Please help! Computer keeps getting worse & it barely functions

[JoyfulJourney]

Hi,

I'm hoping to find some help on here. I'm having terrible computer problems and can't figure out what's wrong. It's at the point where I can barely get anything done & am afraid to reboot it!

System: Windows Vista
Antivirus: AVG
Firewall: PC Tools (used to have Commodo until recently)
Malware/spyware removal: Spybot & AD-aware

I regularly defrag my system.

Problems: Very slow to open things, freezes up easily, Google Chrome will not load any web pages and Firefox freezes for 30 seconds anytime I want to do anything including scrolling down the page. If i try to delete an item, even a photo, it takes forever & I end up force closing the program. Same when I try to uninstall a program (like Google Chrome). I've had to perform a system restore several times just to get my computer to a point where I can use it to try to fix it. All problems seem to occur after I've restarted the system. Example: It was fine last night ( I had installed & used Safari Browser) and today when I booted up the system it wouldn't open anything & froze if I even clicked on the start menu. Had to put it into safe mode to system restore so I could post on here & download the DDS tool. It also seemed to have blocked my internet connection which the system restore fixed.

AVG found a trojan a few weeks ago and has found a few issues since July. Problems started end of June and have continually gotten worse. I've run AVG, AD-aware (found 88 items) and Spybot (found 10 browser tracking cookies) all in the last 24 hours all in safe mode. AVG Resident Shield pops up anytime I open Firefox too.

Help is greatly appreciated!! Logs are below as requested.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jessalyn at 19:47:45 on 2011-09-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2010.827 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\ACFXAU32.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\jessalyn\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
StartupFolder: c:\users\jessalyn\appdata\roaming\micros~1\windows\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: myitlab.com\www
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoncmg.com\www
Trusted Zone: pearsoned.com
Trusted Zone: pearsoned.com\myitlab
Trusted Zone: pearsoned.com\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{9FF25A3F-266B-42F1-8393-901E978BD6AF} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{A1ADC108-8174-4D4F-9A39-8F38905A4E34} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jessalyn\appdata\roaming\mozilla\firefox\profiles\gyml8ex7.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbf56b5&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\users\jessalyn\appdata\roaming\mozilla\firefox\profiles\gyml8ex7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlertGecko19.dll
FF - component: c:\users\jessalyn\appdata\roaming\mozilla\firefox\profiles\gyml8ex7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\jessalyn\appdata\roaming\mozilla\firefox\profiles\gyml8ex7.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll
FF - component: c:\users\jessalyn\appdata\roaming\mozilla\firefox\profiles\gyml8ex7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\jessalyn\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\jessalyn\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-13 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-11 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-4-28 20376]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-9-5 286000]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-11 636144]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-7 1153368]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-8-4 86656]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 947528]
S3 B-Service;B-Service;c:\users\jessalyn\documents\downloads\b-service.exe --> c:\users\jessalyn\documents\downloads\B-Service.exe [?]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-8-4 28800]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-08 00:54:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-08 00:54:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-06 08:12:28 -------- d-----w- c:\program files\Bonjour(1)
2011-09-06 08:09:07 -------- d-----w- c:\program files\Apple Software Update(0)
2011-09-05 17:42:21 -------- d-----w- c:\users\jessalyn\appdata\roaming\PCToolsFirewallPlus
2011-09-05 17:32:50 -------- d-----w- c:\users\jessalyn\{50987943-6f71-4529-9448-c2fff4102bc4}
2011-09-05 17:31:37 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-05 17:31:37 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-05 17:31:37 -------- d-----w- c:\program files\common files\PC Tools
2011-09-05 17:31:35 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-05 17:31:31 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-08-20 04:53:32 -------- d-----w- c:\users\jessalyn\appdata\local\Opera
2011-08-16 21:34:43 -------- d-----w- c:\users\jessalyn\appdata\local\{18BF5BF7-3E3F-480E-87EF-A0F2727E1B31}
2011-08-16 06:17:51 -------- d-----w- c:\users\jessalyn\appdata\local\{09A11E8A-BB19-4D78-B2C0-AFF9C734C1BD}
2011-08-16 06:17:30 -------- d-----w- c:\users\jessalyn\appdata\local\{99D523F2-03E1-4BCC-ACA6-CF79F4084D36}
2011-08-15 05:34:00 -------- d-----w- c:\users\jessalyn\appdata\local\{0FEE7CC8-1468-407B-961D-E64F08BD660B}
2011-08-15 05:33:40 -------- d-----w- c:\users\jessalyn\appdata\local\{61E54A9D-4DEE-45AC-8E0C-A105818801F3}
2011-08-11 16:55:05 -------- d-----w- c:\users\jessalyn\appdata\local\{D0D704C7-B6C3-48FB-9E5C-187E7D5BC7DF}
2011-08-11 16:54:38 -------- d-----w- c:\users\jessalyn\appdata\local\{351F9245-56BA-4274-904E-D2F0C2455E96}
2011-08-11 04:50:02 -------- d-----w- c:\users\jessalyn\appdata\local\{1312EE3C-3663-4084-87D3-34A854299DAB}
2011-08-11 04:49:28 -------- d-----w- c:\users\jessalyn\appdata\local\{CBB15045-9747-41E9-8DA5-5DA44A13565B}
2011-08-10 16:28:06 -------- d-----w- c:\users\jessalyn\appdata\local\{776BCEA8-CD0A-484E-AC7F-2002AF99BEB1}
2011-08-10 16:27:45 -------- d-----w- c:\users\jessalyn\appdata\local\{3FA621A3-CC8E-4AF6-BB7B-E07B1F421FEC}
2011-08-10 05:49:33 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 05:49:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 05:49:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 05:48:43 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 05:48:43 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 05:48:40 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 04:27:06 -------- d-----w- c:\users\jessalyn\appdata\local\{6AD0F0A6-E571-4012-9508-4EEC01A7CFEE}
2011-08-10 04:26:37 -------- d-----w- c:\users\jessalyn\appdata\local\{3C8C0D26-9B5F-4249-8FA2-BCF1C95E9FF1}
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-03 18:38:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
============= FINISH: 19:49:43.45 ===============

