Resolved My system is really slow after I run Internet Explorer

[jissa]

I have a Windows XP SP3 machine that is running IE8. Recently I noticed a slow down in the system after I start IE. Looking in the task manager I see multiple copies of IE running and using a lot of RAM. After I exit IE, multiple copies are still running and I get a error that IE crashed.

I followed the 5 steps and here are my logs. Any help would be greatly appreciated.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Johnny :: EJS1 [limited]

4/6/2012 4:48:23 PM
mbam-log-2012-04-06 (16-48-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 152236
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Johnny\Local Settings\Temp\arg259881.exe (Exploit.Drop) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-06 18:15:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD600BB-00CAA1 rev.17.07W17
Running: 69e8ueid.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA5236F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA5236FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA5237080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA523711C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB50C7000, 0x2C8F24, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01219720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2356] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0144E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106775F7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10677589 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1044FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104503C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 117210303

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 18:16:01 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1103 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{424F2D3C-33C4-4DCF-B208-BA5A8F3A7F33} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\dc89d9lx.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-4-18 13696]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-2 100368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-18 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
.
=============== Created Last 30 ================
.
2012-04-06 22:58:57 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2012-04-06 22:51:14 -------- d-----w- c:\documents and settings\administrator\AppData
2012-04-06 22:31:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-06 22:28:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-06 22:28:53 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-03 06:04:10 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-03 04:30:53 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-04-03 04:30:10 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-04-03 04:30:10 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-03 04:29:34 -------- d-----w- c:\program files\ATI
2012-04-03 04:28:34 -------- d-----w- C:\AMD
2012-04-03 04:02:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 03:36:03 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-03 03:36:02 -------- d-----w- c:\program files\Trend Micro
2012-04-03 02:40:37 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2012-04-03 02:19:49 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-04-03 02:19:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 02:19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 02:19:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-03 02:18:38 -------- d-----w- C:\downloads
.
==================== Find3M ====================
.
