:47 AM
mbam-log-2011-06-28 (00-12-47).txt

Scan type: Quick scan
Objects scanned: 194148
Time elapsed: 33 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-28 00:57:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-11CPF0 rev.06.04G06
Running: j6gw67uy.exe; Driver: C:\DOCUME~1\DAWNB~1\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7464210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7464224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7464250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF74642A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74641FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74641D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74641E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF746423A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF746427C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7464266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF74642D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF74642BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7464290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Dawn B at 1:02:48 on 2011-06-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.652 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxebserv.exe
C:\WINDOWS\system32\lxebcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com
uSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110509214019.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301098716453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301103901046
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5552D5E7-8E2B-4EFD-8EB1-1188DC6F16FF} : DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dawn b\application data\mozilla\firefox\profiles\9jqu77q9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-26 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-26 54760]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2011-5-17 193192]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-27 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-26 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-26 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-27 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-26 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-26 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-26 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-26 88736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-27 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-26 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-26 84488]
.
=============== Created Last 30 ================
.
2011-06-28 04:29:14 -------- d-----w- c:\documents and settings\dawn b\application data\Malwarebytes
2011-06-28 04:28:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 04:28:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-28 04:28:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 04:28:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-21 21:00:27 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-21 21:00:26 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-18 15:35:41 -------- d-----w- C:\hegames
2011-06-15 23:48:09 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-10 20:45:16 -------- d-----w- c:\program files\iPod
2011-06-10 20:45:08 -------- d-----w- c:\program files\iTunes
2011-06-10 20:30:27 -------- d-----w- c:\program files\Bonjour
2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-16 20:03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 1:05:15.60 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/25/2011 6:25:39 PM
System Uptime: 6/28/2011 12:16:41 AM (1 hours ago)
.
Motherboard: Lite-On Tech. | | 0888h
Processor: Intel(R) Celeron(R) CPU 2.00GHz | mPGA-478 | 2000/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 18.966 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 5/9/2011 3:02:50 PM - System Checkpoint
