Solved S.M.A.R.T. virus?

Status
Not open for further replies.
B

BigSand

Posts: 28   +0
When online yesterday, I belive I was redirected. McAfee said it caught
a Trojan and fixed it. Shortly after, I was bombarded by something
called S.M.A.R.T. that took over my computer. To get it working
again, I had to go to Safe Mode, and restore to a previous date.
McAfee says I have no viruses. MalwareBytes found nothing,
but things are running very slow. Your help appreciated.
Following is the Malwarebytes log. Tried running Gmer,
but got the following error, and it produced an empty log.

"LoadDriver XXX\ Temp\kwlyapow.sys (error OxC00001E)"
"Cannot create a stable subkey under a volatile parent key"

The Malwarebyte log-

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tom :: DJRZ4761 [administrator]
5/30/2012 8:30:22 AM
mbam-log-2012-05-30 (08-30-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |
Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225077
Time elapsed: 13 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Please advise, Thanks.
 
Note: Please click on Format> uncheck Word Wrap when using Notepad.

Please complete these steps: Preliminary Virus and Malware Removal. There will be 2 logs from the DDS scan.

I need to see the heading from Malwarebytes so I can make sure you have run the correct version. You don't need to repeat the scan now. Okay for GMER.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
================================================
Are you having any particular problems other than 'slow'?
===============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Malwarebytes version is
1.61.0.1400
Build date is 4/4/212
I downloaded it yesterday from TechSpot, as my
old version would not run after the virus.

I tried runing D.D.S., but it ran for about 15 minutes
and my pc locked up. Had to reboot.
I do not know if I have "script blocking tools", or
where to look. Please advise. Thanks.
 
If you are using McAfee VirusScan perform the following steps:

Disable McAfee VirusScan ScriptStopper feature by:

    1. Right-mouse click the McAfee VirusScan icon in the system tray.

The McAfee system tray icon looks like
mcafee.jpg
.

    1. Select VirusScan then click Options.

    1. Click the Advanced button and then click the ScriptStopper tab.

      Note: McAfee VirusScan 10 users, click the Exploits tab.

    1. Make sure Enable ScriptStopper (recommended) option is de-selected.

  1. Click OK and then click OK to complete disabling McAfee ScriptStopper feature.
 
I'm using McAfee AntiVirus Plus. None of your instruction for turning off
Script checking "jived". Never did find a ScriptStopper tab.
Under Real-Time Scaning, I did find an option to uncheck
"Script Checking".
I tried running DDS again, and it appeared to be running but
after 15 minutes the "progress bar" quit advancing. I had
to reboot to get out of it.
Please advise. Thanks for your patience.
 
The directions I left were a copy and paste from McAfee support. Perhaps you have a different version.

Please tell me what the problem is when you try to run DDS. You mentioned script blocking which was in the directions, but didn't tell me that was actually the problem. You mentioned that DDS was scanning but appeared to stop after 15 minutes. How much longer did you wait before rebooting?

Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:
Now:
I tried running DDS again, and it appeared to be running but
after 15 minutes the "progress bar" quit advancing. I had
to reboot to get out of it.
Click to expand...

With Word Wrap off:
I tried running DDS again, and it appeared to be running but after 15 minutes the "progress bar" quit advancing. I had to reboot to get out of it.
Click to expand...
 
Edit: Delete directions quote.
Reformatting reply without Word Wrap:

Bobbye, The DDS instructions said it should take less than 3 minutes to run. I was into it 15 minutes, and the progress bar appeared to stop, so I presumed it wasn't going to work. As soon as I moved my curser by the DDS program, it locked up, and I had to reboot with the power button.
Thanks.
 
Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:

Are you getting any message when the scan stops?

Please download the corresponding file for your operating system:

XP

Vista

Windows 7

Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
 
No, I'm not getting any error message when running DDS.
Regarding "Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:"
I do not find any "format" button to remove Word Wrap.
I don't have time to download a new version of XP tonight,
but will try tomorrow. Thanks.
 
Don't see Windows XP operating system to download on the Microsoft website, and if there was, wouldn't it be huge, and take a few days to download?
 
I don't have time to download a new version of XP tonight,
Click to expand...

This is a fix, not an OS. But you download the fix for the particular OS you have. Please slow down and take time to red the directions.