2012-04-06 23:55:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 22:31:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 06:22:00 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-03-09 06:14:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-03-09 05:19:48 19959808 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 05:02:24 5358304 ----a-w- c:\windows\system32\ati3duag.dll
2012-03-09 04:36:12 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
2012-03-09 04:24:58 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-03-09 04:21:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 04:20:04 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 04:18:40 305152 ----a-w- c:\windows\system32\ati2dvag.dll
2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:52:28 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-03-09 03:52:12 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-03-09 03:52:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-03-09 03:51:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 03:51:36 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-03-09 03:50:00 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-03-09 03:48:28 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-03-09 03:41:34 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-03-09 03:36:30 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:36:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-03-09 03:29:24 909312 ----a-w- c:\windows\system32\ati2cqag.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:16:24.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/18/2010 11:56:45 AM
System Uptime: 4/6/2012 5:02:20 PM (1 hours ago)
.
Motherboard: BIOSTAR Group | | TA785G3
Processor: AMD Athlon(tm) II X3 435 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 40.464 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 458 GiB total, 170.211 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP641: 1/7/2012 10:41:42 PM - System Checkpoint
RP642: 1/8/2012 11:41:42 PM - System Checkpoint
RP643: 1/10/2012 12:41:42 AM - System Checkpoint
RP644: 1/11/2012 1:41:42 AM - System Checkpoint
RP645: 1/12/2012 2:41:39 AM - System Checkpoint
RP646: 1/12/2012 3:00:16 AM - Software Distribution Service 3.0
RP647: 1/13/2012 3:31:36 AM - System Checkpoint
RP648: 1/14/2012 3:36:07 AM - System Checkpoint
RP649: 1/15/2012 4:36:07 AM - System Checkpoint
RP650: 1/16/2012 5:36:10 AM - System Checkpoint
RP651: 1/17/2012 6:35:05 AM - System Checkpoint
RP652: 1/18/2012 7:35:04 AM - System Checkpoint
RP653: 1/19/2012 8:35:09 AM - System Checkpoint
RP654: 1/20/2012 9:35:06 AM - System Checkpoint
RP655: 1/21/2012 10:36:07 AM - System Checkpoint
RP656: 1/22/2012 11:57:59 AM - System Checkpoint
RP657: 1/23/2012 12:35:02 PM - System Checkpoint
RP658: 1/24/2012 1:35:07 PM - System Checkpoint
RP659: 1/25/2012 2:35:02 PM - System Checkpoint
RP660: 1/26/2012 3:00:16 AM - Software Distribution Service 3.0
RP661: 1/27/2012 3:21:44 AM - System Checkpoint
RP662: 1/28/2012 4:21:44 AM - System Checkpoint
RP663: 1/29/2012 5:21:44 AM - System Checkpoint
RP664: 1/30/2012 6:21:47 AM - System Checkpoint
RP665: 1/30/2012 8:48:45 PM - Removed Adobe Reader 7.0
RP666: 1/30/2012 8:48:56 PM - Installed Adobe Reader 9.5.0.
RP667: 1/31/2012 10:29:52 PM - System Checkpoint
RP668: 2/1/2012 10:31:31 PM - System Checkpoint
RP669: 2/2/2012 10:56:32 PM - System Checkpoint
RP670: 2/3/2012 11:55:27 PM - System Checkpoint
RP671: 2/5/2012 12:55:27 AM - System Checkpoint
RP672: 2/6/2012 1:55:28 AM - System Checkpoint
RP673: 2/7/2012 2:50:47 AM - System Checkpoint
RP674: 2/8/2012 3:50:47 AM - System Checkpoint
RP675: 2/9/2012 4:50:47 AM - System Checkpoint
RP676: 2/10/2012 5:50:47 AM - System Checkpoint
RP677: 2/11/2012 6:50:47 AM - System Checkpoint
RP678: 2/12/2012 7:50:50 AM - System Checkpoint