RP93: 5/10/2011 3:48:26 PM - System Checkpoint
RP94: 5/11/2011 3:01:05 AM - Software Distribution Service 3.0
RP95: 5/12/2011 3:36:25 AM - System Checkpoint
RP96: 5/13/2011 4:21:44 AM - System Checkpoint
RP97: 5/14/2011 5:19:53 AM - System Checkpoint
RP98: 5/15/2011 5:21:19 AM - System Checkpoint
RP99: 5/16/2011 6:00:16 AM - System Checkpoint
RP100: 5/17/2011 6:59:11 AM - System Checkpoint
RP101: 5/17/2011 6:32:21 PM - Removed ABBYY FineReader 5.0 Sprint
RP102: 5/17/2011 6:55:43 PM - Printer Driver Fax Lexmark Pro200-S500 Series Printer Installed
RP103: 5/18/2011 9:41:13 PM - System Checkpoint
RP104: 5/20/2011 2:17:33 AM - System Checkpoint
RP105: 5/21/2011 3:25:07 AM - System Checkpoint
RP106: 5/22/2011 4:07:24 AM - System Checkpoint
RP107: 5/23/2011 4:47:24 AM - System Checkpoint
RP108: 5/24/2011 4:53:05 AM - System Checkpoint
RP109: 5/25/2011 5:47:06 AM - System Checkpoint
RP110: 5/26/2011 6:05:00 AM - System Checkpoint
RP111: 5/27/2011 6:33:57 AM - System Checkpoint
RP112: 5/28/2011 6:50:56 AM - System Checkpoint
RP113: 5/29/2011 7:50:56 AM - System Checkpoint
RP114: 5/30/2011 8:04:13 AM - System Checkpoint
RP115: 5/31/2011 1:38:35 PM - System Checkpoint
RP116: 6/1/2011 1:42:18 PM - System Checkpoint
RP117: 6/2/2011 4:44:30 PM - System Checkpoint
RP118: 6/3/2011 4:49:43 PM - System Checkpoint
RP119: 6/4/2011 5:04:45 PM - System Checkpoint
RP120: 6/5/2011 5:31:26 PM - System Checkpoint
RP121: 6/6/2011 7:49:07 PM - System Checkpoint
RP122: 6/7/2011 8:05:19 PM - System Checkpoint
RP123: 6/8/2011 10:37:42 PM - System Checkpoint
RP124: 6/9/2011 11:01:45 PM - System Checkpoint
RP125: 6/11/2011 2:44:52 AM - System Checkpoint
RP126: 6/12/2011 3:10:20 AM - System Checkpoint
RP127: 6/13/2011 3:12:38 AM - System Checkpoint
RP128: 6/14/2011 4:50:17 AM - System Checkpoint
RP129: 6/15/2011 4:50:58 AM - System Checkpoint
RP130: 6/16/2011 1:25:58 AM - Software Distribution Service 3.0
RP131: 6/16/2011 2:10:10 AM - Software Distribution Service 3.0
RP132: 6/17/2011 2:26:19 AM - System Checkpoint
RP133: 6/18/2011 3:00:06 AM - System Checkpoint
RP134: 6/19/2011 3:03:52 AM - System Checkpoint
RP135: 6/20/2011 4:15:11 AM - System Checkpoint
RP136: 6/21/2011 5:17:28 AM - System Checkpoint
RP137: 6/22/2011 5:55:38 AM - System Checkpoint
RP138: 6/23/2011 7:10:31 AM - System Checkpoint
RP139: 6/24/2011 7:46:05 AM - System Checkpoint
RP140: 6/25/2011 9:05:50 AM - System Checkpoint
RP141: 6/26/2011 9:19:16 AM - System Checkpoint
RP142: 6/27/2011 10:32:17 AM - System Checkpoint
RP143: 6/28/2011 12:34:33 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
FaxTools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Learning Essentials for Microsoft Office
Lexmark Pro200-S500 Series
Lexmark Toolbar
Lexmark Tools for Office
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech SetPoint
Logitech® Camera Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PCI SoftV92 Modem
Picture Package Music Transfer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Sony Picture Utility
Sony USB Driver
SoundMAX
SpywareBlaster 4.4
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/25/2011 4:15:23 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0002E3332CF2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/25/2011 11:21:10 AM, error: DCOM [10001] - Unable to start a DCOM Server: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
6/24/2011 8:12:58 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
6/23/2011 5:35:44 PM, error: DCOM [10001] - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
6/22/2011 4:37:46 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0002E3332CF2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome back! Seems to me we cleaned your system up not too long ago! But you do have malware again and it's disabled the Security Center.

