Inactive 8 Step: with logs, details inside

[fluffykitten]

Malwarebytes log
GMER log
DDS logs: both DDS.txt and Attach.txt


Complaint: very slow, no virus appears to be present or other malicious code. HDD was near full capacity when I received it, currently 5GB free space now. After running the current programs associated with the 8-step, some improvement is noticed, not completely fixed.

 

[Bobbye]

You've had a lot of post but not many replies. Most have been system or network-related. We require all the logs to be pasted in, not attached. It is too time consuming for the malware helpers to try and copy and paste anything they need to identify. With a pasted log, we can search directly from out browser.

As was the case previously, your description does not sound like malware, but I will check the logs after you paste them in. You can use multiple posts for the logs if you need too, bu make sure they are all in this thread.

Edit: I took a quick look at you logs and can say with confidence that the system is slow because you have too many processes starting on boot and running in the background. Although you freed up hard drive space by uninstalling some of the programs, if there isn't enough RAM, then you need to take everything off of the Start menu except the antivirus program, firewall, touchpad for laptop and possibly network process is using Pure Networks. Nothing else needs to start on boot!

The more you have starting, the slower the load time, the slower the shutdown time. Then after you surf a while, you pick up additional files. that will slow you down. I won't rule out malware yet, but I think I went through this with you previously. You are trying to run everything on an old computer that doesn't have much of what it needs to run well!

And by the way, the McAfee Security Suite puts a ton of processes on to run it. You would do better getting Stand Alone security instead.

 

[fluffykitten]

You've had a lot of post but not many replies. Most have been system or network-related. We require all the logs to be pasted in, not attached. It is too time consuming for the malware helpers to try and copy and paste anything they need to identify. With a pasted log, we can search directly from out browser.

As was the case previously, your description does not sound like malware, but I will check the logs after you paste them in. You can use multiple posts for the logs if you need too, bu make sure they are all in this thread.

Edit: I took a quick look at you logs and can say with confidence that the system is slow because you have too many processes starting on boot and running in the background. Although you freed up hard drive space by uninstalling some of the programs, if there isn't enough RAM, then you need to take everything off of the Start menu except the antivirus program, firewall, touchpad for laptop and possibly network process is using Pure Networks. Nothing else needs to start on boot!

The more you have starting, the slower the load time, the slower the shutdown time. Then after you surf a while, you pick up additional files. that will slow you down. I won't rule out malware yet, but I think I went through this with you previously. You are trying to run everything on an old computer that doesn't have much of what it needs to run well!

And by the way, the McAfee Security Suite puts a ton of processes on to run it. You would do better getting Stand Alone security instead.

I will past the logs in next time, ok. Thanks for taking a look at the logs, I really haven't gone through it much at all, just automatically did the 8step tutorial to start off. I agree about the start menu, ill reduce it down to av only. thanks for the advice, this and the last computer were not mine, just a couple friends that wanted me to look at, i then come here

I used msconfig, disabled a lot of the start menu programs.

Is this the right course, a better way to do this, it still seems sluggish at splash, loading, shutting down even a bit.

 

[Bobbye]

Is this the right course, a better way to do this, it still seems sluggish at splash, loading, shutting down even a bit.

If you suspect malware this is the right course. But keep in mind that the amount of installed RAM, Hard Drive size and number of running processes can all contribute to what you described. In addition, the system has to have regular maintenance to keep it running well.

I was not looking for malware in your logs. I remembered you from previous thread and that you are a bit short on troubleshooting experience. Whenever anything goes wrong on a system, many just 'assume' it's from malware. But that is not always the case.

 

[fluffykitten]

Yes I did jump straight to that, I would always think some malware is around.


I made a mistake, I ran combofix. the blue cmd box running. I went to click on a icon and received a error

"Illegal operation attempted on a registry key that has been marked for deletion"


It says this on everything, firefox and every file on the computer, I get this error, I really messed up, I restarted and still get the same error.

 

[fluffykitten]

"Illegal operation attempted on a registry key that has been marked for deletion"

 

[fluffykitten]

no applications work, same error message (bump) nothing has changed since answer #5

 

[Bobbye]

Please do NOT bump a thread because you didn't get an instant reply! This thread isn't even 24 hours old yet. I am helping other members also.

I cannot do anything until you paste the logs in. And again, I think I will reach the same conclusion. The system has been sounding like a mess since you began all your threads. My best suggestion to you is to reformat and reinstall the OS.

 

[fluffykitten]

sorry, you were right around this current system, probably didn't have much malware or virus but I did mess it up further by running "combofix" ...

Everything was running much better. Now I cannot open any documents, files without that error I posted above. I will be patient, I do not have any other logs, do you want the current logs pasted in.


