Solved Infected Computer

Status
Not open for further replies.
G

gbm608

Posts: 6   +0
I really can describe my problem other than I think my computer is infected. It loads really slow, it runs really slow, it hangs while running programs. I have defraged my computer, cleaned out temp files and ran antivirus and malware programs with no luck.

I tried the best I could to follow the 8 step removal instructions but had issues even getting that done.

TFC would not run. It hung up.

Malwarebytes would not update latest virus defintions. I get the following error when trying to update - PROGRAM_ERROR_UPDATING_(404, 0, HTTPStatusCode). I ran the program with definitions 31 days old. I have attached the log

GMER would not run. It hung up. I tried to run in safe mode and it hung there also.

DDS ran fine. DDS is attached here. Attach.txt is in second post as this post is too long.

Thanks for the help.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2011 12:37:13 PM
mbam-log-2011-01-21 (12-37-13).txt

Scan type: Quick scan
Objects scanned: 210304
Time elapsed: 16 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_10-12-12.02) - NTFSx86
Run by gary at 15:37:57.62 on Fri 01/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2981 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://seattletimes.nwsource.com/html/home/index.html
uInternet Connection Wizard,ShellNext = iexplore
BHO: AutorunsDisabled - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2007\office14\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2007\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxps://www.lanepowell.com/Extranet/includes/iManFile.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://wadismonthly.webex.com/client/T27L10NSP11EP13-wadis/webex/ieatgpc.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2009-5-26 12800]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-2-13 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-2-13 51072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2009-5-26 345984]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 Z-SANService;Z-SAN Service;c:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2009-5-26 376891]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2009-5-26 15488]
R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2009-5-26 5120]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2011-01-21 18:18:35 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Microsoft Help
2011-01-21 17:40:46 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Citrix
2011-01-21 17:40:45 110456 ----a-w- c:\documents and settings\temp\g2ax_customer_downloadhelper_win32_x86.exe
2011-01-21 16:50:47 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Zimbra
2011-01-21 16:44:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 16:44:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 16:44:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 16:31:39 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Lookout Software
2011-01-21 16:21:29 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Adobe
2011-01-21 16:12:05 483401 -c--a-w- c:\documents and settings\temp\gotomypc.exe
2011-01-21 16:12:04 563712 -c--a-w- c:\documents and settings\temp\gotomypc_370.exe
2011-01-20 23:55:57 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-01-20 23:41:54 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-01-20 17:21:36 -------- d-----w- c:\program files\Zimbra
2011-01-19 20:33:53 -------- d-----w- c:\program files\Cbeyond Secure Desktop
2011-01-19 20:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\fssg
2011-01-19 20:31:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\f-secure
2011-01-17 20:15:39 -------- d-----w- c:\program files\common files\HP
2011-01-17 20:15:23 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-01-17 20:13:35 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2011-01-17 20:13:33 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-01-17 20:12:08 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2011-01-17 20:12:08 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2011-01-17 20:12:08 303104 ----a-w- c:\windows\system32\hpovst15.dll
2011-01-17 20:11:54 -------- d-----w- c:\program files\HP
2011-01-13 23:32:43 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-13 23:32:40 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-13 23:32:40 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-13 23:32:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-13 23:32:32 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-13 23:28:39 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-13 23:28:35 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-13 23:28:34 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-13 23:28:09 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-01-13 23:28:08 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-13 23:28:06 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-01-13 23:25:51 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-01-13 23:25:48 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-01-13 23:25:16 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-01-13 23:25:06 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-01-13 23:25:03 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-01-13 23:23:58 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-01-13 23:23:54 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-01-13 23:23:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-01-13 23:23:44 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-13 23:23:35 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-01-13 23:23:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-01-13 23:23:22 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-01-13 23:23:19 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-01-13 23:23:07 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-01-13 23:23:04 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-01-13 23:23:01 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2011-01-13 23:21:48 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-01-13 23:21:45 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-01-13 23:21:42 