TechSpot

S.M.A.R.T. virus?

By BigSand
May 30, 2012
  1. When online yesterday, I belive I was redirected. McAfee said it caught
    a Trojan and fixed it. Shortly after, I was bombarded by something
    called S.M.A.R.T. that took over my computer. To get it working
    again, I had to go to Safe Mode, and restore to a previous date.
    McAfee says I have no viruses. MalwareBytes found nothing,
    but things are running very slow. Your help appreciated.
    Following is the Malwarebytes log. Tried running Gmer,
    but got the following error, and it produced an empty log.

    "LoadDriver XXX\ Temp\kwlyapow.sys (error OxC00001E)"
    "Cannot create a stable subkey under a volatile parent key"

    The Malwarebyte log-

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Tom :: DJRZ4761 [administrator]
    5/30/2012 8:30:22 AM
    mbam-log-2012-05-30 (08-30-22).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |
    Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225077
    Time elapsed: 13 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    Please advise, Thanks.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Note: Please click on Format> uncheck Word Wrap when using Notepad.

    Please complete these steps: Preliminary Virus and Malware Removal. There will be 2 logs from the DDS scan.

    I need to see the heading from Malwarebytes so I can make sure you have run the correct version. You don't need to repeat the scan now. Okay for GMER.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ================================================
    Are you having any particular problems other than 'slow'?
    ===============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Malwarebytes version is
    1.61.0.1400
    Build date is 4/4/212
    I downloaded it yesterday from TechSpot, as my
    old version would not run after the virus.

    I tried runing D.D.S., but it ran for about 15 minutes
    and my pc locked up. Had to reboot.
    I do not know if I have "script blocking tools", or
    where to look. Please advise. Thanks.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you are using McAfee VirusScan perform the following steps:

    Disable McAfee VirusScan ScriptStopper feature by:

      1. Right-mouse click the McAfee VirusScan icon in the system tray.

    The McAfee system tray icon looks like [​IMG].

      1. Select VirusScan then click Options.

      1. Click the Advanced button and then click the ScriptStopper tab.

        Note: McAfee VirusScan 10 users, click the Exploits tab.

      1. Make sure Enable ScriptStopper (recommended) option is de-selected.

    1. Click OK and then click OK to complete disabling McAfee ScriptStopper feature.
     
  5. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    I'm using McAfee AntiVirus Plus. None of your instruction for turning off
    Script checking "jived". Never did find a ScriptStopper tab.
    Under Real-Time Scaning, I did find an option to uncheck
    "Script Checking".
    I tried running DDS again, and it appeared to be running but
    after 15 minutes the "progress bar" quit advancing. I had
    to reboot to get out of it.
    Please advise. Thanks for your patience.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The directions I left were a copy and paste from McAfee support. Perhaps you have a different version.

    Please tell me what the problem is when you try to run DDS. You mentioned script blocking which was in the directions, but didn't tell me that was actually the problem. You mentioned that DDS was scanning but appeared to stop after 15 minutes. How much longer did you wait before rebooting?

    Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:
    Now:
    With Word Wrap off:
     
  7. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Edit: Delete directions quote.
    Reformatting reply without Word Wrap:

    Bobbye, The DDS instructions said it should take less than 3 minutes to run. I was into it 15 minutes, and the progress bar appeared to stop, so I presumed it wasn't going to work. As soon as I moved my curser by the DDS program, it locked up, and I had to reboot with the power button.
    Thanks.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:

    Are you getting any message when the scan stops?

    Please download the corresponding file for your operating system:

    XP

    Vista

    Windows 7

    Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
     
  9. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    No, I'm not getting any error message when running DDS.
    Regarding "Repeating: Please click on Format and uncheck Word Wrap. If you do that, you will see this difference:"
    I do not find any "format" button to remove Word Wrap.
    I don't have time to download a new version of XP tonight,
    but will try tomorrow. Thanks.
     
  10. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Don't see Windows XP operating system to download on the Microsoft website, and if there was, wouldn't it be huge, and take a few days to download?
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is a fix, not an OS. But you download the fix for the particular OS you have. Please slow down and take time to red the directions.

    About the Word Wrap: what are you typing the text on in your reply? If you type it directly in the reply box, don't hit Enter when you think the line has ended. The site will do that automatically.

    If you use Notepad, Format is on the top.
     
