Inactive PC Sluggishness

D

davidstl

Posts: 94   +0
Dear TechSpot, I just bought a new "used"/"refurbished" computer about two months ago and it already seems slower than when new. I run the premium version of Norton 360, and the premium version of SuperAntiSpyware Professional. So I have some good protection there. However, I wonder if these programs are the cause of my PC sluggishness or do I have a virus they don't identify on my system? 60 days ago the computer would complete a scan in just over 5 minutes, now scans take between 25-40 minutes to complete. - And twice as long if run in Safe Mode -
I receive between 2 and 6 calls to my home phone always from different fax machines which beep & screech in my ear and twice as many porn and viagra/cialis emails which simply annoy.
I'd hate to have my new computer infected already.
So, please help, I am interested in your thoughts. Thanks.
 
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Okay. I have studied the page on the 8 steps for Malware and Virus Removal and I have updated, downloaded, and run the appropriate scans. I am attaching my scan logs here too. I am a PC novice, so thanks for your help.
 

Attachments

  • mbam-log-2011-01-22 (12-55-16).txt
    1 KB · Views: 2
  • GERMlog1.22.2011.log
    858 bytes · Views: 2
  • Attach.txt
    13.1 KB · Views: 2
  • DDS.txt
    15.7 KB · Views: 2
David, did you miss the post that says the logs must be pasted in- attached logs will not be reviewed?

OK to leave GMER and Mbam as is, but please paste in the 2 DDS logs.. You can use multiple posts if needed- just keep all in this thread. It's too time consuming for helpers to have to copy and paste an entry if identification or information is needed. When the logs are pasted in, we can search directly from the browser.
===================================
The please run the 2 following scans- paste the logs into next reply along with the 2 DDS logs:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
DDS - Notepad (2 of 2)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2010 5:15:43 PM
System Uptime: 1/24/2011 9:24:14 AM (2 hours ago)

Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 62.999 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP16: 11/4/2010 1:51:21 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP17: 11/4/2010 1:51:27 PM - Installed AVG 2011
RP18: 11/4/2010 1:52:33 PM - Removed AVG Free 9.0
RP19: 11/4/2010 3:10:48 PM - Installed AVG 2011
RP20: 11/4/2010 3:44:58 PM - Removed AVG 2011
RP21: 11/5/2010 10:52:35 AM - Removed AVG 2011
RP22: 11/6/2010 11:16:28 AM - System Checkpoint
RP23: 11/7/2010 10:40:15 AM - System Checkpoint
RP24: 11/8/2010 11:13:19 AM - System Checkpoint
RP25: 11/9/2010 12:40:10 PM - System Checkpoint
RP26: 11/10/2010 1:04:16 PM - System Checkpoint
RP27: 11/11/2010 1:24:30 PM - System Checkpoint
RP28: 11/12/2010 2:28:10 PM - System Checkpoint
RP29: 11/13/2010 3:04:12 PM - System Checkpoint
RP30: 11/14/2010 3:12:24 PM - System Checkpoint
RP31: 11/15/2010 3:40:09 PM - System Checkpoint
RP32: 11/16/2010 4:04:13 PM - System Checkpoint
RP33: 11/17/2010 5:40:09 PM - System Checkpoint
RP34: 11/19/2010 7:39:34 AM - System Checkpoint
RP35: 11/20/2010 7:40:11 AM - System Checkpoint
RP36: 11/21/2010 8:04:08 AM - System Checkpoint
RP37: 11/22/2010 9:28:07 AM - System Checkpoint
RP38: 11/23/2010 10:04:07 AM - System Checkpoint
RP39: 11/24/2010 7:05:45 AM - Removed AVG 2011
RP40: 11/24/2010 8:42:17 AM - Removed AVG 2011
RP41: 11/25/2010 9:04:22 AM - System Checkpoint
RP42: 11/26/2010 10:04:13 AM - System Checkpoint
RP43: 11/26/2010 4:42:04 PM - Software Distribution Service 3.0
RP44: 11/26/2010 6:04:06 PM - Installed Java(TM) 6 Update 22
RP45: 11/26/2010 7:20:59 PM - Installed Myst Masterpiece Edition
RP46: 11/29/2010 10:26:27 AM - System Checkpoint
RP47: 11/30/2010 3:57:01 PM - System Checkpoint
RP48: 12/2/2010 7:55:07 PM - System Checkpoint
RP49: 12/2/2010 10:15:39 PM - Software Distribution Service 3.0
RP50: 12/2/2010 10:51:25 PM - Software Distribution Service 3.0
RP51: 12/5/2010 5:41:50 PM - System Checkpoint
RP52: 12/6/2010 6:03:54 PM - System Checkpoint
RP53: 12/7/2010 6:26:42 PM - System Checkpoint
RP54: 12/9/2010 5:45:41 PM - System Checkpoint
RP55: 12/11/2010 10:14:06 AM - Removed Myst Masterpiece Edition
RP56: 12/13/2010 3:09:10 PM - System Checkpoint
RP57: 12/14/2010 5:38:53 PM - System Checkpoint
RP58: 12/17/2010 11:33:36 PM - System Checkpoint
RP59: 12/19/2010 4:10:16 PM - System Checkpoint
RP60: 12/20/2010 4:25:33 PM - System Checkpoint
RP61: 12/22/2010 1:26:47 PM - System Checkpoint
RP62: 12/23/2010 2:33:04 PM - System Checkpoint
RP63: 12/24/2010 2:42:01 PM - System Checkpoint
RP64: 12/26/2010 11:13:17 AM - System Checkpoint
RP65: 12/27/2010 1:55:22 PM - System Checkpoint
RP66: 12/28/2010 2:26:13 PM - System Checkpoint
RP67: 12/28/2010 9:29:32 PM - Installed StockTicker v1.32
RP68: 12/30/2010 12:07:33 AM - System Checkpoint
RP69: 12/30/2010 5:25:43 PM - Software Distribution Service 3.0
RP70: 12/31/2010 6:16:47 PM - Removed StockTicker v1.32
RP71: 12/31/2010 6:53:04 PM - Software Distribution Service 3.0
RP72: 1/1/2011 10:56:06 PM - System Checkpoint
RP73: 1/3/2011 10:59:12 AM - System Checkpoint
RP74: 1/4/2011 3:34:58 PM - System Checkpoint
RP75: 1/5/2011 5:57:02 PM - System Checkpoint
RP76: 1/6/2011 8:58:32 PM - System Checkpoint
RP77: 1/8/2011 11:16:16 PM - System Checkpoint
RP78: 1/10/2011 4:39:42 PM - System Checkpoint
RP79: 1/11/2011 4:52:33 PM - System Checkpoint
RP80: 1/12/2011 4:53:26 PM - System Checkpoint
RP81: 1/13/2011 4:59:08 PM - Installed Adobe Reader X.
RP82: 1/13/2011 7:18:09 PM - Installed Java(TM) 6 Update 23
RP83: 1/13/2011 11:29:06 PM - Removed AVG 2011
RP84: 1/13/2011 11:30:44 PM - Removed AVG 2011
RP85: 1/14/2011 12:33:39 AM - Norton 360 Registry Clean
RP86: 1/14/2011 1:04:31 AM - Norton 360 Registry Clean
RP87: 1/14/2011 1:12:58 AM - Software Distribution Service 3.0
RP88: 1/14/2011 2:31:48 PM - Norton 360 Registry Clean
RP89: 1/15/2011 1:25:34 AM - Norton 360 Registry Clean
RP90: 1/16/2011 12:50:01 AM - Norton 360 Registry Clean
RP91: 1/16/2011 11:13:41 AM - Norton 360 Registry Clean
RP92: 1/16/2011 12:39:32 PM - Norton 360 Registry Clean
RP93: 1/16/2011 11:44:30 PM - Norton 360 Registry Clean
RP94: 1/18/2011 6:59:50 PM - System Checkpoint
RP95: 1/18/2011 9:30:06 PM - Norton 360 Registry Clean
RP96: 1/20/2011 2:57:39 PM - Norton 360 Registry Clean
RP97: 1/21/2011 3:36:47 PM - System Checkpoint
RP98: 1/22/2011 11:14:46 AM - Norton 360 Registry Clean
RP99: 1/23/2011 12:55:10 PM - System Checkpoint
RP100: 1/23/2011 10:49:11 PM - Installed Windows KB954550-v5.
RP101: 1/23/2011 10:49:23 PM - Printer Driver Microsoft XPS Document Writer Installed
RP102: 1/23/2011 10:56:50 PM - Printer Driver Microsoft XPS Document Writer Installed
RP103: 1/24/2011 12:51:36 AM - Installed Chipset Software Installer
RP104: 1/24/2011 12:52:33 AM - Installed Dell System Software
RP105: 1/24/2011 12:52:37 AM - Installed Desktop System Software
RP106: 1/24/2011 1:05:16 AM - Removed Broadcom Gigabit Integrated Controller
RP107: 1/24/2011 1:06:06 AM - Installed Broadcom ASF Management Applications
RP108: 1/24/2011 1:15:55 AM - Restore Operation
RP109: 1/24/2011 1:23:38 AM - Installed Chipset Software Installer
RP110: 1/24/2011 1:33:14 AM - Software Distribution Service 3.0
RP111: 1/24/2011 2:46:26 AM - Norton 360 Registry Clean