Please go ahead with these 2 scans:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
======================================
You should already have the Recovery Console, so Combofix will not go through that query.

Keep in mind: there are many reasons for 'slow' and they aren't always malware!
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
hi bobbyeye...and yes it wan't too long ago you helped me, albeit for a different symptom...now this :( i tried completing the combofix however when it gets to completed stage 50 i get a pop up error that pev.cfxxe has encountered a problem and needs to close. no report was generated as a result. i didn't proceed to your eset step yet because i wasn't sure if the combofix had to be run in its entirety without error....
 
Please run this and see if it will clear enough for Combofix to run:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
=======================================
Try Combofix again. If it won't run in Normal Mode, try running the scan in Safe Mode. If it still won't run, let me know.
 
tdsskiller didn't find anything, but when i tried combofix again, combofix completed...so go figure...below is the combofix log....eset found no threats, so no log...


ComboFix 11-06-29.06 - Dawn B 06/29/2011 14:18:55.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.800 [GMT -5:00]
Running from: c:\documents and settings\Dawn B\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-28 04:29 . 2011-06-28 04:29 -------- d-----w- c:\documents and settings\Dawn B\Application Data\Malwarebytes
2011-06-28 04:28 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 04:28 . 2011-06-28 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-28 04:28 . 2011-06-28 04:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 04:28 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 21:00 . 2011-06-21 21:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 21:00 . 2011-06-21 21:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-18 15:35 . 2011-06-18 15:35 -------- d-----w- C:\hegames
2011-06-17 04:10 . 2011-06-17 04:11 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-15 23:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-10 20:45 . 2011-06-10 20:45 -------- d-----w- c:\program files\iPod
2011-06-10 20:45 . 2011-06-10 20:48 -------- d-----w- c:\program files\iTunes
2011-06-10 20:30 . 2011-06-10 20:30 -------- d-----w- c:\program files\Bonjour
2011-06-06 17:55 . 2011-06-06 17:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 20:03 . 2011-05-14 14:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31 . 2002-08-29 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-08-29 10:41 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 08:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2002-08-29 10:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2002-08-29 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 09:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 19:01 . 2011-03-26 20:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01 . 2011-03-26 20:35 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 19:01 . 2011-03-26 20:35 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01 . 2011-03-26 20:35 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01 . 2011-03-26 20:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01 . 2011-03-26 20:35 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01 . 2011-03-26 20:35 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01 . 2011-03-26 20:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01 . 2011-03-26 20:19 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 19:01 . 2010-10-14 03:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01 . 2010-10-14 03:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-21 21:00 . 2011-03-26 22:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-03-27 01:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn B^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Dawn B\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2011-01-24 01:00 148280 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2011-03-25 23:58 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
2011-01-24 01:00 316072 ----a-w- c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-01-18 23:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-01-18 23:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-01-18 23:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 17:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
2011-01-24 01:00 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-04-05 16:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 21:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-06-07 20:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\WINDOWS\\system32\\lxebcoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 3:35 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [5/17/2011 6:58 PM 193192]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/27/2011 11:28 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 3:36 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 3:19 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 3:35 PM 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/27/2011 11:28 PM 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 3:35 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/27/2011 11:28 PM 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 3:35 PM 84488]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 92753423
*Deregistered* - 92753423
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\wc40fgpi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 14:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-29 14:48:21
ComboFix-quarantined-files.txt 2011-06-29 19:48
.
Pre-Run: 20,246,917,120 bytes free
Post-Run: 20,513,636,352 bytes free
.
- - End Of File - - 9564BE890832CC8A7F1E3C92F62CE1C5
 
as you review the above, i thought i'd mention that my mcafee ran it's scheduled scan and came up with Tool-NirCmd...it was quarantined and gave me an option to remove....should i remove this or handle it some other way?
 
not sure if you reviewed the combofix log yet as you didn't mention it in last reply...that was the last thing you asked me to try and complete...it's above your last post to me...thanks!
 
On 6/18, you show a Directory for C:/hegames He Games are Games tagged he by Sploder members. Sploder is an online game creator. Create fun games that you can publish to the net and email to friends.

The main site is here: http://www.sploder.com/games/tags/he/ and the games are tagged with -he

Did the current problems begin after 6/18?

I went back a reviewed your previous thread. You had problems with the links, scans and logs in that thread also. Additionally, you had to wrestle with the McAfee program constantly. I am thinking the OS may not be configured correctly.

3/26: .i did a fresh reinstall and it seems no redirection at this time
Click to expand...
I am not sure what was done there, but since that date, with the exclusion of the security scans, it looks like you've added , updated or reinstalled the following:
2011-06-21 21:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 21:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-18 15:35 -------- d-----w- C:\hegames
2011-06-17 04:11 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-10 20:45 -------- d-----w- c:\program files\iPod
2011-06-10 20:48 -------- d-----w- c:\program files\iTunes
2011-06-10 20:30 -------- d-----w- c:\program files\Bonjour
2011-06-06 17:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
Click to expand...
2011-06-07 20:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[/quote]

Depending on whether they started on boot and are running in the background, they could make a significant difference in the system performance.
 
i checked out that sploder link you posted and i certainly didn't knowingly download that, so i would certainly like your help to get rid of that and not sure what that ie plug in on 6-6 is (do i need that plug in?? if not you can help me get rid of that as well...but as for the other entries you displayed, they seem to be updates i am thinking....also, is the combofix log showing anything because i did post that as i got it to run in it's entirety....
 