  12. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    I think we are on the same page now. I downloaded the patch, and the DDS produced the two logs. (below) Do you wish for me to try the GMER program again? Also, I should mention that my McAfee program "auto-scanned yesterday, and said it found two viruses and fixed them. It didn't say what they were, but perhaps I can find a log on it. Thanks, Tom
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Tom at 20:25:43 on 2012-06-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.275 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    svchost.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://m.www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425165506.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Easy Dock]
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
    mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
    mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\tom\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{563E7741-AF29-4C3D-9A67-22D07B8521F8} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 464304]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 89792]
    R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-26 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 161632]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 151880]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 180848]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 340920]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 83856]
    S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\google\update\GoogleUpdate.exe [2009-2-19
    133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe
    [2012-4-4 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 59456]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 87656]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
    .
    =============== Created Last 30 ================
    .
    2012-05-29 19:15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-29 19:15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-29 17:45:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-05-29 17:45:32 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-04 14:41:11 -------- d-----w- C:\Sgnos
    .
    ==================== Find3M ====================
    .
    2012-05-04 22:14:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 22:14:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2000-09-24 06:27:18 33554896 -c--a-w- c:\program files\fo-psp7.exe
    .
    ============= FINISH: 20:27:38.26 ===============
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You only pasted in the DDS.txt log. The other log, Attach.txt is not included. If you can find it on the system, please paste it im and do not zip it.

    If you cannot find Attach.txt, run the scan again.
    ===============================================
    You do not need to repeat GMER.
    ===============================================
    After you finish with DDS, do the following:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    ==================================================
    I see you found and unchecked Word Wrap. Makes a big diffference.
     
  14. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, following are the three text files, attach, combofix, and CKSfiles you requested. Thanks, Tom

