PDA

View Full Version : Computer has been gut-punched



loopdiloop
2010-08-21, 21:23
In the last two weeks, something happened that has caused my computer to become a slug! It can take more than an HOUR for it to fully boot up before I can even open files and forget about opening a webpage. I usually turn it on the night BEFORE i want to use it.

If I try to open a file (before any applications are opened) i get the message informing me that memory resources are low and it is trying to open virtual memory or increase size of paging file. I've deleted adobe thinking that active x was the problem, but that didn't help. Now i get a Just-in time debugging window that pops up and says "new instance of ms script editor" and asks if i want to debug. If i say no, the window just keeps popping up. If i say yes, it trys to debug and gets an error. Now i just minimize that window.

I've run spybot and McAfee scans and neither found issues.

Any help or suggestions is very much appreciated.

below please find my DDS file and zipped "attach.txt" file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 11:04:21.31 on Sat 08/21/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.57 [GMT -7:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common

files\mcafee\systemcore\ScriptSn.20100521224119.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common

files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://www.schaeffersresearch.com/download/CfxIEAx.cab
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://etrade.webex.com/client/T26L/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-25 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-25 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-4 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc

[2010-4-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-25

271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-25 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-25

141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-25 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-25 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-25 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-25 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-25 88480]
S3 ALABULKO;OLYMPUS USB Media Adapter device driver;c:\windows\system32\drivers\ALABLK2O.SYS [2002-11-9 34914]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-25 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-25 83496]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2005-3-22

72576]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-08-20 04:38:25 1409 ----a-w- c:\windows\QTFont.for
2010-08-20 04:38:24 54156 ---ha-w- c:\windows\QTFont.qfn

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-27 05:02:21 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10:44 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:10:44 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:10:44 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:10:44 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:10:44 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-06-24 12:10:44 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 11:06:47.07 ===============

shelf life
2010-08-28, 00:24
hi,

Your log is a few days old and make not be malware related. If you still need help, post back.

loopdiloop
2010-08-28, 08:07
Please, I've been waiting patiently for your guys help. Something is wrong with this machine. I've never had it slow down like this without it being malware.

Attached is my updated log and attached zip. I look forward to hearing your feedback. Thank you.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 21:53:58.32 on Fri 08/27/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.67 [GMT -7:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100521224119.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://www.schaeffersresearch.com/download/CfxIEAx.cab
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://etrade.webex.com/client/T26L/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-25 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-25 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-4 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-25 271480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-25 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-25 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-25 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-25 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-25 88480]
S3 ALABULKO;OLYMPUS USB Media Adapter device driver;c:\windows\system32\drivers\ALABLK2O.SYS [2002-11-9 34914]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-25 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-25 83496]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2005-3-22 72576]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-27 05:02:21 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10:44 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:10:44 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:10:44 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:10:44 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:10:44 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-06-24 12:10:44 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 21:56:28.28 ===============

shelf life
2010-08-28, 17:12
We will get a download to start with. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

With IE open go to tool>internet options and under the advanced tab look for these two options below and place a check mark in the box if there isnt one there already.

Browsing > Disable script debugging (Internet Explorer) and Browsing > Disable script debugging (other)
Click apply, ok and exit

loopdiloop
2010-08-29, 05:47
Thanks Shelf life

Below is my log from malwarebytes..looks like it found a few problems but I don't know if removing them made much difference. I fixed IE as you recommended too.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4495

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/28/2010 3:33:22 PM
mbam-log-2010-08-28 (15-33-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 235571
Time elapsed: 2 hour(s), 41 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhce4oj0e34j (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

shelf life
2010-08-29, 18:55
Not a lot there as far as malware goes. Are you having any signs (http://www.virusvault.us/signs.html)of malware?

loopdiloop
2010-08-30, 02:19
Not in the sense in terms of the list of "signs" of malware that you provided.
But historically, i had some malware that slowed down my computer dramatically. And if all of a sudden it goes from being fairly consistent to a slug, it seems the only logical answer is malware.

shelf life
2010-08-30, 04:09
As another check for malware we will use combofix. There is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Post the combofix log in your reply.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

loopdiloop
2010-09-01, 20:39
Please bear with me Shelf life. I tried this morning to run the combo fix but my machine was so slow and took so long to boot up, I gave up because i had to go to work. I will try it again this evening after leaving it on all day.

I have apparently been having problems with MacAfee being able to download some updates. I can't seem to get a hold of anyone at Macafee to find out what the problem is, but do you think that could have anything to do with the computer being soooo slowwww?

shelf life
2010-09-01, 23:46
ok, no problem. You can run combofix in safe mode. to reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: Safe mode. Log in to your usual account, once at the safe mode desktop run combofix.