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
ATI AVIVO Codecs
ATI Catalyst Install Manager
Broadcom Gigabit Integrated Controller
CCleaner
CDisplay 1.8
Coupon Printer for Windows
Dell Driver Download Manager
Futuremark SystemInfo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Photo Creations
HP Update
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Nero 6 Ultra Edition
Norton 360
OpenOffice.org 3.1
PowerDVD
QuickTime
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SereneScreen Marine Aquarium Time
SoundMAX
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/21/2011 1:57:03 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 11:08:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2011 11:06:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/20/2011 1:54:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SRTSPX SymIRON SYMTDI Tcpip
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 10:18:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
1/18/2011 10:18:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 9:03:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================
 
DDS Attach - Notepad (1 of 2)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2010 5:15:43 PM
System Uptime: 1/24/2011 9:24:14 AM (2 hours ago)

Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 62.999 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP16: 11/4/2010 1:51:21 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP17: 11/4/2010 1:51:27 PM - Installed AVG 2011
RP18: 11/4/2010 1:52:33 PM - Removed AVG Free 9.0
RP19: 11/4/2010 3:10:48 PM - Installed AVG 2011
RP20: 11/4/2010 3:44:58 PM - Removed AVG 2011
RP21: 11/5/2010 10:52:35 AM - Removed AVG 2011
RP22: 11/6/2010 11:16:28 AM - System Checkpoint
RP23: 11/7/2010 10:40:15 AM - System Checkpoint
RP24: 11/8/2010 11:13:19 AM - System Checkpoint
RP25: 11/9/2010 12:40:10 PM - System Checkpoint
RP26: 11/10/2010 1:04:16 PM - System Checkpoint
RP27: 11/11/2010 1:24:30 PM - System Checkpoint
RP28: 11/12/2010 2:28:10 PM - System Checkpoint
RP29: 11/13/2010 3:04:12 PM - System Checkpoint
RP30: 11/14/2010 3:12:24 PM - System Checkpoint
RP31: 11/15/2010 3:40:09 PM - System Checkpoint
RP32: 11/16/2010 4:04:13 PM - System Checkpoint
RP33: 11/17/2010 5:40:09 PM - System Checkpoint
RP34: 11/19/2010 7:39:34 AM - System Checkpoint
RP35: 11/20/2010 7:40:11 AM - System Checkpoint
RP36: 11/21/2010 8:04:08 AM - System Checkpoint
RP37: 11/22/2010 9:28:07 AM - System Checkpoint
RP38: 11/23/2010 10:04:07 AM - System Checkpoint
RP39: 11/24/2010 7:05:45 AM - Removed AVG 2011
RP40: 11/24/2010 8:42:17 AM - Removed AVG 2011
RP41: 11/25/2010 9:04:22 AM - System Checkpoint
RP42: 11/26/2010 10:04:13 AM - System Checkpoint
RP43: 11/26/2010 4:42:04 PM - Software Distribution Service 3.0
RP44: 11/26/2010 6:04:06 PM - Installed Java(TM) 6 Update 22
RP45: 11/26/2010 7:20:59 PM - Installed Myst Masterpiece Edition
RP46: 11/29/2010 10:26:27 AM - System Checkpoint
RP47: 11/30/2010 3:57:01 PM - System Checkpoint
RP48: 12/2/2010 7:55:07 PM - System Checkpoint
RP49: 12/2/2010 10:15:39 PM - Software Distribution Service 3.0
RP50: 12/2/2010 10:51:25 PM - Software Distribution Service 3.0
RP51: 12/5/2010 5:41:50 PM - System Checkpoint
RP52: 12/6/2010 6:03:54 PM - System Checkpoint
RP53: 12/7/2010 6:26:42 PM - System Checkpoint
RP54: 12/9/2010 5:45:41 PM - System Checkpoint
RP55: 12/11/2010 10:14:06 AM - Removed Myst Masterpiece Edition
RP56: 12/13/2010 3:09:10 PM - System Checkpoint
RP57: 12/14/2010 5:38:53 PM - System Checkpoint
RP58: 12/17/2010 11:33:36 PM - System Checkpoint
RP59: 12/19/2010 4:10:16 PM - System Checkpoint
RP60: 12/20/2010 4:25:33 PM - System Checkpoint
RP61: 12/22/2010 1:26:47 PM - System Checkpoint
RP62: 12/23/2010 2:33:04 PM - System Checkpoint
RP63: 12/24/2010 2:42:01 PM - System Checkpoint
RP64: 12/26/2010 11:13:17 AM - System Checkpoint
RP65: 12/27/2010 1:55:22 PM - System Checkpoint
RP66: 12/28/2010 2:26:13 PM - System Checkpoint
RP67: 12/28/2010 9:29:32 PM - Installed StockTicker v1.32
RP68: 12/30/2010 12:07:33 AM - System Checkpoint
RP69: 12/30/2010 5:25:43 PM - Software Distribution Service 3.0
RP70: 12/31/2010 6:16:47 PM - Removed StockTicker v1.32
RP71: 12/31/2010 6:53:04 PM - Software Distribution Service 3.0
RP72: 1/1/2011 10:56:06 PM - System Checkpoint
RP73: 1/3/2011 10:59:12 AM - System Checkpoint
RP74: 1/4/2011 3:34:58 PM - System Checkpoint
RP75: 1/5/2011 5:57:02 PM - System Checkpoint
RP76: 1/6/2011 8:58:32 PM - System Checkpoint
RP77: 1/8/2011 11:16:16 PM - System Checkpoint
RP78: 1/10/2011 4:39:42 PM - System Checkpoint
RP79: 1/11/2011 4:52:33 PM - System Checkpoint
RP80: 1/12/2011 4:53:26 PM - System Checkpoint
RP81: 1/13/2011 4:59:08 PM - Installed Adobe Reader X.
RP82: 1/13/2011 7:18:09 PM - Installed Java(TM) 6 Update 23
RP83: 1/13/2011 11:29:06 PM - Removed AVG 2011
RP84: 1/13/2011 11:30:44 PM - Removed AVG 2011
RP85: 1/14/2011 12:33:39 AM - Norton 360 Registry Clean
RP86: 1/14/2011 1:04:31 AM - Norton 360 Registry Clean
RP87: 1/14/2011 1:12:58 AM - Software Distribution Service 3.0
RP88: 1/14/2011 2:31:48 PM - Norton 360 Registry Clean
RP89: 1/15/2011 1:25:34 AM - Norton 360 Registry Clean
RP90: 1/16/2011 12:50:01 AM - Norton 360 Registry Clean
RP91: 1/16/2011 11:13:41 AM - Norton 360 Registry Clean
RP92: 1/16/2011 12:39:32 PM - Norton 360 Registry Clean
RP93: 1/16/2011 11:44:30 PM - Norton 360 Registry Clean
RP94: 1/18/2011 6:59:50 PM - System Checkpoint
RP95: 1/18/2011 9:30:06 PM - Norton 360 Registry Clean
RP96: 1/20/2011 2:57:39 PM - Norton 360 Registry Clean
RP97: 1/21/2011 3:36:47 PM - System Checkpoint
RP98: 1/22/2011 11:14:46 AM - Norton 360 Registry Clean
RP99: 1/23/2011 12:55:10 PM - System Checkpoint
RP100: 1/23/2011 10:49:11 PM - Installed Windows KB954550-v5.
RP101: 1/23/2011 10:49:23 PM - Printer Driver Microsoft XPS Document Writer Installed
RP102: 1/23/2011 10:56:50 PM - Printer Driver Microsoft XPS Document Writer Installed
RP103: 1/24/2011 12:51:36 AM - Installed Chipset Software Installer
RP104: 1/24/2011 12:52:33 AM - Installed Dell System Software
RP105: 1/24/2011 12:52:37 AM - Installed Desktop System Software
RP106: 1/24/2011 1:05:16 AM - Removed Broadcom Gigabit Integrated Controller
RP107: 1/24/2011 1:06:06 AM - Installed Broadcom ASF Management Applications
RP108: 1/24/2011 1:15:55 AM - Restore Operation
RP109: 1/24/2011 1:23:38 AM - Installed Chipset Software Installer
RP110: 1/24/2011 1:33:14 AM - Software Distribution Service 3.0
RP111: 1/24/2011 2:46:26 AM - Norton 360 Registry Clean