    ATTACH.TXT
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/9/2004 12:35:23 PM
    System Uptime: 6/2/2012 6:17:50 AM (14 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0N6381
    Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 72 GiB total, 43.115 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
    Description: USB Mass Storage Device
    Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
    Manufacturer: Compatible USB storage device
    Name: USB Mass Storage Device
    PNP Device ID: USB\VID_413C&PID_5115&MI_03\6&B574F60&0&0003
    Service: USBSTOR
    .
    ==== System Restore Points ===================
    .
    RP2401: 3/5/2012 7:03:58 AM - System Checkpoint
    RP2402: 3/6/2012 7:23:12 AM - System Checkpoint
    RP2403: 3/7/2012 7:33:02 AM - System Checkpoint
    RP2404: 3/8/2012 7:55:35 AM - System Checkpoint
    RP2405: 3/9/2012 7:55:46 AM - System Checkpoint
    RP2406: 3/10/2012 9:00:26 AM - System Checkpoint
    RP2407: 3/11/2012 10:31:04 AM - System Checkpoint
    RP2408: 3/11/2012 7:12:31 PM - Removed Dell Picture Studio v3.0
    RP2409: 3/12/2012 7:18:26 PM - System Checkpoint
    RP2410: 3/13/2012 7:44:28 PM - System Checkpoint
    RP2411: 3/14/2012 2:00:27 PM - Software Distribution Service 3.0
    RP2412: 3/16/2012 7:03:19 AM - System Checkpoint
    RP2413: 3/17/2012 9:20:19 AM - System Checkpoint
    RP2414: 3/18/2012 9:38:02 AM - System Checkpoint
    RP2415: 3/18/2012 7:01:12 PM - Installed Compatibility Pack for the 2007 Office system
    RP2416: 3/19/2012 2:00:25 PM - Software Distribution Service 3.0
    RP2417: 3/20/2012 2:00:28 PM - Software Distribution Service 3.0
    RP2418: 3/21/2012 2:37:51 PM - System Checkpoint
    RP2419: 3/22/2012 8:35:00 PM - System Checkpoint
    RP2420: 3/23/2012 8:38:50 PM - System Checkpoint
    RP2421: 3/25/2012 6:44:28 AM - System Checkpoint
    RP2422: 3/26/2012 7:33:59 AM - System Checkpoint
    RP2423: 3/27/2012 7:55:46 AM - System Checkpoint
    RP2424: 3/28/2012 9:10:07 AM - System Checkpoint
    RP2425: 3/29/2012 9:14:28 AM - System Checkpoint
    RP2426: 3/30/2012 9:39:53 AM - System Checkpoint
    RP2427: 3/31/2012 9:45:21 AM - System Checkpoint
    RP2428: 4/1/2012 10:33:56 AM - System Checkpoint
    RP2429: 4/2/2012 10:58:33 AM - System Checkpoint
    RP2430: 4/3/2012 10:59:07 AM - System Checkpoint
    RP2431: 4/4/2012 11:32:15 AM - System Checkpoint
    RP2432: 4/5/2012 11:52:26 AM - System Checkpoint
    RP2433: 4/6/2012 12:38:52 PM - System Checkpoint
    RP2434: 4/7/2012 1:02:45 PM - System Checkpoint
    RP2435: 4/8/2012 1:59:13 PM - System Checkpoint
    RP2436: 4/9/2012 2:10:21 PM - System Checkpoint
    RP2437: 4/10/2012 2:55:58 PM - System Checkpoint
    RP2438: 4/11/2012 2:00:30 PM - Software Distribution Service 3.0
    RP2439: 4/12/2012 7:02:26 PM - System Checkpoint
    RP2440: 4/13/2012 7:51:26 PM - System Checkpoint
    RP2441: 4/15/2012 7:42:42 AM - System Checkpoint
    RP2442: 4/16/2012 11:17:29 AM - System Checkpoint
    RP2443: 4/17/2012 12:11:48 PM - System Checkpoint
    RP2444: 4/18/2012 12:20:07 PM - System Checkpoint
    RP2445: 4/19/2012 7:49:10 PM - System Checkpoint
    RP2446: 4/20/2012 8:54:49 PM - System Checkpoint
    RP2447: 4/22/2012 6:53:04 AM - System Checkpoint
    RP2448: 4/23/2012 9:50:34 AM - System Checkpoint
    RP2449: 4/24/2012 10:15:02 AM - System Checkpoint
    RP2450: 4/25/2012 10:53:27 AM - System Checkpoint
    RP2451: 4/26/2012 7:12:51 PM - System Checkpoint
    RP2452: 4/27/2012 7:48:10 PM - System Checkpoint
    RP2453: 4/28/2012 8:17:35 PM - System Checkpoint
    RP2454: 4/29/2012 8:33:23 PM - System Checkpoint
    RP2455: 4/30/2012 9:11:28 PM - System Checkpoint
    RP2456: 5/1/2012 9:18:09 PM - System Checkpoint
    RP2457: 5/3/2012 7:15:35 AM - System Checkpoint
    RP2458: 5/4/2012 7:54:35 AM - System Checkpoint
    RP2459: 5/5/2012 8:03:11 AM - System Checkpoint
    RP2460: 5/6/2012 9:02:15 AM - System Checkpoint
    RP2461: 5/7/2012 9:46:29 AM - System Checkpoint
    RP2462: 5/8/2012 10:27:36 AM - System Checkpoint
    RP2463: 5/9/2012 10:36:47 AM - System Checkpoint
    RP2464: 5/10/2012 6:36:49 PM - System Checkpoint
    RP2465: 5/11/2012 6:11:59 PM - Software Distribution Service 3.0
    RP2466: 5/12/2012 7:05:52 PM - System Checkpoint
    RP2467: 5/13/2012 8:37:07 PM - System Checkpoint
    RP2468: 5/15/2012 7:18:30 AM - System Checkpoint
    RP2469: 5/16/2012 7:39:23 AM - System Checkpoint
    RP2470: 5/17/2012 8:33:35 AM - System Checkpoint
    RP2471: 5/18/2012 9:08:33 AM - System Checkpoint
    RP2472: 5/19/2012 9:18:14 AM - System Checkpoint
    RP2473: 5/20/2012 9:18:43 AM - System Checkpoint
    RP2474: 5/21/2012 9:53:49 AM - System Checkpoint
    RP2475: 5/22/2012 10:40:05 AM - System Checkpoint
    RP2476: 5/23/2012 10:45:15 AM - System Checkpoint
    RP2477: 5/24/2012 8:18:54 PM - System Checkpoint
    RP2478: 5/25/2012 8:45:46 PM - System Checkpoint
    RP2479: 5/27/2012 7:37:14 AM - System Checkpoint
    RP2480: 5/28/2012 8:35:36 AM - System Checkpoint
    RP2481: 5/29/2012 12:43:27 PM - Restore Operation
    RP2482: 5/30/2012 1:58:27 PM - System Checkpoint
    RP2483: 6/1/2012 8:29:17 AM - System Checkpoint
    RP2484: 6/2/2012 8:33:30 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 11 ActiveX
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    AXIS Media Control Embedded
    Banctec Service Agreement
    Classic FTP
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell PC Fax
    Dell Photo AIO Printer 926
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Draw 4 App
    eMachineShop
    Escape From Monkey Island
    ESET Online Scanner v3
    ESRI ArcExplorer 2.0
    EZ Calendar
    Family Tree Maker
    Family Tree Maker 2005
    Foxit Reader 5.1
    G5a922EN
    GedHTree Version 2.70
    Google Earth
    Google Update Helper
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP PhotoSmart 210/215 Camera Software (by ArcSoft)
    HP Precisionscan Pro 3.1
    HP Share-to-Web
    I-detect
    I-detect 30-Day Trial
    Indeo® software
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_06
    Java Auto Updater
    Java(TM) 6 Update 24
    LandDesigner 3D
    Learn2 Player (Uninstall Only)
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.61.0.1400
    MapCreate U.S.A 6.3
    McAfee AntiVirus Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2001
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Picture It! Express 7.0
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 2001 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    MilitaryGame App