RP679: 2/13/2012 8:50:50 AM - System Checkpoint
RP680: 2/14/2012 9:50:47 AM - System Checkpoint
RP681: 2/15/2012 10:50:51 AM - System Checkpoint
RP682: 2/16/2012 3:00:13 AM - Software Distribution Service 3.0
RP683: 2/17/2012 3:29:26 AM - System Checkpoint
RP684: 2/18/2012 4:29:24 AM - System Checkpoint
RP685: 2/19/2012 5:29:26 AM - System Checkpoint
RP686: 2/20/2012 6:29:26 AM - System Checkpoint
RP687: 2/21/2012 7:29:24 AM - System Checkpoint
RP688: 2/22/2012 8:29:26 AM - System Checkpoint
RP689: 2/23/2012 9:53:07 AM - System Checkpoint
RP690: 2/24/2012 10:29:24 AM - System Checkpoint
RP691: 2/25/2012 11:29:26 AM - System Checkpoint
RP692: 2/26/2012 12:53:09 PM - System Checkpoint
RP693: 2/27/2012 1:33:13 PM - System Checkpoint
RP694: 2/28/2012 2:29:24 PM - System Checkpoint
RP695: 2/29/2012 3:29:24 PM - System Checkpoint
RP696: 3/1/2012 4:41:27 PM - System Checkpoint
RP697: 3/2/2012 5:21:08 PM - System Checkpoint
RP698: 3/3/2012 5:29:23 PM - System Checkpoint
RP699: 3/4/2012 6:29:23 PM - System Checkpoint
RP700: 3/5/2012 6:36:36 PM - System Checkpoint
RP701: 3/6/2012 7:42:56 PM - System Checkpoint
RP702: 3/7/2012 8:29:24 PM - System Checkpoint
RP703: 3/8/2012 9:37:48 PM - System Checkpoint
RP704: 3/9/2012 10:29:23 PM - System Checkpoint
RP705: 3/10/2012 11:38:42 PM - System Checkpoint
RP706: 3/12/2012 12:29:26 AM - System Checkpoint
RP707: 3/13/2012 1:29:27 AM - System Checkpoint
RP708: 3/14/2012 2:29:26 AM - System Checkpoint
RP709: 3/14/2012 3:00:15 AM - Software Distribution Service 3.0
RP710: 3/15/2012 3:04:41 AM - System Checkpoint
RP711: 3/16/2012 4:04:44 AM - System Checkpoint
RP712: 3/17/2012 5:04:41 AM - System Checkpoint
RP713: 3/18/2012 6:04:43 AM - System Checkpoint
RP714: 3/19/2012 7:04:40 AM - System Checkpoint
RP715: 3/20/2012 8:04:41 AM - System Checkpoint
RP716: 3/21/2012 9:04:44 AM - System Checkpoint
RP717: 3/22/2012 10:04:41 AM - System Checkpoint
RP718: 3/23/2012 11:04:44 AM - System Checkpoint
RP719: 3/24/2012 12:04:44 PM - System Checkpoint
RP720: 3/25/2012 1:04:40 PM - System Checkpoint
RP721: 3/26/2012 2:04:44 PM - System Checkpoint
RP722: 3/27/2012 3:05:49 PM - System Checkpoint
RP723: 3/28/2012 5:15:20 PM - System Checkpoint
RP724: 3/29/2012 5:32:45 PM - System Checkpoint
RP725: 3/30/2012 6:04:41 PM - System Checkpoint
RP726: 3/31/2012 6:23:15 PM - System Checkpoint
RP727: 4/1/2012 6:30:10 PM - System Checkpoint
RP728: 4/2/2012 8:36:01 PM - Installed HiJackThis
RP729: 4/3/2012 9:47:12 PM - System Checkpoint
RP730: 4/4/2012 10:19:21 PM - System Checkpoint
RP731: 4/5/2012 11:10:27 PM - System Checkpoint
RP732: 4/6/2012 3:30:34 PM - Removed Java(TM) 6 Update 20
RP733: 4/6/2012 3:30:44 PM - Installed Java(TM) 6 Update 31
RP734: 4/6/2012 3:51:49 PM - PC Decrapifier Restore Point
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
AMD Catalyst Install Manager
AMD Processor Driver
ATI Catalyst Control Center
ATI Parental Control & Encoder
AVG 2012
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Eusing Free Registry Cleaner
Foxit Reader 5.1
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 31
magicJack
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PC Camera
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Product Listing Service
QuickBooks Simple Start Edition
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Skype™ 3.8
Spybot - Search & Destroy
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.
4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver HP Universal Printing PS required for printer HP Laserjet 1200 PS is unknown. Contact the administrator to install the driver before you log in again.
4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
.
==== End Of File ===========================