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-01-13 23:21:39 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-01-13 23:21:36 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-01-13 23:21:33 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-01-13 23:21:25 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-01-13 23:21:22 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-01-13 23:21:22 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-01-13 23:21:19 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-01-13 23:20:11 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-01-13 23:20:09 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-01-13 23:20:04 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-01-13 23:18:44 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-01-13 23:18:41 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-01-13 23:18:39 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-01-13 23:18:35 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-01-13 23:18:32 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-01-13 23:18:30 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-01-13 23:18:27 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-01-13 23:18:24 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2011-01-13 23:18:20 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-01-13 23:18:17 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-01-13 23:18:14 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-01-13 23:18:08 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-01-13 23:18:07 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2011-01-13 23:17:47 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-01-13 23:17:43 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-01-13 23:17:43 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-01-13 23:17:23 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-01-13 23:17:11 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-01-13 23:17:08 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-01-13 23:17:02 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-01-13 23:15:59 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2011-01-13 23:14:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-01-13 23:14:27 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-01-13 23:14:25 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-01-13 23:14:22 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-01-13 23:14:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-01-13 23:14:06 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-01-13 23:14:03 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2011-01-13 23:14:02 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-01-13 23:13:57 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-01-13 23:13:53 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-01-13 23:13:50 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-01-13 23:13:50 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-01-13 23:13:45 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2011-01-13 23:13:42 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-01-13 23:13:35 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-01-13 23:13:33 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-01-13 23:13:28 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-01-13 23:13:25 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2011-01-13 23:13:03 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-01-13 23:13:01 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-01-13 23:11:50 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-01-13 23:11:43 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-01-13 23:11:38 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-01-13 23:11:32 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-01-13 23:11:25 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-01-13 23:11:25 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2011-01-13 23:11:07 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-01-13 23:11:02 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-01-13 23:09:55 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2011-01-13 23:08:59 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-01-13 23:07:02 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-13 23:07:00 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-01-13 23:06:32 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-01-13 23:06:32 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-01-13 23:06:24 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-01-13 23:06:22 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-01-13 23:06:19 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-01-13 23:06:03 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-01-13 23:06:01 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-01-13 23:04:58 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2011-01-13 23:04:55 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2011-01-13 23:04:53 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-01-13 23:04:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2011-01-13 23:04:48 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-01-13 23:04:46 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2011-01-13 23:04:44 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-01-13 23:04:42 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2011-01-13 23:04:41 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-01-13 23:04:37 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-01-13 23:03:35 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-13 23:03:35 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-01-13 23:03:17 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-01-13 23:02:51 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-01-13 23:02:45 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-01-13 23:02:43 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-13 23:01:55 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-01-13 23:01:52 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-01-13 23:01:51 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-01-13 23:00:49 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-01-13 23:00:33 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-01-13 23:00:06 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-01-13 22:58:58 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