Are there other users on this computer? This programs don't install themselves- the plugin I mentioned is most likely legitimate and also needs to be intentionally installed. Someone set up a Directory for the games.

Let's see if we can round up the accounts on the system: You already have SuperantiSpyware on the system. Please update it and run a scan. Be sure to do this:
Make sure everything found has a checkmark next to it, then press 'Next'.
==========================================
Then run this- the programs will go through each account and we can get more information:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
    Code: 
    :Files  
c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================================
Please paste both of the logs in your next reply.
 
there are 3 users on the pc...so lets see who the culprit is! lol

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
c:\program files\Internet Explorer\PLUGINS\nppdf32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dawn B
->Temp folder emptied: 11031072 bytes
->Temporary Internet Files folder emptied: 124683202 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89075677 bytes
->Flash cache emptied: 1559 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joe
->Temp folder emptied: 50710 bytes
->Temporary Internet Files folder emptied: 44873770 bytes
->FireFox cache emptied: 103868410 bytes
->Flash cache emptied: 849 bytes

User: Jonathan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 57214353 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 595955 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 411.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07022011_213032

Files moved on Reboot...

Registry entries deleted on Reboot...




this is the scan for superAntiSpyware....doesn't look like much here...so i also included the scan before today's from 6-7-11....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2011 at 09:13 PM

Application Version : 4.55.1000

Core Rules Database Version : 7367
Trace Rules Database Version: 5179

Scan type : Complete Scan
Total Scan Time : 01:14:24

Memory items scanned : 530
Memory threats detected : 0
Registry items scanned : 7206
Registry threats detected : 0
File items scanned : 21186
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Dawn B\Cookies\dawn_b@bizrate[1].txt
C:\Documents and Settings\Joe\Cookies\joe@atdmt[2].txt
C:\Documents and Settings\Joe\Cookies\joe@wt.xxxmatch[1].txt
C:\Documents and Settings\Joe\Cookies\joe@sexlog[1].txt
C:\Documents and Settings\Joe\Cookies\joe@www.fpctraffic2[1].txt
C:\Documents and Settings\Joe\Cookies\joe@www.xxxmatch[2].txt
C:\Documents and Settings\Joe\Cookies\joe@xxxmatch[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@atdmt.combing[2].txt



http://www.superantispyware.com

Generated 06/07/2011 at 04:12 PM

Application Version : 4.53.1000

Core Rules Database Version : 7079
Trace Rules Database Version: 5037

Scan type : Quick Scan
Total Scan Time : 00:16:47

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 1972
Registry threats detected : 2
File items scanned : 5000
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Dawn B\Cookies\dawn_b@atdmt[2].txt
C:\Documents and Settings\Dawn B\Cookies\dawn_b@atdmt.combing[2].txt
cdn1.static1.pornrabbit.com [ C:\Documents and Settings\Joe\Application Data\Macromedia\Flash Player\#SharedObjects\UQ7KEXQ4 ]
C:\Documents and Settings\Joe\Cookies\joe@0ec85edc.hornywood[1].txt
C:\Documents and Settings\Joe\Cookies\joe@a8e9f4b7.hornywood[2].txt
C:\Documents and Settings\Joe\Cookies\joe@atdmt.combing[2].txt
C:\Documents and Settings\Joe\Cookies\joe@db0263fd.hornywood[1].txt
C:\Documents and Settings\Joe\Cookies\joe@f66d08d5.hornywood[1].txt
C:\Documents and Settings\Joe\Cookies\joe@pornhost[2].txt

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
 
Suggest you have a talk with User Joe. The sites he is visiting pose a threat to the security of the system.