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
ATI AVIVO Codecs
ATI Catalyst Install Manager
Broadcom Gigabit Integrated Controller
CCleaner
CDisplay 1.8
Coupon Printer for Windows
Dell Driver Download Manager
Futuremark SystemInfo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Photo Creations
HP Update
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Nero 6 Ultra Edition
Norton 360
OpenOffice.org 3.1
PowerDVD
QuickTime
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SereneScreen Marine Aquarium Time
SoundMAX
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/21/2011 1:57:03 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 11:08:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2011 11:06:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/20/2011 1:54:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SRTSPX SymIRON SYMTDI Tcpip
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 1:54:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 10:18:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
1/18/2011 10:18:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 9:03:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================
 
PC Slugishness DDS Files

Okay, I have copy & pasted the two DDS files which I incorrectly attached last time. I hope I did it right this time.

I am going ahead and downloading and running the two new programs you suggested: ESET and ComboFix.
I will get back to you with those results. And thanks for your help. I am a novice at this business of computers.
 
ComboFix log

omboFix 11-01-23.07 - Administrator 01/24/2011 11:56:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3011 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\program files\Broadcom
2011-01-24 06:44 . 2011-01-24 06:44 0 ----a-w- c:\windows\invcol.tmp
2011-01-24 04:51 . 2011-01-24 07:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2011-01-24 04:50 . 2011-01-24 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\MSBuild
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-24 04:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- C:\af22e6bd792b09d33bb2c3bdf2addce7
2011-01-24 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-24 04:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-24 02:57 . 2011-01-24 02:57 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\ATI
2011-01-21 00:10 . 2011-01-21 00:10 -------- d-----w- c:\program files\ATI Technologies
2011-01-21 00:09 . 2011-01-21 00:09 -------- d-----w- C:\ATI
2011-01-20 22:11 . 2010-07-21 11:30 101904 ----a-r- c:\windows\system32\drivers\AtihdXP3.sys
2011-01-20 22:10 . 2011-01-20 22:10 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-20 22:10 . 2010-10-27 09:03 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-20 22:10 . 2010-10-27 08:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-17 22:02 . 2011-01-17 22:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2011-01-17 21:54 . 2011-01-17 22:02 -------- d-----w- c:\program files\CDisplay
2011-01-16 06:45 . 2011-01-16 06:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-01-14 06:38 . 2011-01-14 06:38 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-01-14 05:22 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:22 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:22 . 2011-01-14 05:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:22 . 2011-01-14 05:22 -------- d-----w- c:\program files\Symantec
2011-01-14 05:22 . 2011-01-14 05:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:22 . 2011-01-14 05:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:21 . 2011-01-15 01:45 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Norton 360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 05:21 . 2011-01-14 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-14 05:20 . 2011-01-14 05:20 -------- d-----w- c:\program files\NortonInstaller
2011-01-13 23:00 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-13 22:59 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-13 22:56 . 2011-01-13 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-01-13 04:19 . 2011-01-13 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-13 04:18 . 2011-01-22 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-02 21:52 . 2011-01-02 21:52 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2011-01-01 00:16 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-01 00:09 . 2011-01-01 00:09 102400 ----a-w- c:\windows\RegBootClean.exe
2010-12-31 23:58 . 2010-12-31 23:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-30 23:43 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-30 23:42 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-30 23:42 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-30 23:42 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-30 23:39 . 2010-12-30 23:42 -------- dc-h--w- c:\windows\ie8
2010-12-30 23:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-30 23:22 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-30 23:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-30 23:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-30 23:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-29 20:32 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-29 20:31 . 2010-12-29 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\windows\Cache
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\Coupons
2010-12-29 20:30 . 2010-12-29 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2010-12-29 20:30 . 2010-06-14 20:14 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
2010-12-29 20:30 . 2010-06-14 20:14 232296 ----a-w- c:\windows\system32\hpinksts8711.dll
2010-12-29 20:30 . 2010-06-14 20:14 264552 ----a-w- c:\windows\system32\hpinksts8711LM.dll
2010-12-29 20:30 . 2010-06-14 20:14 213352 ----a-w- c:\windows\system32\hpinkcoi8711.dll
2010-12-29 20:27 . 2010-12-29 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-12-29 20:27 . 2010-12-29 20:30 -------- d-----w- c:\program files\HP
2010-12-29 19:44 . 2010-12-29 21:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-12-29 05:30 . 2010-12-29 05:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-12-26 06:40 . 2010-12-26 06:41 -------- d-----w- c:\program files\Common Files\Motive
2010-12-26 06:40 . 2010-12-26 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-22 19:10 . 2010-11-27 01:25 1409 ----a-w- c:\windows\QTFont.for
2011-01-14 07:21 . 2004-08-04 12:00 10752 ----a-w- c:\windows\hh.exe