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Move Networks Media Player for Internet Explorer
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    My Way Search Assistant
    Nikon Message Center
    Nikon Transfer
    Ortho® Home Gardener's Problem Solver
    OziExplorer 3.95
    Paint Shop Pro 7 ESD
    PowerDVD 5.3
    Quicken 2002 Deluxe
    QuickTime
    RCA Detective™ 3.0.2.0
    RCA easyRip 2.5.4.0
    RCA Updater 2.1.6.0
    RealPlayer Basic
    Savings Bond Wizard
    Secunia PSI (2.0.0.3001)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Simple Sudoku 4.2
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Supercow
    SwingSet2 App
    TaxACT 2009
    TaxACT 2009 Minnesota
    TaxACT 2010
    TaxACT 2010 Minnesota
    TaxACT 2011 - 1040 Edition
    TaxACT 2011 Minnesota
    Uniden Cordless Telephone Customization Tool
    Uniden USB to UART Bridge Controller
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB MMC-SD Reader
    Viewpoint Media Player
    Wave MP3 Editor - Evaluation
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WordPerfect Office 12
    Works Suite OS Pack
    Works Synchronization
    Yahoo! Messenger
    Yahoo! Music Jukebox
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/2/2012 6:54:17 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    5/30/2012 7:57:15 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/29/2012 8:50:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    5/29/2012 8:50:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    5/29/2012 8:47:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    5/29/2012 8:46:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/29/2012 12:50:22 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/29/2012 12:50:22 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/29/2012 12:50:20 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
    5/29/2012 12:50:20 PM, error: Service Control Manager [7034] - The dlcx_device service terminated unexpectedly. It has done this 1 time(s).
    5/29/2012 12:36:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    .
    ==== End Of File ===========================
    COMBOFIX.txt
    ComboFix 12-06-04.02 - Tom 06/04/2012 17:37:48.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.262 [GMT -5:00]
    Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\nLIC8Zk6uD4IIr
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Tom\WINDOWS
    c:\windows\pcconfig.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-29 19:15 . 2012-05-29 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-29 19:15 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-29 17:45 . 2012-05-29 17:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-29 17:34 . 2012-05-29 17:43 -------- d-s---w- c:\documents and settings\Administrator
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-31 13:22 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-04 22:14 . 2012-04-04 12:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 22:14 . 2011-05-19 12:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:12 . 2004-08-04 11:00 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:10 . 2004-08-04 11:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 12:35 . 2004-08-04 11:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2000-09-24 06:27 . 2000-09-24 06:27 33554896 -c--a-w- c:\program files\fo-psp7.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
    "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Tom\Start Menu\Programs\Startup\
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
    backup=c:\windows\pss\Billminder.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
    backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
    backup=c:\windows\pss\ymetray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2008-08-13 23:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Dock]
    2011-01-18 15:45 585728 ----a-w- c:\documents and settings\Tom\My Documents\RCA easyRip\EZDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2011-08-22 06:18 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    2002-07-17 01:21 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2000-07-19 14:00 176183 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2004-12-06 21:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-06-30 19:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
    "c:\\Program Files\\CoreFTP\\coreftp.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/26/2010 11:49 AM 89792]
    R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 11:48 AM 214904]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/26/2010 11:49 AM 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/26/2010 11:49 AM 340920]
    R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 11:49 AM 83856]
    S2 gupdate1c9930c59c2e53d;Google Update Service (gupdate1c9930c59c2e53d);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:35 PM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 7:07 AM 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:35 PM 133104]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/26/2010 11:49 AM 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/26/2010 11:49 AM 87656]
    S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:14]
    .
    2011-08-24 c:\windows\Tasks\classicftpShakeIcon.job
    - c:\program files\NCH Software\ClassicFTP\classicftp.exe [2011-04-16 00:16]
    .
    2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 03:35]
    .
    2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 03:35]
    .
    2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D970BD0A-0F5F-4CF1-84FA-3D05B05AC1F1}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://m.www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-Easy Dock - (no file)
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-04 17:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2881188650-3112352510-1338976571-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2012-06-04 18:08:46
    ComboFix-quarantined-files.txt 2012-06-04 23:08
    .
    Pre-Run: 46,249,177,088 bytes free
    Post-Run: 46,238,588,928 bytes free
    .
    - - End Of File - - 125FB58FFA35FEB14D1597EF695F46E7
    CKFILES.txt
    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.CDAPUI
    ----- EOF -----
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Malware isn't your 'slow' problem now. It's a simple "you're running too many processes!