MacAfee being able to download some updates........, but do you think that could have anything to do with the computer being soooo slowwww?

Yes its possible. Did you recently install it or any other software/
A simple test would be to uninstall Mcafee, reboot and see if things improve. You should make sure you have your license key in case its needed if you reinstall it.

If it turns out its the problem you can contact Mcafee support or simply install a free antivirus, which I can provide links to if needed.

loopdiloop
2010-09-02, 07:09
I did not install it recently, i've had it for some time. But recently it seemed to be having trouble downloading updates and finally gave me a message that i needed to contact customer support to resolve the download issue. ive tried contacting, but they don't make it easy. no 1-800 number and a lot of link clicking....i gave up until i could invest the time to find out how to reach someone. They don't even make it easy to send them an email.

i will try the combo fix although your comment is intriguing me as to whether i should uninstall macafee and see what happens??????

hmm

loopdiloop
2010-09-02, 09:04
Well, I ran combo fix first in safe mode, but i didn't know to run it with networking, so it didn't download the windows recovery console, but it ran the program anyway.

So the attached log is without the console. Please let me know if i should do more. when i rebooted, computer was still really, really slow.




ComboFix 10-09-01.02 - Chris 09/01/2010 21:38:37.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.102 [GMT -7:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SETDF.tmp
c:\program files\Internet Explorer\SETE0.tmp
c:\program files\Internet Explorer\SETE2.tmp
c:\windows\MailSwitch.ocx
c:\windows\system32\ie.ico
c:\windows\system32\open.ico

.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-28 18:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 18:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 18:14 . 2010-08-28 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 05:27 . 2010-08-28 05:27 -------- d-----w- c:\documents and settings\Chris\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 05:28 . 2010-08-28 05:29 300384 ----a-w- c:\documents and settings\Chris\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-08-28 05:28 . 2010-08-28 05:28 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-08-28 05:25 . 2009-04-05 03:57 -------- d-----w- c:\program files\McAfee
2010-08-28 05:25 . 2009-04-05 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-20 06:56 . 2003-11-15 17:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-15 06:38 . 2004-01-06 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-27 05:02 . 2009-03-16 16:25 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-06-30 12:31 . 2002-08-29 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2004-08-24 03:32 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2002-08-29 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-11-5 24576]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [4/25/2010 10:47 PM 82952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/4/2009 9:04 PM 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 10:47 PM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 10:47 PM 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/25/2010 10:48 PM 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/25/2010 10:48 PM 141792]
S3 ALABULKO;OLYMPUS USB Media Adapter device driver;c:\windows\SYSTEM32\DRIVERS\ALABLK2O.SYS [11/9/2002 10:00 AM 34914]
S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [4/25/2010 10:47 PM 55456]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [4/25/2010 10:47 PM 312616]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [4/25/2010 10:47 PM 88480]
S3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [4/25/2010 10:47 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [4/25/2010 10:47 PM 83496]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [3/22/2005 8:27 PM 72576]
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-svcWRSSSDK



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g?R??V??g?R??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ??????????g?????CY????????g?R??2???????????<???? @???X???X???????????????????Y?????F?Q?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3621805395-2029468314-3655602914-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2010-09-01 22:03:03
ComboFix-quarantined-files.txt 2010-09-02 05:02

Pre-Run: 29,975,162,880 bytes free
Post-Run: 30,012,710,912 bytes free

- - End Of File - - 4C35B9844EB0E6EEC6FA29EEC7E70753

shelf life
2010-09-03, 00:00
hi,

Not much in the combofix log as far as malware goes. Can you update malwarebytes ok? Let get another download to check for malware:

Please download: RootRepeal

http://ad13.geekstogo.com/RootRepeal.exe

Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check everything:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan

May take some time to complete.
When done click the Save Report button.
Save the report to your desktop
To Exit RootRepeal: click File>Exit
Post the report in your reply

See if this (http://service.mcafee.com/TechSupportHome.aspx?lc=1033&sg=TS) link is useful, thats assuming its not malware related. Some malware can prevent you from getting to certain websites and/or not let you update or install software.

loopdiloop
2010-09-03, 18:02
Shelf life

Attached please find a new log for updated malwarebytes and for root repeal.
Now that i've turned off Macafee (temporarily at least), the computer seems to be running ok. interesting.

That link you posted is the one I use, but you can't reach a live person easily to resolve the issue. It's really annoying.