2010-11-27 20:47 . 2010-11-27 20:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2010-04-07 22:11 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:53 . 2010-11-27 00:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 22:34 . 2010-04-07 22:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2010-11-06 00:34 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 09:55 . 2010-12-03 04:45 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 09:17 . 2010-08-26 02:01 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 09:10 . 2010-08-26 02:12 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 09:10 . 2010-08-26 02:11 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 09:09 . 2010-08-26 02:10 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 08:51 . 2008-04-14 00:11 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 08:49 . 2008-04-14 00:11 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 08:48 . 2010-08-26 01:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 08:36 . 2008-04-14 00:11 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 08:30 . 2010-08-26 01:39 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 08:30 . 2010-08-26 01:39 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 08:30 . 2010-08-26 01:38 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 08:30 . 2010-08-26 01:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 08:30 . 2010-08-26 01:38 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 08:28 . 2010-08-26 01:37 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 08:27 . 2010-08-26 01:35 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 08:26 . 2010-08-26 01:34 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 08:22 . 2010-08-26 01:30 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 08:20 . 2010-08-26 01:29 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 08:20 . 2010-08-26 01:22 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 08:20 . 2010-08-26 01:22 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 08:20 . 2010-08-26 01:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 08:19 . 2010-08-26 01:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 08:14 . 2008-04-14 00:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2003-12-25 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-01-24 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/14/2011 10:14 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/14/2011 10:14 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/18/2011 9:12 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/14/2011 10:14 AM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/14/2011 10:14 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [1/14/2011 10:14 AM 126392]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/20/2011 4:11 PM 101904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:46 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110120.001\IDSXpx86.sys [1/22/2011 10:57 AM 341944]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [1/23/2011 8:57 PM 129440]
.
Contents of the 'Scheduled Tasks' folder

2011-01-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 22:07]

2011-01-24 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 22:07]

2011-01-23 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 22:07]

2011-01-23 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 12:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,82,2c,b4,0e,ee,47,49,a0,8d,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,82,2c,b4,0e,ee,47,49,a0,8d,fd,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-01-24 12:02:39
ComboFix-quarantined-files.txt 2011-01-24 18:02

Pre-Run: 67,560,173,568 bytes free
Post-Run: 67,517,628,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E0344FB7C0AD15C98A422B86AD3CCD18
 

Attachments

  • logComboFix.txt
    21.8 KB · Views: 1
Okay, I finished the ComboFix. Now let me run the ESET scan. I will get back to you as soon as the scan completes. Thanks.
 
ESET scan results

Okay, I just finished the ESET online scan. It said it found no infections.

'infections found: 0'

I did not receive a pop-up with a scan log. I hope that's a good sign.
I will wait to here your analysis. And thank you. TechSpot has always been a great place for help; and I mention the website favorably to people in both my business and personal life.
 
Good Morning! Feel asleep watching 'Being Human' last night- started this, took a break, then snoozeland!

Questions:
1. AVG 2011> I noticed numerous Restore Points for RP AVG 2011Removed Are you having a problem uninstalling this? Did you use the removal tool: AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:
  • AVG user settings will be removed.
  • Virus Vault contents will be removed.
  • All other items related to AVG installation and use will be removed.
  • You will be asked during the removal procedure to restart your computer. Please do so.
  • Make sure there is no open work in process prior toto launching AVG Remover.
Use the appropriate download for your system for the AVG Remover:
AVG Remover:32bit
AVG Remover:64bit
http://www.avg.com/us-en/download-tools

2. Norton 360 Registry Clean.> there are also numerous entries in the restore points for this function. Please disable the Registry Cleaner while I'm helping you and it can interfere with the scans and the help.

3. Restore Operation> Restore Points show this done 1/24/2011 1:15:55 AM. The original scans, the ones you attached, are dated 1/22/2011. The logs you then posted are dated 1/24/2011. What I need to know is at what point was the Restore done? Did you run new scans?
===============================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\TEMP\cpuz135\cpuz135_x32.sys 
FileLook::
windows\invcol.tmp
RegLock::
[HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

AtJob::
File::
c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe 
c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe 
c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
Extra::
File::  
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-: - Profile -  c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\

Driver::
cpuz135 
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Note: The files under AtJob in the Combofix script for> c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe described on the HP site as: the HP Deskjet 1000 J110 series Product Improvement Study is developed by Hewlett-Packard They are regularly using the ysatm resourcs to run and access the internet with whatever information they think they need from your system.

Please check the Extensions under Firefox and make sure th only version there is v6u23. Also check Add/Remove Programs in the Control Panel. If there is any Java version except v6u23, please uninstall it. You have the current version installed.
=======================
Please run the following so I can see if there are any bad entries remining:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Regarding these problems:
I receive between 2 and 6 calls to my home phone always from different fax machines which beep & screech in my ear and twice as many porn and viagra/cialis emails which simply annoy. I'd hate to have my new computer infected already.
Click to expand...

First, a new computer is vulnerable the first time it connect to the internet. Whether it is for email or opening the browser to surf, malware is out there. If the system isn't properly protected or if you do not practice sf habits, the system is vulnerable.

If you are using a web-based email, you will have to reply on whatever protection the provider offers in addition to your own practices.
The phone calls are not something we deal with here.
 
Dear Bobbye, Okay, I will download and run the next batch of scans you have asked for.

Concerning AVG: I had no problem with the uninstall of AVG 2011. Your mention is the first time it has come to my attention. What should i do?

Concerning the restore points: There should only be one real System Restore -the one around 1:00am- I had to do a system restore. I went to Dell.com to update my system drivers and one of their downloads uninstalled the Broadband Gigabit Controller from my computer. I was unable to connect to the internet after that. So I did a complete System Restore from my control panel options. Which fixed things. Norton had nothing to do with the restore as far as I know.

Concerning spam & phone calls: I already received 3 calls from a fax machine today and received half a dozen spam emails. But thanks for addressing the issue. I can always change my number and get a paid email account with better security.