    Let's talk about the system: those of us who are dedicated Windows XP users will have to be knocked over the head and dragged away from this great OS! But we do have to remove/uninstall what we don't need/want/use

    Install Date: 12/9/2004 for Windows XP>> 8 years ago- and yet you still have some of the pre-loaded Dell junk running! You have also, at the time of the scan, had the system up for 14 hours. Keep in mind that you need to reboot once in a whule to free up memory.
    Do you use all of these?
    Do you use Dell Support?
    Dell has been pre-loading My Way Search Assistant on their machines since 2004! Some consider it spyware as it tracks web browsing habits . It should be removed: .
    There is also MyWay ActiveX control you'll also need to disable also via Internet Explorer's Tools, Manage add-ons.
    ------------------------------------
    You are also running:
    Camera, printer, Imaging programs, Memory Crd software don't need to start on boot and run in the background. They can be accessed as needed from All Programs or File.
    ======================================
    It seems useless to run Java Auto Updater. Not only do you not have the most current update (Java v7u4) but you have 8 outdated versions, each a vulnerability to the system:
    Please update Java to v7u4: Java Updates .
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    -------------------------------
    After the update, run the following to remove all the old versions: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Note: Do not leave this log.
    =========================================
    Run this once in a while so the files don't pile up:TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    Once you have removed all programs you don't use, updated Java, remove all of the old Java and run TFC, shut the system down, then reboot into Normal Mode. Do you notice any difference?
     
  16. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, I've removed 5 of the Dell programs you mentioned. Regarding "Dell System Restore" - Is that a different program than what I used to restore the operating system to a "previous date" when I was blessed with the virus? I cannot find "My Way Search Assistant" on the Add / Remove list, nor do I find the MyWay Active X control listed where you mentioned. Is it possible that I don't have it? I removed all the HP camera, scanner, etc. software. I upgraded to the new version of Java, and ran the delete utility to get rid of the old versions. I already had TCF, and ran that, and it auto rebooted. I believe I'm down to 37 processes running without my browser running, and used to have 41 or so. After doing all the above, I tried to go online, and my browser wouldn't load all the way (non-responsive). The task manager was showing the CPU jacking around from 2% to 99% usage. (right now, it's between 2% to 23%). I exited the browser, and restarted it, and while it did open and worked, it was slow. After a few minutes, it seems to be working pretty good. Normally I turn the computer on in the morning at least 1/2 hour before I want to go online, as it's slow. Belive I researched the process "hogs" before, and McAfee used up a lot of resources for a while, as well as some kind of "window updater". Will see how things behave tomorrow morning after it's had a good night's sleep. Will check back with you tomorrow to see what your input is regarding "My Way Search Assistant", and the "Dell System Restore". Thanks for all the help! Tom
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Tom, the "Dell System Restore" enables you to restore your computer system to the state in which it was shipped.It is not the System Restore feature that we resort to when we need to get the system back to the state it was before a problem- that is within the OS itself. I read the the Dell Restore can be handy if you're wanting to do an upgrade or giving the system away. However, there is a great, free software Eraser that can do that if needed.

    All my systems have been from Dell and I spend the first day getting all their pre-loads off!

    Processes in the Task Manager can only be evaluated for high CPU if we know what they are. The best way to do that is prepare the system to shutdown, but don't shut down yet. Right click the Taskbar> Task Manager> double click the frame above the CPU column to sort descending. The only processes you should see now are System Idle 90+%), System and taskmgr to add up to 100%.