RootRepeal:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/02 22:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2C06000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF9786000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF9792000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF903A000 Size: 105344 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF9081000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF1096000 Size: 49152 File Visible: No Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF2E04000 Size: 361600 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xF28D8000 Size: 83232 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==



New Malwarebytes log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4533

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/3/2010 12:33:07 AM
mbam-log-2010-09-03 (00-33-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 235839
Time elapsed: 1 hour(s), 36 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

shelf life
2010-09-04, 00:05
turned off Macafee (temporarily at least), the computer seems to be running ok

Ok good. you can attempt to contact Mcafee or just uninstall it and go with another AV, free or otherwise. Have you tried: McAfee Virtual Technician at that link to see if it could find any problems? That rootrepeal log looks ok. In any case you dont want to go to long without a resident updated antivirus on your machine.

loopdiloop
2010-09-04, 18:47
yes, i ran the virtual technician but it didn't seem to solve the problem. I will try contacting macafee directly again, but i am also thinking of just dumping it and maybe running avast or avg? which one do you recommend? this is an older machine.

Also, i do notice i still get the windows virtual memory warnings still where i am running out of memory even though there are no operations occuring.

do you think i am clear of any malware?

shelf life
2010-09-04, 21:24
this is an older machineIts a Pentium 4 @ 2.6Ghz, thats not that old. Do you know how much RAM you have installed on the machine?

If you right click on my computer icon and select properties, under the general tab it will say how much RAM you have installed.

Also we will do another scan with rootrepeal.
Open the rootrepeal icon, at the top click settings then options.
Click the Ssdt & Shadow Ssdt Tab.
Make sure the box next to "Only display hooked functions." is checked.
Click the "X" in the top right corner of the Settings window to close
Click the Report tab at the bottom.
Click the Scan button.
Check all the boxes
Click Ok
Check the box for your main drive (Usually C), and press Ok.
Once the scan completes, click on the Save Report button. Save the log to your desktop and post the log in your reply.

loopdiloop
2010-09-05, 05:17
shelf life -

It has 256 mb of RAM. I guess i mean older in that RAM is not much and total harddrive space is only 50GB compared to today's machines with 4GB of RAM and 500 GB harddrive.

I followed your instructions on the updated root repeal and below is the new log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/04 18:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF94B0000 Size: 63744 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2C27000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF97A8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF9790000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF2CDF000 Size: 455680 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF903A000 Size: 105344 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF9081000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF1929000 Size: 49152 File Visible: No Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF2E25000 Size: 361600 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xF28D1000 Size: 83232 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==

shelf life
2010-09-05, 14:46
XP should run ok on 256MB, but the more apps you have running the more bogged down it will get. Mcafee with all its services was probably a resource hog. Adding more memory is one of the easiest things you can do for performance. Have you ever defragged the hard drive?

If you right click on the my computer icon>properties>Advanced> under performance option>Settings>Advanced Tab>Virtual Memory>Change> click the System managed space if it isnt already checked, then click SET and ok out of the windows and reboot machine.

As for AV either of those free versions should be ok, download and install one and see how it runs if it tends to bog everything down, uninstall it reboot and try the other.

If you have alot of icons by the clock this means the app is running and using resources. right/left click on the icons and look for options or settings to have the software not start when windows does. For example iTunes dosnt have to be running, you can start it from the programs panel when you need it.

loopdiloop
2010-09-05, 21:53
Thanks Shelf Life

The only other icon running by the clock is MusicMatch Jukebox by Dell. I don't even use this as far as i know ( I use itunes)....so do you think i should delete the program?

I changed the virtual memory setting as you suggested.

Do you think the machine is pretty clean now of any viruses?

I may see how macafee continues to run and then if slow, will try AVAST or AVG or other if you recommend it.

shelf life
2010-09-06, 02:00
I didnt recognize any malware in the logs you posted. You can uninstall musicmatch via the add/remove programs panel if you dont use it. I was suggesting that having a lot of icons could tie up system resources. If all you see is the musicmatch icon then your good. You do want your antivirus running. You should get one installed if you havent yet. Do you have auto updates turned on for Windows or have you been to Winodws Update recently? Looks like your running IE 6.0.

loopdiloop
2010-09-06, 20:16
I've heard people say the best anti-virus is kapersky? Any thoughts?

For free antivirus, which do you prefer? I will likely dump Macafee on this machine for something that doesn't use so many resources.

Even as i am typing this, the system is stalling like something is running in the background and i turned off macafee's auto-download updates feature, so i have no idea what is doing to slow down my computer. Is there anyway to check to see what is running in the background that would be slowing down my browsing experience?