About the Word Wrap: what are you typing the text on in your reply? If you type it directly in the reply box, don't hit Enter when you think the line has ended. The site will do that automatically.

If you use Notepad, Format is on the top.
 
I think we are on the same page now. I downloaded the patch, and the DDS produced the two logs. (below) Do you wish for me to try the GMER program again? Also, I should mention that my McAfee program "auto-scanned yesterday, and said it found two viruses and fixed them. It didn't say what they were, but perhaps I can find a log on it. Thanks, Tom
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tom at 20:25:43 on 2012-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.275 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
svchost.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://m.www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425165506.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Easy Dock]
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{563E7741-AF29-4C3D-9A67-22D07B8521F8} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 89792]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 151880]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 180848]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 83856]
S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\google\update\GoogleUpdate.exe [2009-2-19
133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe
[2012-4-4 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 87656]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
.
=============== Created Last 30 ================
.
2012-05-29 19:15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 19:15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 17:45:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-29 17:45:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-04 14:41:11 -------- d-----w- C:\Sgnos
.
==================== Find3M ====================
.
2012-05-04 22:14:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:14:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2000-09-24 06:27:18 33554896 -c--a-w- c:\program files\fo-psp7.exe
.
============= FINISH: 20:27:38.26 ===============
 
and the DDS produced the two logs. (below)
Click to expand...

You only pasted in the DDS.txt log. The other log, Attach.txt is not included. If you can find it on the system, please paste it im and do not zip it.

If you cannot find Attach.txt, run the scan again.
===============================================
You do not need to repeat GMER.
===============================================
After you finish with DDS, do the following:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
    • Double click combofix.exe
      cf-icon.jpg
      & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
      Click to expand...
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
==============================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
==================================================
I see you found and unchecked Word Wrap. Makes a big diffference.
 
Bobeye, following are the three text files, attach, combofix, and CKSfiles you requested. Thanks, Tom

ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2004 12:35:23 PM
System Uptime: 6/2/2012 6:17:50 AM (14 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 43.115 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
Service: USBSTOR
.
==== System Restore Points ===================
.
RP2401: 3/5/2012 7:03:58 AM - System Checkpoint
RP2402: 3/6/2012 7:23:12 AM - System Checkpoint
RP2403: 3/7/2012 7:33:02 AM - System Checkpoint
RP2404: 3/8/2012 7:55:35 AM - System Checkpoint
RP2405: 3/9/2012 7:55:46 AM - System Checkpoint
RP2406: 3/10/2012 9:00:26 AM - System Checkpoint
RP2407: 3/11/2012 10:31:04 AM - System Checkpoint
RP2408: 3/11/2012 7:12:31 PM - Removed Dell Picture Studio v3.0
RP2409: 3/12/2012 7:18:26 PM - System Checkpoint
RP2410: 3/13/2012 7:44:28 PM - System Checkpoint
RP2411: 3/14/2012 2:00:27 PM - Software Distribution Service 3.0
RP2412: 3/16/2012 7:03:19 AM - System Checkpoint
RP2413: 3/17/2012 9:20:19 AM - System Checkpoint
RP2414: 3/18/2012 9:38:02 AM - System Checkpoint
RP2415: 3/18/2012 7:01:12 PM - Installed Compatibility Pack for the 2007 Office system
RP2416: 3/19/2012 2:00:25 PM - Software Distribution Service 3.0
RP2417: 3/20/2012 2:00:28 PM - Software Distribution Service 3.0
RP2418: 3/21/2012 2:37:51 PM - System Checkpoint
RP2419: 3/22/2012 8:35:00 PM - System Checkpoint
RP2420: 3/23/2012 8:38:50 PM - System Checkpoint
RP2421: 3/25/2012 6:44:28 AM - System Checkpoint
RP2422: 3/26/2012 7:33:59 AM - System Checkpoint
RP2423: 3/27/2012 7:55:46 AM - System Checkpoint
RP2424: 3/28/2012 9:10:07 AM - System Checkpoint
RP2425: 3/29/2012 9:14:28 AM - System Checkpoint
RP2426: 3/30/2012 9:39:53 AM - System Checkpoint
RP2427: 3/31/2012 9:45:21 AM - System Checkpoint
RP2428: 4/1/2012 10:33:56 AM - System Checkpoint
RP2429: 4/2/2012 10:58:33 AM - System Checkpoint
RP2430: 4/3/2012 10:59:07 AM - System Checkpoint
RP2431: 4/4/2012 11:32:15 AM - System Checkpoint
RP2432: 4/5/2012 11:52:26 AM - System Checkpoint
RP2433: 4/6/2012 12:38:52 PM - System Checkpoint
RP2434: 4/7/2012 1:02:45 PM - System Checkpoint
RP2435: 4/8/2012 1:59:13 PM - System Checkpoint
RP2436: 4/9/2012 2:10:21 PM - System Checkpoint
RP2437: 4/10/2012 2:55:58 PM - System Checkpoint
RP2438: 4/11/2012 2:00:30 PM - Software Distribution Service 3.0
RP2439: 4/12/2012 7:02:26 PM - System Checkpoint
RP2440: 4/13/2012 7:51:26 PM - System Checkpoint
RP2441: 4/15/2012 7:42:42 AM - System Checkpoint
RP2442: 4/16/2012 11:17:29 AM - System Checkpoint
RP2443: 4/17/2012 12:11:48 PM - System Checkpoint
RP2444: 4/18/2012 12:20:07 PM - System Checkpoint
RP2445: 4/19/2012 7:49:10 PM - System Checkpoint
RP2446: 4/20/2012 8:54:49 PM - System Checkpoint
RP2447: 4/22/2012 6:53:04 AM - System Checkpoint
RP2448: 4/23/2012 9:50:34 AM - System Checkpoint
RP2449: 4/24/2012 10:15:02 AM - System Checkpoint
RP2450: 4/25/2012 10:53:27 AM - System Checkpoint
RP2451: 4/26/2012 7:12:51 PM - System Checkpoint
RP2452: 4/27/2012 7:48:10 PM - System Checkpoint
RP2453: 4/28/2012 8:17:35 PM - System Checkpoint
RP2454: 4/29/2012 8:33:23 PM - System Checkpoint
RP2455: 4/30/2012 9:11:28 PM - System Checkpoint
RP2456: 5/1/2012 9:18:09 PM - System Checkpoint
RP2457: 5/3/2012 7:15:35 AM - System Checkpoint
RP2458: 5/4/2012 7:54:35 AM - System Checkpoint
RP2459: 5/5/2012 8:03:11 AM - System Checkpoint
RP2460: 5/6/2012 9:02:15 AM - System Checkpoint
RP2461: 5/7/2012 9:46:29 AM - System Checkpoint
RP2462: 5/8/2012 10:27:36 AM - System Checkpoint
RP2463: 5/9/2012 10:36:47 AM - System Checkpoint
RP2464: 5/10/2012 6:36:49 PM - System Checkpoint
RP2465: 5/11/2012 6:11:59 PM - Software Distribution Service 3.0
RP2466: 5/12/2012 7:05:52 PM - System Checkpoint
RP2467: 5/13/2012 8:37:07 PM - System Checkpoint
RP2468: 5/15/2012 7:18:30 AM - System Checkpoint
RP2469: 5/16/2012 7:39:23 AM - System Checkpoint
RP2470: 5/17/2012 8:33:35 AM - System Checkpoint
RP2471: 5/18/2012 9:08:33 AM - System Checkpoint
RP2472: 5/19/2012 9:18:14 AM - System Checkpoint
RP2473: 5/20/2012 9:18:43 AM - System Checkpoint
RP2474: 5/21/2012 9:53:49 AM - System Checkpoint
RP2475: 5/22/2012 10:40:05 AM - System Checkpoint
RP2476: 5/23/2012 10:45:15 AM - System Checkpoint
RP2477: 5/24/2012 8:18:54 PM - System Checkpoint
RP2478: 5/25/2012 8:45:46 PM - System Checkpoint
RP2479: 5/27/2012 7:37:14 AM - System Checkpoint
RP2480: 5/28/2012 8:35:36 AM - System Checkpoint
RP2481: 5/29/2012 12:43:27 PM - Restore Operation
RP2482: 5/30/2012 1:58:27 PM - System Checkpoint
RP2483: 6/1/2012 8:29:17 AM - System Checkpoint
RP2484: 6/2/2012 8:33:30 AM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
AXIS Media Control Embedded
Banctec Service Agreement
Classic FTP
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Draw 4 App
eMachineShop
Escape From Monkey Island
ESET Online Scanner v3
ESRI ArcExplorer 2.0
EZ Calendar
Family Tree Maker
Family Tree Maker 2005
Foxit Reader 5.1
G5a922EN
GedHTree Version 2.70
Google Earth
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP Precisionscan Pro 3.1
HP Share-to-Web
I-detect