 

[Bobbye]

I'll be glad to help you check the system, but before I even look at the logs, understand this:

1. "Slow" can have many reasons other than malware.
2. It is normal to have more than one iexplore.exe with IE8 and later versions.
3. Noticing 'slow' after launching IE might indicate that there is an excess of add-ons in IE.
4. A message that IE has crashed might be caused by a lack of having enough RAM.>>How much RAM is installed?
====================================
FYI:
1. uWindow Title = Internet Explorer, optimized for Bing and MSN>> this may not be the best setting.
2. You have both FoxIt and the Adobe Reader. You only need 1 PDF Reader. If FoxIt is running okay and current, suggest you go to Add/Remove Programs and uninstall the Adobe Reader. When finished, use Windows Explorer to access My Computer> Local Drive(CC)> Programs> find Adobe Reader program folder and do right click> Delete.
======================================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

I will finish checking these logs while you do the above.

 

[Bobbye]

Comments and suggestions for you:

1. Uninstall Eusing Free Registry Cleaner> We do not recommend that anyone use a registry cleaner. The risk is greater than you benefit you may get.
2. Uninstall HiJackThis. It's not installed correctly. I'll give you a link and instruction to install correctly when we get to it.
3. If you installed the PC Decrapifier, done it's job and are now finished, remove it. I note it set a Restore Point.
4. Obviously you're not using this now to disable/remove the.SupportSoft Assisted Service
5. Resetting Services: Click on Start> Run> type in services.msc> Enter> Find each of the following Services> Double click to open and set as instructed:
   [o] FAX: Set Startup type to Manual, Stop the Service
   [o] Plug and Play> Set Startup type to Automatic
   [o] Print Spooler> Set Startup type to Automatic
   [o] Telephony> Set Startup type to Automatic
   Exit Services
6. Remove process from Start Menu:]Click on Start> Run> type in msconfig> enter>
   
   
   
   [o]Click on Selective Startup
   [o]Choose the Startup tab:
   
   
   
   [o]Uncheck any FAX
   [o] Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
-------------------------------------------
Additional note for uninstalling old programs:
The system is looking to load a process for the HP Laserjet 1200 PS I do not see thin in your installed programs nor do I see any related entries for it.
If you previously had but no longer have this printer:
1. Uninstall it in Add/Remove Programs
2. Check Services for any corresponding Service. If there is one, change Startup type to Disabled and Stop the Service
3. Check the Startup menu for any related entries and uncheck them
Follow the same paths I gave for Startup menu, Services
4. Use Windows Explorer to find and delete the program folder.
If you still have and use this printer:
1. Check Services and make sure this Service is set to Manual
2. Stop the Service if you are not actively using the printer now.
3. Uncheck any HP related processes on the Startup menu. The printer does not need to start on boot.
=====================================
Excess PDF Printer? The system is looking for the following driver and not finding it. I do not see this installed or any related processes. Unless this is suppose to do some kind of PDF printing that FoxIt can't do, you should remove the program in Add/Remove, uncheck any related process on the Startup menu and delete the program file. Same direction paths as for HP Laser printer:
(Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown.)
====================================
You had a big jump from Java v6u20 to the current Java v6u31> You will most likely have malware in the Java cache, so we will clear it:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com

 

[jissa]

Steps so far

When I say it slows down I mean that I see that IE grows to a large size by itself or it opens a large number of blank pages. I currently have 1.8 gb or RAM installed in the system.

Every scan I did using AVG, Spybot says I am not infected. I was wondering if re-installing IE8 could solve the problem.

I am not sure how to modify IE from being optimized for Bing and MSN.

I uninstalled Eusing Registry cleaner
I uninstalled HiJackThis.
I do has the LJ printer and it is using a printer server