2011-01-13 22:57:51 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-01-13 22:56:59 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2011-01-13 22:56:57 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-01-13 22:56:55 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-01-13 22:56:48 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-01-13 22:56:43 8704 ----a-w- c:\windows\system32\dllcache\infoctrs.dll
2011-01-13 22:56:28 471102 ----a-w- c:\windows\system32\dllcache\imskdic.dll
2011-01-13 22:56:26 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-01-13 22:56:20 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2011-01-13 22:56:12 57398 ----a-w- c:\windows\system32\dllcache\imjpdadm.exe
2011-01-13 22:56:04 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2011-01-13 22:56:03 44032 ----a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-01-13 22:56:03 102463 ----a-w- c:\windows\system32\dllcache\imepadsm.dll
2011-01-13 22:54:47 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-01-13 22:54:47 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys
2011-01-13 22:54:45 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2011-01-13 22:54:43 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-01-13 22:54:25 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-01-13 22:52:59 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-01-13 22:51:37 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2011-01-13 22:51:35 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2011-01-13 22:51:32 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2011-01-13 22:51:30 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-01-13 22:51:29 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys
2011-01-13 22:51:27 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2011-01-13 22:51:26 454912 ----a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-01-13 22:51:06 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2011-01-13 22:51:05 455296 ----a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-01-13 22:51:03 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
2011-01-13 22:51:00 7680 ----a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2011-01-13 22:49:57 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2011-01-13 22:48:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2011-01-13 22:48:58 26141 ----a-w- c:\windows\system32\dllcache\el589nd5.sys
2011-01-13 22:48:57 69692 ----a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-01-13 22:48:56 24653 ----a-w- c:\windows\system32\dllcache\el574nd4.sys
2011-01-13 22:48:55 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-01-13 22:48:55 44103 ----a-w- c:\windows\system32\dllcache\el515.sys
2011-01-13 22:48:53 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2011-01-13 22:48:46 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-01-13 22:48:45 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-01-13 22:47:56 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-01-13 22:47:32 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
2011-01-13 22:47:31 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-01-13 22:47:30 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-01-13 22:47:29 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2011-01-13 22:47:29 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-01-13 22:45:59 7424 ----a-w- c:\windows\system32\dllcache\ddsmc.sys
2011-01-13 22:44:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2011-01-13 22:43:45 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2011-01-13 22:42:58 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
2011-01-13 22:41:57 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-01-13 22:40:59 15360 ----a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-01-13 22:39:52 281600 ----a-w- c:\windows\system32\dllcache\atimtai.sys
2011-01-13 22:38:59 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2011-01-13 22:37:59 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-01-13 22:37:58 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
2011-01-13 22:37:58 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
2011-01-13 22:37:56 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2011-01-13 22:37:47 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-01-13 22:37:46 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-01-13 22:37:46 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-01-13 22:37:45 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-01-13 22:37:45 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-01-13 22:37:38 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-01-13 22:36:03 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-01-13 22:34:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-13 22:33:36 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-01-13 22:33:36 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-01-13 22:33:33 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-01-13 22:33:31 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-01-13 22:33:31 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-01-13 22:33:29 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-01-13 22:08:34 -------- d-----w- c:\program files\IObit
2011-01-02 21:41:02 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-01-02 21:41:02 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-01-02 21:41:01 -------- d-----w- c:\program files\MyDefrag v4.3.1
2010-12-29 18:11:52 -------- d-----w- c:\program files\ESET
2010-12-24 16:19:14 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-12-24 16:19:14 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2010-12-24 00:32:28 -------- d-sha-r- C:\cmdcons
2010-12-24 00:25:43 98816 ----a-w- c:\windows\sed.exe
2010-12-24 00:25:43 89088 ----a-w- c:\windows\MBR.exe
2010-12-24 00:25:43 256512 ----a-w- c:\windows\PEV.exe
2010-12-24 00:25:43 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 15:39:43.53 ===============
 