I-detect 30-Day Trial
Indeo® software
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java Auto Updater
Java(TM) 6 Update 24
LandDesigner 3D
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
MapCreate U.S.A 6.3
McAfee AntiVirus Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 7.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MilitaryGame App
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
My Way Search Assistant
Nikon Message Center
Nikon Transfer
Ortho® Home Gardener's Problem Solver
OziExplorer 3.95
Paint Shop Pro 7 ESD
PowerDVD 5.3
Quicken 2002 Deluxe
QuickTime
RCA Detective™ 3.0.2.0
RCA easyRip 2.5.4.0
RCA Updater 2.1.6.0
RealPlayer Basic
Savings Bond Wizard
Secunia PSI (2.0.0.3001)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Simple Sudoku 4.2
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Supercow
SwingSet2 App
TaxACT 2009
TaxACT 2009 Minnesota
TaxACT 2010
TaxACT 2010 Minnesota
TaxACT 2011 - 1040 Edition
TaxACT 2011 Minnesota
Uniden Cordless Telephone Customization Tool
Uniden USB to UART Bridge Controller
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB MMC-SD Reader
Viewpoint Media Player
Wave MP3 Editor - Evaluation
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Messenger
Yahoo! Music Jukebox
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 6:54:17 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/30/2012 7:57:15 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/29/2012 8:50:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/29/2012 8:50:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
5/29/2012 8:47:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
5/29/2012 8:46:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/29/2012 12:50:22 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/29/2012 12:50:20 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
5/29/2012 12:50:20 PM, error: Service Control Manager [7034] - The dlcx_device service terminated unexpectedly. It has done this 1 time(s).
5/29/2012 12:36:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
COMBOFIX.txt
ComboFix 12-06-04.02 - Tom 06/04/2012 17:37:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.262 [GMT -5:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\nLIC8Zk6uD4IIr
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Tom\WINDOWS
c:\windows\pcconfig.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-05-29 19:15 . 2012-05-29 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 19:15 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 17:45 . 2012-05-29 17:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-29 17:34 . 2012-05-29 17:43 -------- d-s---w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 22:14 . 2012-04-04 12:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:14 . 2011-05-19 12:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2004-08-04 11:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 11:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-04 11:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2000-09-24 06:27 . 2000-09-24 06:27 33554896 -c--a-w- c:\program files\fo-psp7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Tom\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
2011-01-18 15:45 585728 ----a-w- c:\documents and settings\Tom\My Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 06:18 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-17 01:21 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2000-07-19 14:00 176183 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-12-06 21:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-06-30 19:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/26/2010 11:49 AM 89792]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/26/2010 11:49 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/26/2010 11:49 AM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 11:49 AM 83856]
S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:35 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 7:07 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:35 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 11:49 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/26/2010 11:49 AM 87656]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:14]
.
2011-08-24 c:\windows\Tasks\classicftpShakeIcon.job
- c:\program files\NCH Software\ClassicFTP\classicftp.exe [2011-04-16 00:16]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 03:35]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 03:35]
.
2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Easy Dock - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 17:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-06-04 18:08:46
ComboFix-quarantined-files.txt 2012-06-04 23:08
.
Pre-Run: 46,249,177,088 bytes free
Post-Run: 46,238,588,928 bytes free
.
- - End Of File - - 125FB58FFA35FEB14D1597EF695F46E7
CKFILES.txt
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.CDAPUI
----- EOF -----
 