All 3 of you need to set a maintenance plan for each account:
Delete temporary internet files and Cookies
Dis Clean up
Error Check
Defrag.
Frequency depends on usage

Suggest all 3 accounts reset Cookies as follows:
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
 
i do cleanups for all 3 users regularly and already have those firefox add ons....so now what do i do to get rid of that one directory entry for games that you saw and who of the users inadvertently downloaded?
 
I am somewhat puzzled over these numbers:
User: Dawn B
->Temp folder emptied: 11031072 bytes
->Temporary Internet Files folder emptied: 124683202 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89075677 bytes
->Flash cache emptied: 1559 bytes

User: Joe
->Temp folder emptied: 50710 bytes
->Temporary Internet Files folder emptied: 44873770 bytes
->FireFox cache emptied: 103868410 bytes
->Flash cache emptied: 849 bytes

User: Jonathan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 57214353 bytes
->Flash cache emptied: 470 bytes

Total Files Cleaned = 411.00 mb was unusually high for regular cleaning.
The only Tracking Cookies of any significant are from the sites being visited by Joe.
===================================
Since you did a reinstall somewhere during this thread, I'd like you to run a new Combofix scan. I will set up some scrit to remove the remaining unsuitable entries and also check the status of the Security Center.
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
 
i guess "regular cleaning" is a relative term...lol....i usually do it either once a week or once every 2 weeks with ccleaner and then either once or twice a month with sas and defrag usually once a month....and the reinstall of the system was a different thread, i want to say about 1 or 2 months ago...i haven't done it within this issue, just to clarify that for you... :)