Here is the Attach.text file -

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/27/2008 7:40:46 AM
System Uptime: 1/21/2011 3:25:50 PM (0 hours ago)

Motherboard: Dell Inc. | | 0UY141
Processor: Intel Pentium III Xeon processor | Microprocessor | 2493/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 111.102 GiB free.
D: is CDROM ()
F: is FIXED (DataPlowSFSZ) - 463 GiB total, 305.283 GiB free.
N: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
P: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
U: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/23/2010 4:26:47 PM - System Checkpoint
RP2: 12/25/2010 10:54:14 AM - System Checkpoint
RP3: 12/26/2010 12:37:05 PM - System Checkpoint
RP4: 12/27/2010 1:38:24 PM - Installed HiJackThis
RP5: 12/28/2010 4:51:24 PM - System Checkpoint
RP6: 12/29/2010 9:40:16 PM - System Checkpoint
RP7: 1/1/2011 8:24:30 AM - System Checkpoint
RP8: 1/3/2011 8:19:26 AM - Removed TiVo Desktop 2.8
RP9: 1/4/2011 12:27:44 PM - System Checkpoint
RP10: 1/6/2011 7:57:35 AM - System Checkpoint
RP11: 1/7/2011 1:04:29 PM - System Checkpoint
RP12: 1/8/2011 7:29:10 PM - System Checkpoint
RP13: 1/10/2011 8:28:49 AM - System Checkpoint
RP14: 1/12/2011 1:18:44 PM - System Checkpoint
RP15: 1/12/2011 3:00:27 PM - Software Distribution Service 3.0
RP16: 1/13/2011 2:10:35 PM - Advanced SystemCare RestorePoint
RP17: 1/15/2011 4:49:20 PM - System Checkpoint
RP18: 1/16/2011 7:38:08 PM - System Checkpoint
RP19: 1/18/2011 1:21:25 PM - System Checkpoint
RP20: 1/19/2011 12:22:34 PM - Removed Symantec Client Security
RP21: 1/19/2011 12:33:48 PM - psb 9.00 build 149 Installation
RP22: 1/20/2011 9:21:26 AM - Installed Zimbra Desktop
RP23: 1/20/2011 3:32:32 PM - Installed Microsoft Office Professional 2010
RP24: 1/20/2011 3:34:20 PM - Installed Microsoft Office Professional 2010
RP25: 1/20/2011 4:07:01 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP26: 1/20/2011 4:34:11 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.2.5 - CPSID_83708
Adobe Acrobat 8.2.5 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AxCrypt 1.7.1878.0
biolsp patch
BitZipper 5.0.6
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Canon PIXMA iP4000
CCleaner
Conexant HDA D330 MDC V.92 Modem
Cooliris for Internet Explorer
CrossLoop 2.20
Definition update for Microsoft Office 2010 (KB982726)
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Digital Line Detect
DirectShow Dump
DJ_AIO_03_F4200_Software_Min
Document Manager Lite
eFax Messenger
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ESET Online Scanner v3
ESPN Java Check
Ext2 IFS 1.11a for Windows XP
F-Secure PSC Prerequisites
Forefront Crystal Reports 10 Runtime
Gemalto
GemSafe Standard Edition 5.1
getPlus(R)_ocx
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet F4200 All-In-One Driver 11.0 03
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 4.0.0 (Full)
LiveUpdate 3.1 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Lookout
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MediaMonkey 3.2
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Theme Nunavut
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
MyDefrag v4.3.1
mZConfig
NETGEAR Storage Central Manager Utility
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
ODIR
OGA Notifier 2.0.0048.0
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
RealLegal E-Transcript Viewer
Remote Control USB Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Scan
SearchAssist
Secure Update
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Shadow Copy Client
Snapshot Viewer
Sonic CinePlayer Decoder Pack
Spectrum Crystal XI Runtime
SUPERAntiSpyware
Toolbox
Trusted Drive Manager
tsp patch
Tweak UI
Understanding the Audio Mixer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wave Infrastructure Installer
Wave Support Software
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinZip
Wisdom-soft ScreenHunter 5.0 Free
XML Paper Specification Shared Components Pack 1.0
Zimbra Desktop