I have run combofix and the log is

ComboFix 12-04-07.04 - Administrator 04/08/2012 10:49:16.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1213 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 17:30 . 2012-04-08 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit Software
2012-04-06 22:58 . 2012-04-06 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-04-06 22:51 . 2012-04-06 22:51 -------- d-----w- c:\documents and settings\Administrator\AppData
2012-04-06 22:31 . 2012-04-06 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-04-06 22:31 . 2012-04-06 22:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:04 . 2012-04-08 17:24 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-03 04:30 . 2011-12-20 07:39 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-04-03 04:30 . 2012-03-09 04:51 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-04-03 04:30 . 2012-03-09 03:46 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-03 04:29 . 2012-04-03 04:29 -------- d-----w- c:\program files\ATI
2012-04-03 04:28 . 2012-04-03 04:28 -------- d-----w- C:\AMD
2012-04-03 04:02 . 2012-04-06 23:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 03:36 . 2012-04-03 03:36 -------- d-----w- c:\program files\Trend Micro
2012-04-03 02:40 . 2012-04-03 02:40 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-03 02:19 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 02:18 . 2012-04-06 22:45 -------- d-----w- C:\downloads
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 23:55 . 2011-07-16 15:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 22:31 . 2010-04-19 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 06:22 . 2009-06-26 02:22 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-03-09 06:14 . 2009-06-26 01:40 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-03-09 05:19 . 2009-06-26 01:26 19959808 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 05:02 . 2009-06-26 01:36 5358304 ----a-w- c:\windows\system32\ati3duag.dll
2012-03-09 04:36 . 2009-06-26 01:23 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
2012-03-09 04:24 . 2009-06-26 00:57 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-03-09 04:21 . 2009-06-26 00:59 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 04:20 . 2009-06-26 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 04:18 . 2009-06-26 02:07 305152 ----a-w- c:\windows\system32\ati2dvag.dll
2012-03-09 04:12 . 2009-06-26 01:06 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:12 . 2009-06-26 01:06 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:52 . 2009-06-26 01:47 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-03-09 03:52 . 2009-06-26 01:47 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-03-09 03:52 . 2009-06-26 01:47 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-03-09 03:51 . 2009-06-26 01:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 03:51 . 2009-06-26 01:46 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-03-09 03:50 . 2009-06-26 01:45 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-03-09 03:48 . 2009-06-26 01:43 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-03-09 03:41 . 2009-06-26 01:02 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-03-09 03:36 . 2009-06-26 01:00 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:36 . 2009-06-26 01:00 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-03-09 03:29 . 2009-06-26 00:53 909312 ----a-w- c:\windows\system32\ati2cqag.dll
2012-02-03 09:22 . 2004-08-04 08:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-13 04:39 . 2012-04-06 22:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/18/2010 12:10 PM 13696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/2/2012 9:30 PM 100368]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 3:08 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 9:02 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/18/2010 12:23 PM 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 3:08 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:55]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 22:08]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 22:08]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dc89d9lx.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-261478967-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,2b,e8,ce,c6,74,17,44,8a,0b,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,2b,e8,ce,c6,74,17,44,8a,0b,d9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-04-08 10:53:35
ComboFix-quarantined-files.txt 2012-04-08 17:53
.
Pre-Run: 43,889,668,096 bytes free
Post-Run: 44,749,463,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 691107CE3AECA508418D775D6E57C78A

And ran eset online scanner and this is the log

C:\Documents and Settings\Johnny\Local Settings\Temp\11.tmp a variant of Win32/Kryptik.ADVT trojan
C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\CXM7233S\cn_download[1].htm HTML/ScrInject.B.Gen virus
C:\downloads\Euse Registry repair\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.AdvPCTweak application


Thanks for all your help.

 

[Bobbye]

Let' try doing this to see if it helps pick up a bit of speed:

How to Clear Your Browser Cache in Internet Explorer 8

1. Click the Start> select "Control Panel."
2. Click "Network and Internet" and select "> Internet Options."> Press the "Safety" button.
3. Click "Delete Browsing History" and click the check boxes next to the various categories of stored information you want deleted.If the info shown similar to below, uncheck the IECompatCache
   [o]C:\Documents and Settings\User Name\IECompatCache<<< Uncheckl
   [o]C:\Documents and Settings\User Name\IETldCache
   [o]C:\Documents and Settings\User Name\PrivacIE
4. Put a check in the "Preserve Favorites Website Data" to keep any cookies or files associated with the Web sites in your Internet Explorer's "Favorites" list.
5. Click the "Delete" button to clear Internet Explorer 8's cache.

==========================================
Did you opt in to receive updates for the Compatibility list. An excess of these may slow you down.
=======================================

I uninstalled Eusing Registry cleaner

Anytime you uninstall a program, you also need to use Windows explorer to access Computer> Local Drive(C)> Programs> find the program folder and do a Right Click> Delete.
======================================
Please download OTMovit by Old Timer and save to your desktop

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Documents and Settings\Johnny\Local Settings\Temp\11.tmp 
  C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\CXM7233S\cn_download[1].htm 
  C:\downloads\Euse Registry repair\AdvancedPCTweaker_Setup.exe
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
--------------------------------
Report of the HTML/ScrInject.B.Gen virus is a False Positive and should have been fixed by now. But since it came up on temporry internet files, we'll go ahead and remove it.
===============================================
The system is looking pretty good at this point- let me know how it's running when you finish the above.
==============================================
If the IE8 problems continue, visit THIS page and read through the affected changes in resetting IE8. If you are comfortable with this, scroll down about half way and click on To reset Internet Explorer 8 manually. and follow.