Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Computer Problem  (Read 9773 times)

0 Members and 1 Guest are viewing this topic.

bluecountry

    Topic Starter


    Apprentice

    Thanked: 1
    Computer Problem
    « on: September 18, 2011, 11:05:51 PM »
    Hello,

    One of the PCs I use appears to be infected or running slow.
    The main problem is, crashing, freezing.

    I tried to resolve by following the steps listed.  In fact, during the "verify java" step, things got interesting.
    When in firefox, when I clicked to verify java I was booted off.
    When in internet explorer I clicked to verify java, a pop up box keep popping up continuously stating:

    Quote
       Microsoft visual C+++ Runtime Library

    Runtime Error!

    Program C:\Program file\internet explorer\iexplorer.exe

    R6025
    -pure virtual function cell

    Therefore, I was unable to verify java.

    I have attached my logs, there are two Super Anti-Spyware logs, because I accidentally did the first as a "quick" scan only.

    My questions:
    1) Any reasons seen on my PC is slow, and what I can do to fix?
    2) I have Windows XP, with 5 users.  Whenever I download a program to my user account, like "MBAM" it indeed downloads onto my desktop.
    However, when I go into another user account on XP, that account does not have that program, "MBAM" or others unless I download it there.

    This is a problem, because say I am using CCleaner in my XP account, and it updates.
    Well when I go into the other account, it still has the older version for CCleaner.
    Further, I notice if I run CCleaner in one XP account, and the run it in the other, it misses stuff.
    Like in XP account "A" it will have 58K to clean, so I clean it and figure I am set?
    Well I go into XP account "B", run that CCleaner, and it might have 100K to clean.

    See, I figured and want it where I do not have to go and run CCleaner/Super Anti-Spyware in all 5 XP accounts, I want it where if I am in account "A" it cleans the computer and all XP accounts.
    Otherwise, running scans is almost useless.
    Is there any reason why it is not "synched" for all accounts on this PC and a way I can get it so when I:
    -Update CCleaner in XP account "A" it updates the CCleaner in all of the XP "accounts" and when I run and scan CCleaner it runs and scans it in all the accounts?


    4) Last, do I have a firewall properly set up?  And if not, how can I so again, it sets up on all the different XP user accounts/  I don't want one version on account "A' and then not on all the others.

    Thanks!

    [regaining space - attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Computer Problem
    « Reply #1 on: September 19, 2011, 04:35:01 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Why not delete the other account until this is all sorted out?
    Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.
    * Save both reports to your desktop.
    * The instructions here ask you to attach the Attach.txt.



    1) DDS.txt
    2) Attach.txt
    Instead of attaching, please copy/past both logs into your Thread

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.

    •Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
    Windows 8 and Windows 10 dual boot with two SSD's

    bluecountry

      Topic Starter


      Apprentice

      Thanked: 1
      Re: Computer Problem
      « Reply #2 on: September 24, 2011, 11:31:31 PM »
      DDS