==== Event Viewer Messages From Past Week ========

1/21/2011 2:37:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Lbd SASDIFSV SASKUTIL
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Z-SAN Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 10:46:02 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/21/2011 1:52:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TdmService service to connect.
1/21/2011 1:52:29 PM, error: Service Control Manager [7000] - The TdmService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2011 5:59:57 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/20/2011 3:03:50 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
1/19/2011 7:58:35 AM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
1/19/2011 7:58:18 AM, error: Service Control Manager [7023] - The IMAPI CD-Burning COM Service service terminated with the following error: The class is configured to run as a security id different from the caller
1/19/2011 12:45:08 PM, error: NetBT [4321] - The name "SG :1d" could not be registered on the Interface with IP address 192.168.102.101. The machine with the IP address 192.168.102.109 did not allow the name to be claimed by this machine.
1/19/2011 1:58:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/19/2011 1:56:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/19/2011 1:55:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 1:54:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/19/2011 1:54:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2011 1:06:03 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is JEAN_XP.
1/18/2011 9:29:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/18/2011 6:00:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
1/18/2011 6:00:12 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2011 6:00:12 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/17/2011 12:14:21 PM, error: Print [22] - Failed to ugrade printer settings for printer \\email\HP CLJ 4700 PCL 6,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1722.
1/17/2011 12:14:20 PM, error: Print [22] - Failed to ugrade printer settings for printer \\email\HPLaserJet4200_backoffice,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1722.
1/17/2011 11:51:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
1/17/2011 11:49:59 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================
 
Welcome to TechSpot! I need to get more information from you. First of all, 'slow' or sluggish' does not automatically mean malware. It can be too many processes running, not enough RAM or numerous other things.

Just telling me you can run a scan isn't enough. I need to know what happens when you try. Please run the following to see if Mbam will run correctly:

Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
========================================
Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please uninstall or disable the Registry Booster.
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I note numerous entries that should be removed. I'll know more when I get all the logs.
 
Thank you for the help.

You said to uninstall or disable the Registry Booster. Not sure where to do this at. I did not see it listed in add or remove programs.

Here are the logs requested.

exeHelper by Raktor
Build 20100414
Run at 17:14:15 on 01/21/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Guess I didn't make this clear: the purpose of rkill/exe was to help run Malwarebytes with any current update. Please see if you can do that now:

(Note: regarding the following removals, it is best to remove them in Safe Mode)

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Regarding Security and system "help" programs::
1. F-Secure:
If your ISP is Charter, they offer a security program named Charter High-Speed Security Suite This uses F-Security products for antivirus and antimalware- possibly firewall also. If you are using this, then you should remove any other AV program and disable the firewall is one is included in the Suite. You have several F-Secure entries:
2011-01-19 20:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\fssg
2011-01-19 20:31:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\f-secure
I also see this rogram installed:
F-Secure PSC Requirements> PSC> Protection Service for Consumers (PSC)

2.Cbeyond Secure Desktop
This is also running and may possibly conflict with the other security, particularly the AV:
2011-01-19 20:33:53 -------- d-----w- c:\program files\Cbeyond Secure Desktop
Stop viruses and spyware before they infect your PC with Secure Desktop’s real-time detection. Prevent attacks that could potentially damage or erase your critical business files.
http://www.cbeyond.net/small-business-solutions/data-backup-security/secure-desktop/

3. Advanced SystemCare: this is not a recommended program to be on your system. Even the download site is not recommended.
2011-01-13 22:08:34 -------- d-----w- c:\program files\IObit
RP16: 1/13/2011 2:10:35 PM - Advanced SystemCare RestorePoint

4. HijackThis v2.0.2 is our t dated and should be uninstalled. We will run it later and I will give you a link to the current version.

5. [RegistryBooster]. The entry below is what's is showing in DDS.
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

To remove the programs:
  1. See if the program itself has an uninstaller- if it does, use that.
  2. If it doesn't, go to add/Remove Programs in the Control Panel and uninstall.
  3. After the removal: use Windows Explorer (Windows key + E)> My Computer> Double click on Local Drive (C)> Programs> find the program folder for each> right click> Delete
Exit Explorer> Reboot.
(If there are any 'scraps' left, I can remove them later with script.
====================================================
When you have finished housekeeping, go on to the following:
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Not successful on any of the steps.

Still receiving same error updating malwarebytes.

Had to boot in safe mode with networking. Standard safe mode would not let me log in.