Malware isn't your 'slow' problem now. It's a simple "you're running too many processes!

Let's talk about the system: those of us who are dedicated Windows XP users will have to be knocked over the head and dragged away from this great OS! But we do have to remove/uninstall what we don't need/want/use

Install Date: 12/9/2004 for Windows XP>> 8 years ago- and yet you still have some of the pre-loaded Dell junk running! You have also, at the time of the scan, had the system up for 14 hours. Keep in mind that you need to reboot once in a whule to free up memory.
Do you use all of these?
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell System Restore
DellSupport
My Way Search Assistant
Click to expand...
Do you use Dell Support?
Dell has been pre-loading My Way Search Assistant on their machines since 2004! Some consider it spyware as it tracks web browsing habits . It should be removed: .
There is also MyWay ActiveX control you'll also need to disable also via Internet Explorer's Tools, Manage add-ons.
------------------------------------
You are also running:
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP Precisionscan Pro 3.1
HP Share-to-Web
Click to expand...

Camera, printer, Imaging programs, Memory Crd software don't need to start on boot and run in the background. They can be accessed as needed from All Programs or File.
======================================
It seems useless to run Java Auto Updater. Not only do you not have the most current update (Java v7u4) but you have 8 outdated versions, each a vulnerability to the system:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 24
Click to expand...

Please update Java to v7u4: Java Updates .
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
-------------------------------
After the update, run the following to remove all the old versions: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Note: Do not leave this log.
=========================================
Run this once in a while so the files don't pile up:TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Once you have removed all programs you don't use, updated Java, remove all of the old Java and run TFC, shut the system down, then reboot into Normal Mode. Do you notice any difference?
 
Bobeye, I've removed 5 of the Dell programs you mentioned. Regarding "Dell System Restore" - Is that a different program than what I used to restore the operating system to a "previous date" when I was blessed with the virus? I cannot find "My Way Search Assistant" on the Add / Remove list, nor do I find the MyWay Active X control listed where you mentioned. Is it possible that I don't have it? I removed all the HP camera, scanner, etc. software. I upgraded to the new version of Java, and ran the delete utility to get rid of the old versions. I already had TCF, and ran that, and it auto rebooted. I believe I'm down to 37 processes running without my browser running, and used to have 41 or so. After doing all the above, I tried to go online, and my browser wouldn't load all the way (non-responsive). The task manager was showing the CPU jacking around from 2% to 99% usage. (right now, it's between 2% to 23%). I exited the browser, and restarted it, and while it did open and worked, it was slow. After a few minutes, it seems to be working pretty good. Normally I turn the computer on in the morning at least 1/2 hour before I want to go online, as it's slow. Belive I researched the process "hogs" before, and McAfee used up a lot of resources for a while, as well as some kind of "window updater". Will see how things behave tomorrow morning after it's had a good night's sleep. Will check back with you tomorrow to see what your input is regarding "My Way Search Assistant", and the "Dell System Restore". Thanks for all the help! Tom
 
Tom, the "Dell System Restore" enables you to restore your computer system to the state in which it was shipped.It is not the System Restore feature that we resort to when we need to get the system back to the state it was before a problem- that is within the OS itself. I read the the Dell Restore can be handy if you're wanting to do an upgrade or giving the system away. However, there is a great, free software Eraser that can do that if needed.

All my systems have been from Dell and I spend the first day getting all their pre-loads off!

Processes in the Task Manager can only be evaluated for high CPU if we know what they are. The best way to do that is prepare the system to shutdown, but don't shut down yet. Right click the Taskbar> Task Manager> double click the frame above the CPU column to sort descending. The only processes you should see now are System Idle 90+%), System and taskmgr to add up to 100%.

I have Firefox open with 3 tabs, Notepad open and OE open. CPU is running between 2-8% (WinXP Home)
[LEFT]
[/LEFT]
 
Bobeye, Thanks for all the help! Things seem to be running faster today. I'll go ahead a get rid of the Dell Restore.
The CPU is running as you say it should with no programs open. Regarding the Task Manager "Mem Usage", my McAfee McVsShld.exe is using 65000k, near as much as the browser @ 94600K. Not sure that is normal, but all in all I'm happy! If I inadvertantly went to the XP restore point I was at when I got the SMART virus, would there be problems again, or was all that cured by the programs I ran? After your reply, we'll call it good, as I know you're busy. Thanks again, Tom
 
If I inadvertantly went to the XP restore point I was at when I got the SMART virus, would there be problems again, or was all that cured by the programs I ran?
Click to expand...