 

[ken545]

:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility. If you want to keep your log on info, just click on Select All and then uncheck cookies




Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

 

[JoyfulJourney]

Thank you! I'll get started on this. :

 

[JoyfulJourney]

Hi,

I can't get ATF Cleaner to run. By that I mean that I downloaded it and when I started it up I followed the directions & selected "All" to remove. But it just sits there with the mouse in that little circle for a bit and then it's like nothing happened. No results or anything. So I close it out and start over again. Did this a couple times and even left it for 2 hours. Same results. I'm attaching the log from MalwareBytes - it didn't find anything to remove.

Thank you!

 

[ken545]

Good Morning,

Whats happening with ATF Cleaner is most likely an over abundance of not needed junk files on your system, what you need to do is instead of Select All, just start at the top of the list and check one moduale at a time until you get them all, a word of warning, if you check cookies you will lose most of your log on data for sites you frequent so if you dont have them written down or remembered you may not be able to get into those sites, so bypass cookies if need be


MBAM came back clean, lets check for a rootkit


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

 

[JoyfulJourney]

Hi,

I have attached the log from the rootkit scanner. I've gotten ATF to clean everything but history & cookies, it's working on history right now but it's taking awhile.

:thanks:

 

[ken545]

Hi,

Please just copy and paste any logs we ask for in lew of attaching them, its easier of us to analyze.

aswMBR came back ok


After you run ATF Cleaner and clean all those out, run it again with Select All, I think you will find it will run fine now, I run this program on my systems on a weekly basis and you should too to clean out all the clutter

I would like you to run this program but its important that AVG and your Firewall are disabled



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[JoyfulJourney]

Can you tell me how to turn off AVG Free 2012? I know older versions (before 2011) you could disable by right clicking on the tray icon. I can't figure out how to turn it off so I can run Combofix!

 

[ken545]

Try this
http://free.avg.com/ww-en/faq.num-3031

 

[JoyfulJourney]

:thanks: Here's the log from ComboFix. I had to run it twice because the first time it was stuck on "creating a system restore point" for 3 hours.