My other post were in regards to my own system about network/System problems.
This machine isn't mine and now I feel that none of the data is recoverable, none of the other post are related to this post.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5649

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/31/2011 11:36:26 AM
mbam-log-2011-01-31 (11-36-26).txt

Scan type: Quick scan
Objects scanned: 168006
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[fluffykitten]

DDS (Ver_10-12-12.02) - NTFSx86
Run by MF at 12:46:12.51 on Mon 01/31/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1021.313 [GMT -8:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MF\Downloads\Detailed Logs w.Programs\Software\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101107233827.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
dRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mf\appdata\roaming\mozilla\firefox\profiles\pham9wmf.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-2-17 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-2-17 164840]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-2-17 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-17 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-17 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-17 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-2-17 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-2-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-2-17 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-2-17 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-30 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-30 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-2-17 313288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-1 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-17 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-30 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-30 40552]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2008-3-18 71424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-31 19:24:04 -------- d-----w- c:\users\mf\appdata\roaming\Malwarebytes
2011-01-31 19:22:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:22:29 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:22:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 00:16:41 -------- d-----w- c:\users\mf\appdata\local\Mozilla
2011-01-14 06:20:44 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 06:20:42 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-14 06:20:41 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-14 06:20:41 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-14 06:20:40 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-14 06:20:40 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-14 06:20:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe

============= FINISH: 12:49:03.98 ===============

 

[fluffykitten]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/30/2009 3:08:44 PM
System Uptime: 1/31/2011 11:42:45 AM (1 hours ago)

Motherboard: Dell Inc. | | 0FP985
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 5.226 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 10 GiB total, 9.922 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP353: 1/13/2011 11:10:33 PM - Scheduled Checkpoint
RP354: 1/14/2011 3:00:34 AM - Windows Update
RP355: 1/18/2011 9:22:16 PM - Scheduled Checkpoint
RP356: 1/29/2011 9:22:18 PM - Scheduled Checkpoint
RP357: 1/30/2011 1:31:27 PM - Removed Microsoft Streets & Trips 2009
RP358: 1/30/2011 1:53:47 PM - Removed HP Print Diagnostic Utility
RP359: 1/30/2011 1:54:53 PM - Removed HP Product Detection.
RP360: 1/30/2011 1:55:55 PM - Removed Microsoft Office Access database engine 2007 (English)
RP361: 1/30/2011 1:57:55 PM - Removed RepairSolutions.
RP362: 1/30/2011 2:01:28 PM - Removed Google Earth Plug-in.
RP363: 1/30/2011 2:04:32 PM - Removed Wealth-Lab Pro 5.6.
RP364: 1/30/2011 2:06:52 PM - Removed Microsoft Office Project Professional 2003
RP365: 1/31/2011 11:17:17 AM - Scheduled Checkpoint

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Before You Know It 3.6
Bonjour
CCleaner
D3DX10
Dell Driver Download Manager
DivX Setup
Fidelity Active Trader Pro®
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
LanguageNow - Italian
Malwarebytes' Anti-Malware
McAfee Anti-Theft
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2009
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Drivers
OGA Notifier 2.0.0048.0
playfuldolphin_3122094 Screen Saver
Quicken WillMaker Plus 2010
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
SupportSoft Assisted Service
Synaptics Pointing Device Driver
System Requirements Lab
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2005 Tools for Office Second Edition Runtime
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/31/2011 11:43:23 AM, Error: EventLog [6008] - The previous system shutdown at 11:41:35 AM on 1/31/2011 was unexpected.
1/30/2011 4:41:46 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 4:08:39 PM, Error: EventLog [6008] - The previous system shutdown at 4:07:05 PM on 1/30/2011 was unexpected.
1/30/2011 1:13:46 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
1/30/2011 1:13:19 PM, Error: EventLog [6008] - The previous system shutdown at 9:11:27 AM on 1/30/2011 was unexpected.

==== End Of File ===========================

malwarebytes log is too big to post

illegal operation attempted on a registry key error comes up when I try to reload combofix, that is the program I ran after those logs, I have no log for combofix and I know you never told me to run this, this is when the errors came and unable to open anything after so I will be patient and I would like not to do a clean install yet, he has a lot of files, documents that he would not like to lose.

thanks for the help so far, I know I really made it difficult.

 

[fluffykitten]

Everything is back to normal, I was able to fix the error

"Illegal operation attempted on a registry key that has been marked for deletion"


was able to use System File Checker, in safemode, reboot into normal mode and everythinbg is back to normal.

sorry for my panic ocd post, no reply.. panic more! bump a post..

I have changed the start menu programs with msconfig, and changed to a not so heavy AV.

 

[Bobbye]

Please tell me if there are any malware related problems.

 

[Bobbye]

Due to inactivity, thread is being close.