    I have Firefox open with 3 tabs, Notepad open and OE open. CPU is running between 2-8% (WinXP Home)

     
  18. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, Thanks for all the help! Things seem to be running faster today. I'll go ahead a get rid of the Dell Restore.
    The CPU is running as you say it should with no programs open. Regarding the Task Manager "Mem Usage", my McAfee McVsShld.exe is using 65000k, near as much as the browser @ 94600K. Not sure that is normal, but all in all I'm happy! If I inadvertantly went to the XP restore point I was at when I got the SMART virus, would there be problems again, or was all that cured by the programs I ran? After your reply, we'll call it good, as I know you're busy. Thanks again, Tom
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If the restore point you chose was infected, yes, you could reinfect the system. That's why we have you set a new, clean restore point at the end of cleaning nd remove the old restore points. System Volume, where the restore poinys are held, is a protected system folder. The contents must be deliberately removed in the proper way. Even though a malware scan may show an entry for a 'system volume' process was quarantined and deleted, it actually wasn't and would remain on the system until such time came that the system had to overwrite it.
    =========================================================
    I'd like you to run the following so I can see what entries are still running. I can have you stop them and advise wht you should do. Then we'll remove the cleaning tools:

    First, set up a Directory for HijackThis as follows:
    Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    ----------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  20. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, Below is the HiJackThis log.
    I tried to remove "Dell Restore" in
    the "Add Remove Programs", but
    it did not give me that option.
    Thanks, Tom

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:34:42 PM, on 6/9/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120425165506.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
    O23 - Service: Google Update Service (gupdate1c9930c59c2e53d) (gupdate1c9930c59c2e53d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    --
    End of file - 8209 bytes
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Don't worry about the Dell Restore- I checked and saw I still have it also.

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if found:

    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - Startup: Nikon Monitor.lnk = ?
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

    Close all Windows except HijackThis and click on "Fix Checked."
    ================================================
    Resetting Services:
    To access the Services: Click on Start> Run> type in services.msc> Enter
    You can reset the 023 Adobe Flash Player Update Service to Manual.
    You can reset 023 Java Quick Starter Service to Disabled and Stop the Service.
    Edit: command for services has been corrected to .msc
    ---------------------------------------------------
    Unchecking processes on Startup Menu:
    If any of the processes for the Dell Photo AIO Printer are checked on the Startup Menu, you can uncheck them
    The process Nikon Monitor/nkmonitor.exe Monitors for a Nikon CoolPix camera being connected via USB port. Uncheck if on Startup.
    And no Adobe or Java related processes need to be checked on the Startup Menu


    To access the Startup Menu using the msconfig utility
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes you do not need to start on boot.
    • Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
    ===========================================
    Stopping Windows Messenger:
    Recommend you stop this: Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"

    Let me know if you have any questions.
     
  22. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, I ran Hijack again as directed, and found the last seven of the files you mention, but none of the first five that start our with "C:\".
    Regarding "Resetting Services:" - I was not able to get that to run. I typed in "services.exe" in the run box, but nothing happened.

    Regarding "Unchecking processes on Startup Menu:
    I did not find checked (nor listed) the Dell Photo AIO Printer, or the Nikon Monitor/nkmonitor.exe

    Regarding "Stopping Windows Messenger:"
    I did not find Windows Messenger in my Programs. Wasn't that the little green guy? Don't use it, and perhaps I got rid of it previously.
    Thanks, Tom
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Directions in HijackThis:
    =====================================
    Startup menu will list processes on the left:
    dlcxmon.exe
    memcard.exe
    NkMonitor.exe
    dlcxcoms.exe
    jqs.exe
    The name of what each process goes to is seen in the Command Colume.
    I also added:
    Dell has always been "overly generous" with the features and processes they pre-load, put on Automatic and on Startup.
    ===============================
    Services: Sign on to the Administrator account first.
    After you type services.msc in Run> Press Enter.
    ================================
    Messenger:
    Right click on Start> Explore> Computer> Local Drive> Programs> Right click on Messenger> click on Rename add old to the end sp it reads messengerold
    When you get into Services, double click to open Messenger> Change Startup type to Disabled> Stop the Service.

    If none of these get done, not to worry- they are not malware.

    I try to add the disclaimers so that if something is not found or is slightly different you won't be concerned.
     
  24. BigSand

    BigSand TS Rookie Topic Starter Posts: 28

    Bobeye, the "msc" extention on services works much better! The Adobe Flash Player was on "manual", and I stopped the Java Quick Starter. Messenger was already showing as "Disabled & Stopped". I found the Messenger file, and renamed it as requested. Thanks, Tom
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yeah, it would! I am very sorry about that. Sometimes I think my typing has a mind of it's own! I have corrected from services.exe[​IMG] to services.msc.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...