ComboFix 11-09-14.02 - Jessalyn 09/14/2011 19:20:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2010.949 [GMT -7:00]
Running from: c:\users\Jessalyn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jessalyn\AppData\Roaming\inst.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-15 02:35 . 2011-09-15 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-14 01:18 . 2011-09-14 01:18 -------- d-----w- c:\users\Jessalyn\AppData\Roaming\AVG2012
2011-09-14 01:17 . 2011-09-14 01:17 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-09-14 01:17 . 2011-09-14 01:17 -------- d-----w- c:\program files\AVG Secure Search
2011-09-14 01:17 . 2011-09-14 01:22 -------- d-----w- c:\programdata\AVG2012
2011-09-14 00:03 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-12 04:20 . 2011-09-12 04:20 -------- d-----w- c:\users\Jessalyn\AppData\Roaming\Malwarebytes
2011-09-12 04:19 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-12 04:19 . 2011-09-12 04:19 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 04:19 . 2011-09-12 04:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-12 04:19 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-08 00:54 . 2011-09-08 02:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-08 00:54 . 2011-09-08 00:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-08 00:48 . 2011-09-08 00:49 -------- d-----w- c:\program files\ERUNT
2011-09-08 00:43 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-06 19:54 . 2011-09-06 19:54 -------- d-----w- c:\program files\Safari
2011-09-06 08:12 . 2011-09-08 00:09 -------- d-----w- c:\program files\Bonjour(1)
2011-09-06 08:09 . 2011-09-07 23:35 -------- d-----w- c:\program files\Apple Software Update(0)
2011-09-05 17:42 . 2011-09-05 17:43 -------- d-----w- c:\users\Jessalyn\AppData\Roaming\PCToolsFirewallPlus
2011-09-05 17:32 . 2011-09-08 00:08 -------- d-----w- c:\users\Jessalyn\{50987943-6f71-4529-9448-c2fff4102bc4}
2011-09-05 17:31 . 2011-09-08 00:08 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-05 17:31 . 2011-01-12 17:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-05 17:31 . 2010-02-05 15:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-05 17:31 . 2011-01-17 15:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-05 17:31 . 2011-09-08 00:10 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-08-20 04:53 . 2011-08-20 04:53 -------- d-----w- c:\users\Jessalyn\AppData\Local\Opera
2011-08-20 04:52 . 2011-08-20 04:53 -------- d-----w- c:\program files\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-27 05:30 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54 . 2011-08-10 10:11 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 10:11 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 10:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:13 . 2011-07-11 08:13 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-06 15:31 . 2011-08-10 05:49 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-03 18:38 . 2009-12-01 16:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-28 21:09 . 2011-06-28 21:09 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-28 21:09 . 2011-06-28 21:09 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-28 21:09 . 2011-06-28 21:09 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-28 21:09 . 2011-06-28 21:09 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-28 21:09 . 2011-06-28 21:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-28 21:09 . 2011-06-28 21:09 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-28 21:09 . 2011-06-28 21:09 367104 ----a-w- c:\windows\system32\html.iec
2011-06-28 21:09 . 2011-06-28 21:09 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-28 21:09 . 2011-06-28 21:09 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-28 21:09 . 2011-06-28 21:09 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-28 21:09 . 2011-06-28 21:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-28 21:09 . 2011-06-28 21:09 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-28 21:09 . 2011-06-28 21:09 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-28 21:09 . 2011-06-28 21:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-28 21:09 . 2011-06-28 21:09 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-28 21:09 . 2011-06-28 21:09 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-28 21:09 . 2011-06-28 21:09 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-28 21:09 . 2011-06-28 21:09 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-20 08:54 . 2011-08-10 05:48 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-10 05:48 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-10 05:48 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-10 05:49 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-10 20:07 . 2011-07-29 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-14 01:17 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-14 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-14 218440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
c:\users\Jessalyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2010-6-17 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-11 07:40 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Jessalyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Jessalyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-01-30 05:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 23:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sys [2007-06-29 86656]
R3 B-Service;B-Service;c:\users\Jessalyn\Documents\Downloads\B-Service.exe [x]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP32.sys [2007-07-10 28800]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-11 32464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-08-16 5264736]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-14 246600]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-24 20:09]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415225045-1735544410-2764562306-1000Core.job
- c:\users\Jessalyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 20:07]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415225045-1735544410-2764562306-1000UA.job
- c:\users\Jessalyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: myitlab.com\www
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoncmg.com\www
Trusted Zone: pearsoned.com
Trusted Zone: pearsoned.com\myitlab
Trusted Zone: pearsoned.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Jessalyn\AppData\Roaming\Mozilla\Firefox\Profiles\gyml8ex7.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B81d2c050-bc1a-4db0-a1e6-4da876a77c84%7D&mid=ada8e331ad88a4cbf4c0f901c5eab885-3624b976e9283a12c89f5cdede3b07049e81bb67&ds=AVG&v=8.0.0.34&lang=en&pr=fr&d=2011-09-13%2018%3A17%3A53&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-14 19:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-09-14 19:59:41
ComboFix-quarantined-files.txt 2011-09-15 02:59
.
Pre-Run: 73,321,869,312 bytes free
Post-Run: 73,316,823,040 bytes free
.
- - End Of File - - C3B7BF31A835DB467D0CA83B6A49E4B5