      Quote
      .
      DDS (Ver_2011-08-26.01) - NTFSx86
      Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_15
      Run by Sally Berger at 1:23:50 on 2011-09-25
      Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.146 [GMT -4:00]
      .
      AV: ThreatFire *Enabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
      AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
      FW: McAfee Firewall *Enabled*
      .
      ============== Running Processes ===============
      .
      C:\WINDOWS\system32\svchost.exe -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\Explorer.EXE
      svchost.exe
      C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
      C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
      C:\program files\real\realplayer\update\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Citrix\ICA Client\concentr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Documents and Settings\Sally Berger\Application Data\Smilebox\SmileboxTray.exe
      C:\Program Files\Citrix\ICA Client\wfcrun32.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\Documents and Settings\Sally Berger\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
      C:\Program Files\Common Files\Motive\McciCMService.exe
      C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
      C:\WINDOWS\system32\mfevtps.exe
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      svchost.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
      C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\System32\svchost.exe -k HTTPFilter
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
      c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.aol.com/?ncid=toolbar
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
      uInternet Connection Wizard,ShellNext = iexplore
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
      uURLSearchHooks: H - No File
      uURLSearchHooks: H - No File
      uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
      BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513015439.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
      BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
      TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
      TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
      TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
      EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
      EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
      uRun: [Aim6]
      uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
      uRun: [SmileboxTray] "c:\documents and settings\sally berger\application data\smilebox\SmileboxTray.exe"
      uRun: [Google Update] "c:\documents and settings\sally berger\local settings\application data\google\update\GoogleUpdate.exe" /c
      mRun: [igfxpers] c:\windows\system32\igfxpers.exe
      mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
      mRun: [ehTray] c:\windows\ehome\ehtray.exe
      mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
      mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
      mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
      mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
      mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
      mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
      mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
      mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
      StartupFolder: c:\docume~1\sallyb~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
      IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
      IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
      IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
      Trusted Zone: internet
      Trusted Zone: mcafee.com
      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
      DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://remote.segalco.com/wficat81.cab
      DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} - hxxp://www.flyword.com/loaderword_win.cab
      DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
      DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
      TCP: Interfaces\{A43C007B-85D4-4F24-85A9-F797A4FE884A} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
      Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
      Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
      Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
      Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
      Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
      Notify: igfxcui - igfxdev.dll
      Notify: WRNotifier - WRLogonNTF.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\documents and settings\sally berger\application data\mozilla\firefox\profiles\byaog33o.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=
      FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
      FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
      FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
      FF - component: c:\documents and settings\sally berger\application data\mozilla\firefox\profiles\byaog33o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      FF - component: c:\documents and settings\sally berger\application data\mozilla\firefox\profiles\byaog33o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
      FF - component: c:\documents and settings\sally berger\application data\mozilla\firefox\profiles\byaog33o.default\extensions\{7a2edb1a-a81c-4a50-9e4d-784fcfbc6a73}\components\RadioWMPCoreGecko19.dll
      FF - component: c:\documents and settings\sally berger\application data\mozilla\firefox\profiles\byaog33o.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
      FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
      FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
      FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
      FF - plugin: c:\documents and settings\sally berger\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
      FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
      FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
      FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
      FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
      FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
      FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
      FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
      FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
      FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
      FF - plugin: c:\program files\veetle\player\npvlc.dll
      FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
      FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
      FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
      .
      ---- FIREFOX POLICIES ----
      FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
      FF - user.js: protocol-handler.warn-external.dnUpdate - false
      ============= SERVICES / DRIVERS ===============
      .
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
      R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-21 387480]
      R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
      R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-21 84200]
      R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
      R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
      R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-3 116608]
      R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-16 94880]
      R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-21 271480]
      R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-21 271480]
      R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-21 271480]
      R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
      R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-21 171168]
      R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-21 188136]
      R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-21 141792]
      R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-21 56064]
      R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-21 153280]
      R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-21 52320]
      R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-21 314088]
      R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-21 88736]
      S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
      S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
      S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-21 88736]
      S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-21 84488]
      S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
      S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
      .
      =============== File Associations ===============
      .
      JSEFile=NOTEPAD.EXE %1
      .
      =============== Created Last 30 ================
      .
      2011-09-19 00:41:24   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2011-09-05 17:04:56   183696   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
      2011-09-05 17:04:56   183696   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
      2011-09-03 10:17:37   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
      .
      ==================== Find3M  ====================
      .
      2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
      2011-08-22 17:46:30   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
      2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
      .
      ============= FINISH:  1:24:54.60 ===============