Concerning HP: I have a HP 2050 J510 series printer/scanner and a HP DVD 1270i LightScribe burner on my PC. I will remove or delete the HP entries you raised issue with, if you think it is a good idea. As long as you think it will not cause any of my HP hardware to have conflicts after.

I will return with the results on the fresh scans and logs. Thanks again for your help. I couldn't do it without you. Thanks.
 
The AVG 32bit removal tool did not ask me to restart my computer. In fact I received no info-box or any thing come onscreen to let me know if the tool worked or not. Do you think the tool worked properly?
 
HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:50 PM, on 1/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290811087390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290811078171
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 6154 bytes
 

Attachments

  • hijackthis.log
    6 KB · Views: 0
fresh ComboFix.txt log

ComboFix 11-01-25.01 - Administrator 01/25/2011 21:43:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3031 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}"
"c:\windows\TEMP\cpuz135\cpuz135_x32.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ135
-------\Service_cpuz135


((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 23:17 . 2011-01-25 23:23 -------- d-----w- c:\program files\Nero
2011-01-25 23:16 . 2011-01-25 23:26 -------- d-----w- c:\program files\Common Files\Nero
2011-01-25 23:16 . 2011-01-25 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-01-25 23:15 . 2011-01-25 23:15 -------- d-----w- c:\program files\Common Files\LightScribe
2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\program files\Broadcom
2011-01-24 06:44 . 2011-01-24 06:44 0 ----a-w- c:\windows\invcol.tmp
2011-01-24 04:51 . 2011-01-24 07:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2011-01-24 04:50 . 2011-01-24 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\MSBuild
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-24 04:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- C:\af22e6bd792b09d33bb2c3bdf2addce7
2011-01-24 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-24 04:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-24 02:57 . 2011-01-24 02:57 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\ATI
2011-01-21 00:10 . 2011-01-21 00:10 -------- d-----w- c:\program files\ATI Technologies
2011-01-21 00:09 . 2011-01-21 00:09 -------- d-----w- C:\ATI
2011-01-20 22:11 . 2010-07-21 11:30 101904 ----a-r- c:\windows\system32\drivers\AtihdXP3.sys
2011-01-20 22:10 . 2011-01-20 22:10 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-20 22:10 . 2010-10-27 09:03 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-20 22:10 . 2010-10-27 08:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-17 22:02 . 2011-01-17 22:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2011-01-17 21:54 . 2011-01-17 22:02 -------- d-----w- c:\program files\CDisplay
2011-01-16 06:45 . 2011-01-16 06:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-01-14 06:38 . 2011-01-14 06:38 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-01-14 05:22 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:22 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:22 . 2011-01-14 05:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:22 . 2011-01-14 05:22 -------- d-----w- c:\program files\Symantec
2011-01-14 05:22 . 2011-01-14 05:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:22 . 2011-01-14 05:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:21 . 2011-01-15 01:45 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Norton 360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 05:21 . 2011-01-14 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-14 05:20 . 2011-01-14 05:20 -------- d-----w- c:\program files\NortonInstaller
2011-01-13 23:00 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-13 22:59 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-13 22:56 . 2011-01-13 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-01-13 04:19 . 2011-01-13 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-13 04:18 . 2011-01-22 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-02 21:52 . 2011-01-02 21:52 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2011-01-01 00:16 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-01 00:09 . 2011-01-01 00:09 102400 ----a-w- c:\windows\RegBootClean.exe
2010-12-31 23:58 . 2010-12-31 23:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-30 23:43 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-30 23:42 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-30 23:42 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-30 23:42 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-30 23:39 . 2010-12-30 23:42 -------- dc-h--w- c:\windows\ie8
2010-12-30 23:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-30 23:22 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-30 23:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-30 23:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-30 23:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-29 20:32 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-29 20:31 . 2010-12-29 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\windows\Cache
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\Coupons
2010-12-29 20:30 . 2010-12-29 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2010-12-29 20:30 . 2010-06-14 20:14 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
2010-12-29 20:30 . 2010-06-14 20:14 232296 ----a-w- c:\windows\system32\hpinksts8711.dll
2010-12-29 20:30 . 2010-06-14 20:14 264552 ----a-w- c:\windows\system32\hpinksts8711LM.dll
2010-12-29 20:30 . 2010-06-14 20:14 213352 ----a-w- c:\windows\system32\hpinkcoi8711.dll
2010-12-29 20:27 . 2010-12-29 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-12-29 20:27 . 2010-12-29 20:30 -------- d-----w- c:\program files\HP
2010-12-29 19:44 . 2010-12-29 21:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-12-29 05:30 . 2010-12-29 05:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-22 19:10 . 2010-11-27 01:25 1409 ----a-w- c:\windows\QTFont.for
2011-01-14 07:21 . 2004-08-04 12:00 10752 ----a-w- c:\windows\hh.exe
2010-11-27 20:47 . 2010-11-27 20:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2010-04-07 22:11 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:53 . 2010-11-27 00:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 22:34 . 2010-04-07 22:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2010-11-06 00:34 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-24_18.00.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 23:15 . 2011-01-25 23:15 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2011-01-26 03:50 . 2011-01-26 03:50 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2011-01-26 03:49 . 2011-01-26 03:49 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2003-04-18 22:29 . 2003-04-18 22:29 82432 c:\windows\system32\msxml4r.dll
+ 2011-01-25 23:23 . 2011-01-25 23:23 28160 c:\windows\Installer\111bbb.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 38400 c:\windows\Installer\111bb1.msi
+ 2011-01-25 23:16 . 2011-01-25 23:16 45056 c:\windows\Installer\111b71.msi
+ 2011-01-25 23:15 . 2011-01-25 23:15 32256 c:\windows\Installer\111b62.msi
+ 2006-03-17 21:49 . 2006-03-17 21:49 368640 c:\windows\system32\twnlib4.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 802816 c:\windows\system32\imagXRA7.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 258048 c:\windows\system32\imagXR7.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 497296 c:\windows\system32\imagXpr7.dll
+ 2011-01-25 23:15 . 2011-01-25 23:15 106496 c:\windows\Installer\111b59.msi
+ 2011-01-25 23:15 . 2011-01-25 23:15 131072 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 323584 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 339968 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\NewShortcut1_FE82206EF6124B479F4EDD27A1E056A4.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 323584 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 131072 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\LightScribeWebsite_9607541794D946E89D5752F753E35CC4.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 281894 c:\windows\Installer\{3744B641-61DE-417F-BCDC-9CCED4224DF8}\ARPPRODUCTICON.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2003-04-18 22:46 . 2003-04-18 22:46 1233920 c:\windows\system32\msxml4.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 1757184 c:\windows\system32\imagX7.dll
+ 2011-01-25 23:16 . 2006-03-31 18:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2011-01-25 23:26 . 2011-01-25 23:26 4157952 c:\windows\Installer\111bde.msi
+ 2011-01-25 23:26 . 2011-01-25 23:26 3658752 c:\windows\Installer\111bd9.msi
+ 2011-01-25 23:25 . 2011-01-25 23:25 3663360 c:\windows\Installer\111bd4.msi
+ 2011-01-25 23:25 . 2011-01-25 23:25 3662848 c:\windows\Installer\111bcf.msi
+ 2011-01-25 23:24 . 2011-01-25 23:24 3663872 c:\windows\Installer\111bca.msi
+ 2011-01-25 23:24 . 2011-01-25 23:24 3663360 c:\windows\Installer\111bc5.msi
+ 2011-01-25 23:23 . 2011-01-25 23:23 3654656 c:\windows\Installer\111bc0.msi
+ 2011-01-25 23:23 . 2011-01-25 23:23 3654656 c:\windows\Installer\111bb6.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 3655680 c:\windows\Installer\111bac.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 3655168 c:\windows\Installer\111ba7.msi
+ 2011-01-25 23:21 . 2011-01-25 23:21 3654144 c:\windows\Installer\111ba2.msi
+ 2011-01-25 23:21 . 2011-01-25 23:21 3654144 c:\windows\Installer\111b9d.msi
+ 2011-01-25 23:20 . 2011-01-25 23:20 3702272 c:\windows\Installer\111b98.msi
+ 2011-01-25 23:19 . 2011-01-25 23:19 3831296 c:\windows\Installer\111b93.msi
+ 2011-01-25 23:19 . 2011-01-25 23:19 3707904 c:\windows\Installer\111b87.msi
+ 2011-01-25 23:18 . 2011-01-25 23:18 3675136 c:\windows\Installer\111b7b.msi
+ 2011-01-25 23:17 . 2011-01-25 23:17 3728896 c:\windows\Installer\111b76.msi
+ 2011-01-25 23:15 . 2011-01-25 23:15 2323456 c:\windows\Installer\111b68.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2003-12-25 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-01-24 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/14/2011 10:14 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/14/2011 10:14 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/18/2011 9:12 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/14/2011 10:14 AM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/14/2011 10:14 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [1/14/2011 10:14 AM 126392]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/20/2011 4:11 PM 101904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:46 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110120.001\IDSXpx86.sys [1/22/2011 10:57 AM 341944]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [1/23/2011 8:57 PM 129440]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 17:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-25 21:53:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-26 03:53
ComboFix2.txt 2011-01-24 18:02