 

[ken545]

Not much removed, and the other logs look fine. Let me ask you, what are you experiencing to make you think your infected ?

 

[JoyfulJourney]

It's just been really slow and freezes up a lot. Like when I try to delete a file or a picture it never finishes & then I end up force closing it. Google Chrome won't load any pages. It just opens up and sits there. It wouldn't even open up at all a week ago. Firefox freezes randomly for 30-60 seconds when I ask it to do simple things like scroll down the page (it's already frozen 3 times while Ive been typing this) or move the cursor over in a text box. I downloaded a game off Yahoo and that's when the problems started. I've also had to do system restore a couple times because after I restart the computer it will freeze after the background & menu bar are loaded but then it won't let me do anything at all. Last time it never unfroze so I put it up safe mode, did a system restore and posted on here. AVG also found a trojan about a week ago.

 

[ken545]

Open up AVG and look in the Vault and tell me the name of the trojan it removed.

This sounds like just a plain old windows problem, do you have your windows CD or the Recovery Disk that came with your computer ?

 

[JoyfulJourney]

The vault is empty...would it have erased everything when I updated it to the 2012 version (which was in the last week)? It's removed 3 since July and i know one was Win something or other. I'm sure I have the disks that came with the computer at my parent's house few states away. My mom and I have the same laptop so at least one of us has them.

 

[ken545]

Yep, that entry may be gone, but thats good

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
    
12. Push
    
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the
    
    button.
14. Push
    

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

 

[JoyfulJourney]

This is what I got:

C:\Users\Jessalyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\7d925698-5e89bc41 multiple threats
C:\Users\Jessalyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\66cb5387-70ee251f multiple threats

 

[ken545]

What ESET found where in your Java Cache, run ATF Cleaner again this time just select the Java cache.

Then lets do it again this way

1. Click Start > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.



Then open Java again and go to the Update tab and update it


Then go to Programs and Features in the Control Panel and uninstall any previous versions that you see


What you may want to do is a System Repair, this will install windows right on top of the current version fixing things as it goes along, let me link you to a good windows forum for help on this, I dont know how your system is set up so you may or may not need the disk.

All us forums work together so let them know you posted here with the link to this thread so they can see what we have done , tell them all the problems your having and I suggested a System Repair, but let them decide whats best for you, the reason I am linking you to them is that we just do malware removal on this forum.
http://forums.whatthetech.com/index.php?showforum=119


Let me know how it went

 

[JoyfulJourney]

Ok, sounds good. When I ran ATF again it said Java files were removed and I've never had it successfully clean my history either. It just sits there for ever. I cleaned out and updated my Java though. Didn't find any old versions to delete, but I do have several different Microsoft Visual C++ on there. No idea what that is.

Thanks for the help. I'm hoping to get my recovery disks in the mail soon.

 

[ken545]

What you need to do since it appears your system is overwhelmed with junk files is open ATF Cleaner, instead of Select All, just start at the top and check just one entry and have it clean it, then go to the second one, just do each one one at a time, then when its done do the select all, you have so much garbage built up that its choking ATC Cleaner

 

[JoyfulJourney]

I've done it all individually 2x but I still can't get the history to clear!! It gets stuck every time, even by itself. I dont know what it's issue is!