If the restore point you chose was infected, yes, you could reinfect the system. That's why we have you set a new, clean restore point at the end of cleaning nd remove the old restore points. System Volume, where the restore poinys are held, is a protected system folder. The contents must be deliberately removed in the proper way. Even though a malware scan may show an entry for a 'system volume' process was quarantined and deleted, it actually wasn't and would remain on the system until such time came that the system had to overwrite it.
=========================================================
I'd like you to run the following so I can see what entries are still running. I can have you stop them and advise wht you should do. Then we'll remove the cleaning tools:

First, set up a Directory for HijackThis as follows:
Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
----------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Bobeye, Below is the HiJackThis log.
I tried to remove "Dell Restore" in
the "Add Remove Programs", but
it did not give me that option.
Thanks, Tom

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:34:42 PM, on 6/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120425165506.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Update Service (gupdate1c9930c59c2e53d) (gupdate1c9930c59c2e53d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
--
End of file - 8209 bytes
 
Don't worry about the Dell Restore- I checked and saw I still have it also.

Please reopen HijackThis to 'do system scan only.' Check each of the following, if found:

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - Startup: Nikon Monitor.lnk = ?
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

Close all Windows except HijackThis and click on "Fix Checked."
================================================
Resetting Services:
To access the Services: Click on Start> Run> type in services.msc> Enter
You can reset the 023 Adobe Flash Player Update Service to Manual.
You can reset 023 Java Quick Starter Service to Disabled and Stop the Service.
Edit: command for services has been corrected to .msc
---------------------------------------------------
Unchecking processes on Startup Menu:
If any of the processes for the Dell Photo AIO Printer are checked on the Startup Menu, you can uncheck them
The process Nikon Monitor/nkmonitor.exe Monitors for a Nikon CoolPix camera being connected via USB port. Uncheck if on Startup.
And no Adobe or Java related processes need to be checked on the Startup Menu


To access the Startup Menu using the msconfig utility
To remove entries from the Startup Menu using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
    msconfig_open_xp.gif
  • Click on Selective Startup
  • Choose the Startup tab:
    startup_tab_xp.gif

    All images courtesy NetSquirrel
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Uncheck any processes you do not need to start on boot.
  • Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
===========================================
Stopping Windows Messenger:
Recommend you stop this: Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"

Let me know if you have any questions.
 
Bobeye, I ran Hijack again as directed, and found the last seven of the files you mention, but none of the first five that start our with "C:\".
Regarding "Resetting Services:" - I was not able to get that to run. I typed in "services.exe" in the run box, but nothing happened.

Regarding "Unchecking processes on Startup Menu:
I did not find checked (nor listed) the Dell Photo AIO Printer, or the Nikon Monitor/nkmonitor.exe

Regarding "Stopping Windows Messenger:"
I did not find Windows Messenger in my Programs. Wasn't that the little green guy? Don't use it, and perhaps I got rid of it previously.
Thanks, Tom
 
Directions in HijackThis:
Check each of the following, if found:
Click to expand...
=====================================
Startup menu will list processes on the left:
dlcxmon.exe
memcard.exe
NkMonitor.exe
dlcxcoms.exe
jqs.exe
The name of what each process goes to is seen in the Command Colume.
I also added:
If any of the processes for the Dell Photo AIO Printer are checked on the Startup Menu, you can uncheck them
Click to expand...
Dell has always been "overly generous" with the features and processes they pre-load, put on Automatic and on Startup.
===============================
Services: Sign on to the Administrator account first.
After you type services.msc in Run> Press Enter.
================================
Messenger:
Right click on Start> Explore> Computer> Local Drive> Programs> Right click on Messenger> click on Rename add old to the end sp it reads messengerold
When you get into Services, double click to open Messenger> Change Startup type to Disabled> Stop the Service.

If none of these get done, not to worry- they are not malware.

I try to add the disclaimers so that if something is not found or is slightly different you won't be concerned.
 
Bobeye, the "msc" extention on services works much better! The Adobe Flash Player was on "manual", and I stopped the Java Quick Starter. Messenger was already showing as "Disabled & Stopped". I found the Messenger file, and renamed it as requested. Thanks, Tom
 
Yeah, it would! I am very sorry about that. Sometimes I think my typing has a mind of it's own! I have corrected from services.exe
oops.gif
to services.msc.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back