Pre-Run: 66,472,484,864 bytes free
Post-Run: 66,381,631,488 bytes free

- - End Of File - - 3FA1A46E992254D8B4F46C5DE42666DB
 
Okay, I have posted the fresh logs you needed to look over. I will wait patiently for your analysis. Thanks again.
 
Okay, I need to remove a few files:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\RegBootClean.exe
c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
c:\windows\system32\hpinksts8711.dll
c:\windows\system32\hpinksts8711LM.dll
c:\windows\system32\hpinkcoi8711.dll

Folder::
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\Administrator\Application Data\HpUpdate
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please open Firefox> Tools> Addons> remove outdated Java v6u16 and v6u22
=======================
Please repeat the Eset scan. Be sure to disable your AV when it scans. It should produce a log.
=======================
The only reason I mentioned AVG was because of all these restore points for removal:
RP17: 11/4/2010 1:51:27 PM - Installed AVG 2011
RP18: 11/4/2010 1:52:33 PM - Removed AVG Free 9.0
RP19: 11/4/2010 3:10:48 PM - Installed AVG 2011
RP20: 11/4/2010 3:44:58 PM - Removed AVG 2011
RP21: 11/5/2010 10:52:35 AM - Removed AVG 2011
RP39: 11/24/2010 7:05:45 AM - Removed AVG 2011
RP40: 11/24/2010 8:42:17 AM - Removed AVG 2011
RP83: 1/13/2011 11:29:06 PM - Removed AVG 2011
RP84: 1/13/2011 11:30:44 PM - Removed AVG 2011
 