I know that i often get the windows updates so it must be turned on. I've been given the occasional notice to upgrade IE, but i was afraid a newer version would require even more resources to run. Your thoughts?

shelf life
2010-09-06, 21:45
I have never used Kapersky. I really dont have a opinion on which AV is best. Some might have 30 day trial versions that you could try out if you wanted to.

To see what might be running you can bring up task manager by hitting ctrl-alt-delete keys at once. Check under the Process list. Some of it will be normal Window processes that need to be running. you might recognize some others. You can post a screen shot of it or write it down and post it.

You can set IE back to its defaults which will disable any toolbars or plugins that may be installed.
With IE open tools>internet options>Advanced tab> look for a reset button to restore IE back to its default. Maybe be slightly different in version 6.0.

loopdiloop
2010-09-07, 07:28
Shelf life

Attached is a jpeg screenshot of my resources. Some of the major consumers look like they might be mcafee, but clearly others are explorer. Can you please look through the list and let me know if you see anything that strikes you as overly consumptive or unnecessary? Seems like explorer and macafee take up a lot of resources.

I will look into restoring IE to default. Do you think it would be a problem if i ran the newest version of IE? Essentially, is it better to be running the older version from a "resource protecting" perspective?

shelf life
2010-09-07, 23:27
I thought you had uninstalled Mcafee? If you did you shouldn't be seeing any of it in task manager. Explorer.exe is Windows Graphical interface. iexplore.exe is Internet explorer. The memory usage by each one dosnt seem excessive to me. Most of the others are Windows processes. Dosnt look like theres much of anything else.

I couldnt tell you if IE 8 would be lighter on resources or not, usually new versions just get more bloated with new releases so I would bet no it wouldnt be lighter on resources. Have you tried FireFox, Chrome or Opera browsers. you can have and use more than one browser
Have you ever defragged your hard drive?

You can get another check for malware online if you want:
ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

loopdiloop
2010-09-09, 09:27
Shelf life

I hadn't uninstalled McAfee just yet - I just turned off all its features while you were working with me through all the clean up programs. I turned the features back on the other day as I began to browse and check the system's speed.

After we're done, I will see which free and resource friendly AV appears best for this computer, download it and then uninstall McAfee.

I have never tried any of the other browsers you mentioned. Which one do you recommend and where could i find it? Will running two browsers slow down my machine though?

I don't believe i have defragged in a long, long, long, long time. And i am not sure how to do it.

Below is a copy of the ESET log, i don't believe it found any problems.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8f01b6e84a9db948b253693b8d03b100
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-09 05:44:34
# local_time=2010-09-08 10:44:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 3220917 13147984 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109347
# found=0
# cleaned=0
# scan_time=6444

shelf life
2010-09-09, 23:00
the ESET log cant look any better. You can get ATFCleaner, which you can keep and use occasionally. It will tidy things up some:

Please download ATFCleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

For a defrag go to start>programs>accessories>system tools>disk defragmenter.
In the main window chose your drive (usually C) and click the defragment button.

A Link for FireFox (http://www.mozilla.com/en-US/firefox/personal.html) version 3.6.9
download the .exe to your desktop, double click to install firefox. It will create a icon on your desktop. Once its installed you can delete the original .exe from your desktop. It can, during the install import your favorites from IE. Two browsers wont slow your machine down.

loopdiloop
2010-09-10, 00:14
Thank you for all your help Shelf life.

I assume ATF cleaner is sort of like CCleaner?

I guess i don't have any more questions - does that wrap up our session? I really do appreciate your assistance.

shelf life
2010-09-10, 04:41
Your Welcome. CCleaner has more features but it is similar in that it deletes temp files etc. You can keep both or one or the other if you want.
You can remove combofix like this;

start>run and type in combofix /uninstall
click ok or enter
note there is a space after the x and before the /

You can delete the the rootrepeal icon form your desktop.

Note the free version of malwarebyes must be updated manually and a scan started manually. It dosnt run in the background.

Some links to free AV:
Avast (http://www.avast.com/index)
AVG free version (http://free.avg.com/us-en/download-avg-anti-virus-free)
Avira (http://free-av.com/en/download/index.html)
PCtools AV (http://www.pctools.com/free-antivirus/)

Iam sure some of the paid AV's will have 30 day trial versions you could try if you wanted.

If you try another, download the file to your desktop. Before you install it uninstall your current AV via the add/remove programs panel reboot if prompted then double click the new AV file to start its install process.

I dont mind questions. As far as I can tell you are malware free. I can keep the thread open for a while if you want.

loopdiloop
2010-09-10, 21:30
Thank you Shelf life

Yes, please keep it open for a few days as I process some of the suggestions you posted above.

Thanks again!