ComboFix 11-07-03.04 - Dawn B 07/04/2011 12:35:08.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.864 [GMT -5:00]
Running from: c:\documents and settings\Dawn B\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-03 02:30 . 2011-07-03 02:30 -------- d-----w- C:\_OTM
2011-07-02 04:24 . 2011-07-02 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 06:39 . 2011-07-01 06:39 -------- d-----w- c:\program files\Common Files\Java
2011-07-01 06:39 . 2011-07-01 06:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-28 04:29 . 2011-06-28 04:29 -------- d-----w- c:\documents and settings\Dawn B\Application Data\Malwarebytes
2011-06-28 04:28 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 04:28 . 2011-06-28 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-28 04:28 . 2011-06-28 04:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 04:28 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 21:00 . 2011-06-21 21:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 21:00 . 2011-06-21 21:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-18 15:35 . 2011-06-18 15:35 -------- d-----w- C:\hegames
2011-06-17 04:10 . 2011-06-17 04:11 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-15 23:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-10 20:45 . 2011-06-10 20:45 -------- d-----w- c:\program files\iPod
2011-06-10 20:45 . 2011-06-10 20:48 -------- d-----w- c:\program files\iTunes
2011-06-10 20:30 . 2011-06-10 20:30 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 06:38 . 2011-03-26 23:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31 . 2002-08-29 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-08-29 10:41 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 08:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2002-08-29 10:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2002-08-29 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 09:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 19:01 . 2011-03-26 20:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01 . 2011-03-26 20:35 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 19:01 . 2011-03-26 20:35 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01 . 2011-03-26 20:35 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01 . 2011-03-26 20:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01 . 2011-03-26 20:35 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01 . 2011-03-26 20:35 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01 . 2011-03-26 20:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01 . 2011-03-26 20:19 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 19:01 . 2010-10-14 03:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01 . 2010-10-14 03:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-21 21:00 . 2011-03-26 22:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-03-27 01:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-29_19.43.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 02:50 . 2011-07-03 02:50 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
- 2003-05-20 01:08 . 2011-06-29 13:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-05-20 01:08 . 2011-07-04 14:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-05-20 01:08 . 2011-06-29 13:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-30 00:57 . 2011-07-04 14:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-02 04:31 . 2011-07-02 04:31 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe
+ 2011-07-02 04:24 . 2011-07-02 04:24 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
+ 2011-07-02 04:24 . 2011-07-02 04:24 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2011-07-01 06:39 . 2011-07-01 06:38 157472 c:\windows\system32\javaws.exe
- 2011-03-26 23:01 . 2011-03-26 23:00 157472 c:\windows\system32\javaws.exe
- 2011-03-26 23:01 . 2011-03-26 23:00 145184 c:\windows\system32\javaw.exe
+ 2011-07-01 06:39 . 2011-07-01 06:38 145184 c:\windows\system32\javaw.exe
- 2011-03-26 23:01 . 2011-03-26 23:00 145184 c:\windows\system32\java.exe
+ 2011-07-01 06:39 . 2011-07-01 06:38 145184 c:\windows\system32\java.exe
+ 2011-07-01 06:39 . 2011-07-01 06:39 203776 c:\windows\Installer\2659a9.msi
+ 2011-07-01 06:38 . 2011-07-01 06:38 675840 c:\windows\Installer\2659a4.msi
+ 2011-07-02 04:31 . 2011-07-02 04:31 6271648 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn B^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Dawn B\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2011-01-24 01:00 148280 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2011-03-25 23:58 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
2011-01-24 01:00 316072 ----a-w- c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-01-18 23:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-01-18 23:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-01-18 23:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 17:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
2011-01-24 01:00 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-04-05 16:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 21:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-03 00:45 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\WINDOWS\\system32\\lxebcoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 3:35 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [5/17/2011 6:58 PM 193192]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/27/2011 11:28 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 3:36 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 3:19 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 3:35 PM 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/27/2011 11:28 PM 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 3:35 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/27/2011 11:28 PM 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 3:35 PM 84488]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\wc40fgpi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-04 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1308)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-04 12:56:35
ComboFix-quarantined-files.txt 2011-07-04 17:56
ComboFix2.txt 2011-06-29 19:48
.
Pre-Run: 20,558,659,584 bytes free
Post-Run: 20,595,404,800 bytes free
.
- - End Of File - - 6105ED1681257667DF6560C28A214F0A
 
Going back to the beginning:
my pc for the last few days has suddenly started to run extremely slow including downloads ...more so when using IE (version 8), but firefox seems to be affected as well. not sure if something was picked up.
Click to expand...

You might consider contacting the ISP and ask of there has been any problem that could cause this slowdown.

Removing the game folder:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
Folder::
C:\hegames
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . You do not need to leave this log.
==============================================
Sorry about getting the reinstall mixed up. You might want to take a look at the processes on the Startup menu: Consider using the msconfig utility to remove processes that don't need to start on boot. What can be unchecked: Printers/scanners, media players, auto update for Java, Adobe, iTunes, Quicktime, tc. The only processes that need to start on boot are:
Antivirus program
3rd Party firewall
Touchpad for laptop
Network process is using are Network.Cisco.
Nothing else
--------------------------------
To remove entries from the Startup Menu using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
    msconfig_open_xp.gif
  • Click on Selective Startup
  • Choose the Startup tab:
    startup_tab_xp.gif

    All images courtesy NetSquirrel
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Uncheck any processes you do not need to start on boot.
  • Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
=====================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you have any more questions.
 
thank you bobbye...I'll be contacting my isp provider tomorrow..i just wanted to be sure before i called them that my system was clean....thanks again!
 
You're very welcome! Here are a few tips to help keep the system clean:
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o] [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    [o] Temporary File Cleaner
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
405
Fastturtle
F
MeinAutoIstKaput
  • Locked
Inactive-A Possible Infection (Posted logs)
Replies
10
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back