C:/ComboFix.txt

ComboFix 11-01-27.04 - Administrator 01/27/2011 23:43:34.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3014 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll"
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll"
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll"
"c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL"
"c:\windows\RegBootClean.exe"
"c:\windows\system32\hpinkcoi8711.dll"
"c:\windows\system32\hpinksts8711.dll"
"c:\windows\system32\hpinksts8711LM.dll"
"c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\HpUpdate
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\windows\RegBootClean.exe
c:\windows\system32\hpinkcoi8711.dll
c:\windows\system32\hpinksts8711.dll
c:\windows\system32\hpinksts8711LM.dll
c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-26 06:04 . 2011-01-26 06:04 -------- d-----w- c:\program files\Common Files\LightScribe
2011-01-26 06:00 . 2011-01-26 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2011-01-26 04:04 . 2011-01-26 04:04 -------- d-----w- C:\HijackThis
2011-01-26 04:03 . 2011-01-26 04:03 -------- d-----w- C:\New Folder
2011-01-25 23:17 . 2011-01-25 23:23 -------- d-----w- c:\program files\Nero
2011-01-25 23:16 . 2011-01-25 23:26 -------- d-----w- c:\program files\Common Files\Nero
2011-01-25 23:16 . 2011-01-25 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 07:16 . 2011-01-24 07:16 -------- d-----w- c:\program files\Broadcom
2011-01-24 06:44 . 2011-01-24 06:44 0 ----a-w- c:\windows\invcol.tmp
2011-01-24 04:51 . 2011-01-24 07:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2011-01-24 04:50 . 2011-01-24 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\MSBuild
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-24 04:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-24 04:49 . 2011-01-24 04:49 -------- d-----w- C:\af22e6bd792b09d33bb2c3bdf2addce7
2011-01-24 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-24 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-24 04:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-24 02:57 . 2011-01-24 02:57 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-21 00:11 . 2011-01-21 00:11 -------- d-----w- c:\program files\ATI
2011-01-21 00:10 . 2011-01-21 00:10 -------- d-----w- c:\program files\ATI Technologies
2011-01-21 00:09 . 2011-01-21 00:09 -------- d-----w- C:\ATI
2011-01-20 22:11 . 2010-07-21 11:30 101904 ----a-r- c:\windows\system32\drivers\AtihdXP3.sys
2011-01-20 22:10 . 2011-01-20 22:10 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-20 22:10 . 2010-10-27 09:03 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-20 22:10 . 2010-10-27 08:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-17 22:02 . 2011-01-17 22:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2011-01-17 21:54 . 2011-01-17 22:02 -------- d-----w- c:\program files\CDisplay
2011-01-16 06:45 . 2011-01-16 06:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-01-14 06:38 . 2011-01-14 06:38 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-01-14 05:22 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:22 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:22 . 2011-01-14 05:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:22 . 2011-01-14 05:22 -------- d-----w- c:\program files\Symantec
2011-01-14 05:22 . 2011-01-14 05:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:22 . 2011-01-14 05:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:21 . 2011-01-15 01:45 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Norton 360
2011-01-14 05:21 . 2011-01-14 05:21 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 05:21 . 2011-01-14 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-14 05:20 . 2011-01-14 05:20 -------- d-----w- c:\program files\NortonInstaller
2011-01-13 23:00 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-13 22:59 . 2011-01-13 23:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-13 22:59 . 2011-01-13 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-13 04:19 . 2011-01-13 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-13 04:18 . 2011-01-22 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-02 21:52 . 2011-01-02 21:52 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2011-01-01 00:16 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-31 23:58 . 2010-12-31 23:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-30 23:51 . 2010-12-30 23:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-30 23:43 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-30 23:42 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-30 23:42 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-30 23:42 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-30 23:39 . 2010-12-30 23:42 -------- dc-h--w- c:\windows\ie8
2010-12-30 23:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-30 23:22 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-30 23:21 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-30 23:21 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-30 23:20 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-29 20:32 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-29 20:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-29 20:31 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-29 20:31 . 2010-12-29 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\HP Photo Creations
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\windows\Cache
2010-12-29 20:31 . 2010-12-29 20:31 -------- d-----w- c:\program files\Coupons
2010-12-29 20:27 . 2010-12-29 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-12-29 20:27 . 2010-12-29 20:30 -------- d-----w- c:\program files\HP
2010-12-29 19:44 . 2010-12-29 21:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-22 19:10 . 2010-11-27 01:25 1409 ----a-w- c:\windows\QTFont.for
2011-01-14 07:21 . 2004-08-04 12:00 10752 ----a-w- c:\windows\hh.exe
2010-11-27 20:47 . 2010-11-27 20:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2010-04-07 22:11 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:53 . 2010-11-27 00:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 22:34 . 2010-04-07 22:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2010-11-06 00:34 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-24_18.00.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 23:15 . 2011-01-25 23:15 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2011-01-28 05:50 . 2011-01-28 05:50 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2011-01-28 05:48 . 2011-01-28 05:48 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
+ 2003-04-18 22:29 . 2003-04-18 22:29 82432 c:\windows\system32\msxml4r.dll
+ 2011-01-25 23:23 . 2011-01-25 23:23 28160 c:\windows\Installer\111bbb.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 38400 c:\windows\Installer\111bb1.msi
+ 2011-01-25 23:16 . 2011-01-25 23:16 45056 c:\windows\Installer\111b71.msi
+ 2011-01-25 23:15 . 2011-01-25 23:15 32256 c:\windows\Installer\111b62.msi
+ 2006-03-17 21:49 . 2006-03-17 21:49 368640 c:\windows\system32\twnlib4.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 802816 c:\windows\system32\imagXRA7.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 258048 c:\windows\system32\imagXR7.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 497296 c:\windows\system32\imagXpr7.dll
+ 2011-01-25 23:15 . 2011-01-25 23:15 106496 c:\windows\Installer\111b59.msi
+ 2011-01-26 06:04 . 2011-01-26 06:04 131072 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe
+ 2011-01-26 06:04 . 2011-01-26 06:04 323584 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-01-26 06:04 . 2011-01-26 06:04 339968 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\NewShortcut1_FE82206EF6124B479F4EDD27A1E056A4.exe
+ 2011-01-26 06:04 . 2011-01-26 06:04 323584 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-01-26 06:04 . 2011-01-26 06:04 131072 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\LightScribeWebsite_9607541794D946E89D5752F753E35CC4.exe
+ 2011-01-26 06:04 . 2011-01-26 06:04 281894 c:\windows\Installer\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}\ARPPRODUCTICON.exe
+ 2011-01-25 23:15 . 2011-01-25 23:15 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2003-04-18 22:46 . 2003-04-18 22:46 1233920 c:\windows\system32\msxml4.dll
+ 2008-07-04 16:23 . 2008-07-04 16:23 1757184 c:\windows\system32\imagX7.dll
+ 2011-01-25 23:16 . 2006-03-31 18:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2011-01-26 06:04 . 2011-01-26 06:04 2329088 c:\windows\Installer\7b4fd1.msi
+ 2011-01-25 23:26 . 2011-01-25 23:26 4157952 c:\windows\Installer\111bde.msi
+ 2011-01-25 23:26 . 2011-01-25 23:26 3658752 c:\windows\Installer\111bd9.msi
+ 2011-01-25 23:25 . 2011-01-25 23:25 3663360 c:\windows\Installer\111bd4.msi
+ 2011-01-25 23:25 . 2011-01-25 23:25 3662848 c:\windows\Installer\111bcf.msi
+ 2011-01-25 23:24 . 2011-01-25 23:24 3663872 c:\windows\Installer\111bca.msi
+ 2011-01-25 23:24 . 2011-01-25 23:24 3663360 c:\windows\Installer\111bc5.msi
+ 2011-01-25 23:23 . 2011-01-25 23:23 3654656 c:\windows\Installer\111bc0.msi
+ 2011-01-25 23:23 . 2011-01-25 23:23 3654656 c:\windows\Installer\111bb6.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 3655680 c:\windows\Installer\111bac.msi
+ 2011-01-25 23:22 . 2011-01-25 23:22 3655168 c:\windows\Installer\111ba7.msi
+ 2011-01-25 23:21 . 2011-01-25 23:21 3654144 c:\windows\Installer\111ba2.msi
+ 2011-01-25 23:21 . 2011-01-25 23:21 3654144 c:\windows\Installer\111b9d.msi
+ 2011-01-25 23:20 . 2011-01-25 23:20 3702272 c:\windows\Installer\111b98.msi
+ 2011-01-25 23:19 . 2011-01-25 23:19 3831296 c:\windows\Installer\111b93.msi
+ 2011-01-25 23:19 . 2011-01-25 23:19 3707904 c:\windows\Installer\111b87.msi
+ 2011-01-25 23:18 . 2011-01-25 23:18 3675136 c:\windows\Installer\111b7b.msi
+ 2011-01-25 23:17 . 2011-01-25 23:17 3728896 c:\windows\Installer\111b76.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2003-12-25 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-01-24 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/14/2011 10:14 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/14/2011 10:14 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/18/2011 9:12 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/14/2011 10:14 AM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/14/2011 10:14 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [1/14/2011 10:14 AM 126392]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/20/2011 4:11 PM 101904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:46 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110126.001\IDSXpx86.sys [1/26/2011 11:31 PM 341944]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [1/23/2011 8:57 PM 129440]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 20:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 23:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-27 23:53:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-28 05:53
ComboFix2.txt 2011-01-26 03:53
ComboFix3.txt 2011-01-24 18:02

Pre-Run: 66,304,442,368 bytes free
Post-Run: 66,289,266,688 bytes free

- - End Of File - - A0D982604550B199D3681610695019EA
 
Okay. I ran the new ComboFix and have posted the results. Thanks again. This is fun. I don't know too much about computers , and I learn a lot from you. So, Thanks.

What do you suggest i do concerning the AVG files? Or did the AVG Removal Tool already fix things in that arena?

Well, I look forward to your next post.
 
I titled this thread: PC Sluggishness. Just today, i received a spam email with the word 'sluggishness' in its title. Why and how is this? I think someone from Techspot is playing for the other side. I'm confused how do spam emails happen? This can't just be coincidence. I'm shaken.
 
What you experience in the 'sluggish' email is called Social Enginnering. It is the prime way malware writers gets users to open the email or click on their popups> by using a term, text or picture to manipulate people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques> trickery or deception for the purpose of information gathering, fraud, or computer system access.

"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.