My ISP is Cbeyond. They are new to us. We will be using their antivirus software which is F-secure. I can remove any thing from them at this point and reinstall clean after all is done. Just let me know. We were using symantec for virus protection as of last week.

Once in safe mode I could not see F-secure, Cbeyond Secure Desktop, Advance system Care or RegistryBooster. I could not find these programs in the start/programs list or in the add programs in control panel. So I have not done anything with these programs yet. I need more instructions on how to deal with these programs.

Regarding hijackthis. When I tried to remove the program from the add programs/control panel. I got the following error "The windows installer service could not be accessed. THis can occur if you are running windows in safe mode, or if the windows installer is not correctly installted". Therefore, i have not removed hijack this yet.

I did not proceed to combofix steps since the housekeeping steps are not completed.

Please advise. Thanks.
 
All of the 'can't do' problems were caused by being in Safe Mode. Security programs don't load in Safe Mode with Networking and usually the Windows Installer does't run. The following is a good indication that the problem is most likyly system based and not malware:
I really can (You mean 'can't' here, right?)describe my problem other than I think my computer is infected. It loads really slow, it runs really slow, it hangs while running programs.
Click to expand...

The only thing showing in Mbam indicated there was-or is- an application that caused the firewall to be disabled and is a potentially unwanted.

Is there some particular reason why you booted into Safe Mode? None of thee scans direct you to Safe Mode.
 
Regarding booting in safe mode. I may have mis understood you. You said -

"(Note: regarding the following removals, it is best to remove them in Safe Mode)
Boot into Safe Mode"

So I booted in safe mode. I tried to house clean not in safemode.

I was able to removed Hijack this.

Same issue as posted before, I could not see F-secure, Cbeyond Secure Desktop, Advance system Care or RegistryBooster. I could not find these programs in the start/programs list or in the add programs in control panel. So I have not done anything with these programs yet. I need more instructions on how to deal with these programs.

I have not moved on to combofix until housecleaning is done or until you tell me to move on to combofix.

I did mean "I can't" your question.

Thank you.
 
Okay, I need for you to move on with the scans.

That detection is a potentially unwanted modification,its a registry change, your security center notifications have been turned off- note: that sometimes AV & Firewall software will turn these off to avoid double notifications but many infections also change these settings that's why Malwarebytes detects it. The finding in Mbam is most likely a False Positive. Your antivirus and firewall software probably modified those Registry Values. You can have MBAM ignore those entries. The UpdatesDisableNotify as you said, was set by you. If I see this entry in Combofix, I can remove it.

You might want to look into this mapping- this is not my area:
Disk Partitians:
C: is FIXED (NTFS) - 149 GiB total, 111.102 GiB free.
D: is CDROM ()
F: is FIXED (DataPlowSFSZ) - 463 GiB total, 305.283 GiB free.
N: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
P: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
U: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.

CSC stands for Client Side Caching and is a hidden directory which stores the offline copy of the file on the local machine. Encryption is not preserved by the CSC directory but file permissions are. However, anyone who has administrative rights on the local machine can view the files in the CSC directory. Check the local to permissions and groups to see what is going on.

Intermittent slowdown can be caused by insufficient RAM> if you reboot after it slows down, then movement seems normal for a while, then slows down again, either there isn't enough RAM, too many programs and apps are running and the available RAM can handle them all at the same time. Also, high volume of internet traffic can cause a slow down at certain times of the day. . Once I see the other logs, I will have a better idea. At his point, I don't see malware.
 
Since my last reply I had an IT guy look at my machine. He agreed that no malware was present. He did some tweeks and adjustments and everything appears fine now. Thanks for your help. I am going to pass on the scans.

Again thanks for your help. We can now consider this thread closed.
 
Thanks for the update. You should remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Daniel Sims
Dell brings the sleek (and controversial) XPS 13 design to 14 and 16-inch models
Replies
12
Views
478
takaozo
takaozo

Latest posts

Back