And it gotcha, didn't it! Shook you up, made you think someone was reading over your shoulder! How? Bots roam the internet looking for word, phrases, anything that will get a users attention. Maybe one saw your thread and the word 'sluggish', sent word to it's site and sent email that got past your filter.

I put 'PC Sluggishness' in a Google Search> check the first site here:
http://www.google.com/search?hl=&q=...=navclient-ff&rlz=1B3GGLZ_en___US359&ie=UTF-8

Scary isn't it?! That's why we preach layered security, safe surfing habits and careful email handling. To help with this:
Tips for added security and safer browsing:
  1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
  2. Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
    IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
    Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
    [o]Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  3. Stay current on updates:
    [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
    [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
  4. Reset Cookies to prevent Tracking Cookies:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
  5. Do regular Maintenance
    Remove Temporary Internet Files regularly:
    [o]ATF Cleaner by Atribune
    OR
    [o]TFC
    Disable and Enable System Restore:
    [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
  6. Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
And use a Site Advisor:
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

If you want to link to another site from the page you're on o another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

Give it a try- http://www.mywot.com/en/download
===================================
Please reopen HijackThis to 'do system scan only.'. Check each of the following, if present:

C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rmctrl.exe (Cyberlink DVD)
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Close all Windows except HijackThis and click on "Fix Checked."

All of the above are legitimate enteries, but none need to be on Startup. They can be unchecked using msconfig

For the Java auto-updater: Uncheck jusched on Startup
For Java Quick Starter- not needed> Start> Run> type in services.msc> Disable jqs> Stop the Service
RemoteControl, NeroFilterCheck are for Cyberlink DVD & burning> Uncheck both on Startup.
Uncheck Reader_sl.exe on Startup. The Adobe reader doesn't need to run in the background
HP SoftwareUpdate doesn't need to update> uncheck it.
 
Dear BobBye, Thanks for holding me and making sure everything was alright...um...ah...I..owe you one?...
Anyway thanks. I thought HowardHopkins had gone to the darkside or some thing. And sold my email to Viagra eating porn addicts. Now I'm not saying that I don't eat Viagra and hey,hey! watch porn all day. I'm just saying that I'll order more pills when I'm out, and stop sending the spam emails like half written in Russian or Egyptian or what ever.

Okay I ran the HijackThis scan again and checked the box & hit 'Fix' on:
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

None of the other things you listed me to check were shown after in my scan results. Is that okay?

Concerning the programs you listed for me to work with in MSGCONFIG & SERVICES.MSC: I found no listing for the Java auto updater, RemoteControl, Reader_sl.exe, or HP SoftwareUpdate
I did see the NeroFilterCheck boxed checked...so I unchecked it and hit the 'Apply' button. I do use Nero to burn cds & dvds though. Will unchecking this box cause conflicts with Nero? Also, when i turn the computer on now I get a message box saying that I have made changes to the way windows starts. And that I am in Selective Start Mode. Is this Kosher? And what about the program items you had listed that I found NO entry for on my PC? Is everything coming along okay?

Thanks Bobbye for all of your great assistance. This is a lot of fun. What's next?
 
None of the other things you listed me to check were shown after in my scan results. Is that okay?
Click to expand...
Yes. That's why we say "if present."

About using msconfig: This should better inform you:
To remove entries from Startup using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
  • Click on Selective Startup
  • Choose the Startup tab:
    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
    Look for these entries:
    jusched.
    HPWuSchd2
    Expand as below to look for the Adobe reader_sl
    If you don't see them, that's okay.
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

You don't have to have a program start on boot to be able to use it. All you NEED on Startup is:
Antivirus program
Firewall if you have 3rd party firewall such as Comodo or Zone Alarm
Touchpad is using a laptop
Network process if using something like Network Magic.
Nothing else!
I have 6 checks on my laptop startup.

To access, use All Programs. To print, click on File> Print. I see most of these systems with every program and app they have loading on boot and running in the background. Then, like you, in addition to carrying all those startup using RAM, you surf a while, get temporary internet files, then get 'sluggish.' And the more you have starting, the longer it takes to load and the longer it takes to shut down.

You are coming along fine. You should be noticing better speed. Be sure to run TFC occasionally of get rid of the temporary internet files. Most of us take the internet personally at times. Don't- it will wear you out!.

When you're comfortable with the removals and cleaning, you can remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
Let me know if you have any more questions. I hope this has been a good learning experience for you.
 
Thanks Mr. Bobbye, I actually do notice my PC running faster. I have been wanting to mention that to you. My PC is running faster as a direct result of your assistance and tech support. If I had to guess, I would say maybe over 30% faster. My boot seems a little slow; but surfing, streaming television & movies, downloading, ripping & burning...all these applications load and perform faster now. So, thank you.


Okay, here is what runs in my System Configuration Utility under the StartUp tab:
igfxtray c:/windows/system32/igfxtray.exe
hkcmd c:/windows/system32/hkcmd.exe
igfxpers c:/windows/system32/igfxpers.exe
smax4pnp c:/programfiles/analogdevices/core/smax4pnp.exe
adobeARM c:/programfiles/commonfiles/adobe/ARM/1.0/adobeARM.exe
ctfmon c:/windows/system32/ctfmon.exe
steam c:/programfiles/steam/steam.exe -silent
nerocheck c:/windows/system32/nerocheck.exe
All of these have a green check next to them. Should I 'Uncheck' them all, or just some of them?

And finally, I will download the OTCleanIt by OldTimer and run the program as you suggested.
oh yeah, I will also set a new Restore Point and clear out all passed restore points. I studied up on Restore Points like you asked.
And yes, this has been a fun learning experience. Thanks.
 
Should I 'Uncheck' them all, or just some of them?
Click to expand...
All!

What they are:
  1. igfxtray.exe>>>Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets.
  2. igfxpers.exe>>> Associated with the Common User Interface module for Intel graphics cards. (actual name is 'persistence.)
  3. SMax4PNP.exe>>> SoundMax integrated sound. Only required if you have custom settings for your sound, such as effects and environments .
  4. AdobeARM.exe>>> Adobe Arm, otherwise known as Adobe Reader and Acrobat Manager, is an autoupdate utility.
  5. steam.exe>>> Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike,etc. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game.
  6. nerocheck.exe>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Keep in mind that malware can run using almost any process name. ergo> the fewer processes you have running, the easier to keep track of them and the better to use the system resources.

Also keep in mind that unchecking a process on Startup doesn''t remove the programs. If you mistakenly uncheck something you find you need, just go back and recheck it.

ctfmon.exe requires a bit more work to keep it from starting up. See the referenced site for instructions.
ctfmon.exe>>> CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled.
http://support.microsoft.com/default.aspx?scid=kb;en-us;282599
 

Similar threads

midian182
Apple unveils iPad Air M3 alongside updated Magic Keyboard and base $349 iPad
Replies
4
Views
204
psycros
psycros
A
Microsoft is making TypeScript 10x faster with native implementation in Go
Replies
1
Views
98
NumberNine
NumberNine
zohaibahd
PCIe 7.0 spec nearing completion, promising 16GB/s per lane bandwidth
Replies
5
Views
224
Mr Majestyk
M

Latest posts

Back