      Attach.txt

      Quote
      .
      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2011-08-26.01)
      .
      Microsoft Windows XP Professional
      Boot Device: \Device\HarddiskVolume2
      Install Date: 6/23/2006 11:06:52 AM
      System Uptime: 9/24/2011 7:49:00 AM (18 hours ago)
      .
      Motherboard: Dell Inc.           |  | 0JC474
      Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
      .
      ==== Disk Partitions =========================
      .
      A: is Removable
      C: is FIXED (NTFS) - 107 GiB total, 71.027 GiB free.
      D: is FIXED (NTFS) - 37 GiB total, 37.033 GiB free.
      E: is CDROM ()
      F: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      ==== System Restore Points ===================
      .
      RP1: 7/1/2011 12:48:43 PM - System Checkpoint
      RP2: 7/2/2011 2:59:27 PM - System Checkpoint
      RP3: 7/3/2011 5:59:27 PM - System Checkpoint
      RP4: 7/4/2011 8:40:34 PM - System Checkpoint
      RP5: 7/5/2011 9:35:56 PM - System Checkpoint
      RP6: 7/6/2011 10:39:09 PM - System Checkpoint
      RP7: 7/8/2011 12:04:16 AM - System Checkpoint
      RP8: 7/9/2011 1:15:31 AM - System Checkpoint
      RP9: 7/10/2011 3:45:11 AM - System Checkpoint
      RP10: 7/11/2011 11:17:18 AM - System Checkpoint
      RP11: 7/12/2011 8:29:20 PM - System Checkpoint
      RP12: 7/13/2011 4:49:46 AM - Software Distribution Service 3.0
      RP13: 7/14/2011 1:16:35 PM - System Checkpoint
      RP14: 7/15/2011 4:02:23 PM - System Checkpoint
      RP15: 7/16/2011 5:48:44 PM - System Checkpoint
      RP16: 7/17/2011 7:04:16 PM - System Checkpoint
      RP17: 7/18/2011 7:39:21 PM - System Checkpoint
      RP18: 7/19/2011 8:15:28 PM - System Checkpoint
      RP19: 7/21/2011 6:37:19 PM - System Checkpoint
      RP20: 7/22/2011 8:24:15 PM - System Checkpoint
      RP21: 7/23/2011 9:32:28 PM - System Checkpoint
      RP22: 7/24/2011 10:15:08 PM - System Checkpoint
      RP23: 7/25/2011 11:56:34 PM - System Checkpoint
      RP24: 7/27/2011 12:15:11 AM - System Checkpoint
      RP25: 7/28/2011 1:34:18 AM - System Checkpoint
      RP26: 7/29/2011 1:40:03 AM - System Checkpoint
      RP27: 7/30/2011 2:52:29 AM - System Checkpoint
      RP28: 7/31/2011 7:33:24 AM - System Checkpoint
      RP29: 8/1/2011 3:04:30 PM - System Checkpoint
      RP30: 8/2/2011 3:36:45 PM - System Checkpoint
      RP31: 8/3/2011 4:14:35 PM - System Checkpoint
      RP32: 8/4/2011 4:26:12 PM - System Checkpoint
      RP33: 8/5/2011 7:25:47 PM - System Checkpoint
      RP34: 8/6/2011 7:53:12 PM - System Checkpoint
      RP35: 8/7/2011 8:10:32 PM - System Checkpoint
      RP36: 8/8/2011 8:21:55 PM - System Checkpoint
      RP37: 8/9/2011 9:55:39 PM - System Checkpoint
      RP38: 8/10/2011 4:50:56 AM - Software Distribution Service 3.0
      RP39: 8/11/2011 6:55:13 AM - System Checkpoint
      RP40: 8/12/2011 3:40:59 PM - System Checkpoint
      RP41: 8/14/2011 1:29:42 AM - System Checkpoint
      RP42: 8/15/2011 1:57:27 AM - System Checkpoint
      RP43: 8/16/2011 3:12:55 AM - System Checkpoint
      RP44: 8/17/2011 3:16:48 AM - System Checkpoint
      RP45: 8/18/2011 3:21:45 AM - System Checkpoint
      RP46: 8/19/2011 6:24:10 AM - System Checkpoint
      RP47: 8/20/2011 7:56:55 AM - System Checkpoint
      RP48: 8/21/2011 8:05:24 AM - System Checkpoint
      RP49: 8/22/2011 8:13:39 AM - System Checkpoint
      RP50: 8/23/2011 8:51:59 PM - System Checkpoint
      RP51: 8/24/2011 4:51:09 AM - Software Distribution Service 3.0
      RP52: 8/25/2011 7:34:45 AM - System Checkpoint
      RP53: 8/26/2011 7:54:58 AM - System Checkpoint
      RP54: 8/27/2011 8:09:13 AM - System Checkpoint
      RP55: 8/28/2011 8:48:56 AM - System Checkpoint
      RP56: 8/29/2011 7:40:31 PM - System Checkpoint
      RP57: 8/30/2011 9:15:30 PM - System Checkpoint
      RP58: 8/31/2011 9:51:33 PM - System Checkpoint
      RP59: 9/1/2011 10:59:33 PM - System Checkpoint
      RP60: 9/2/2011 11:28:45 PM - System Checkpoint
      RP61: 9/4/2011 12:11:22 AM - System Checkpoint
      RP62: 9/5/2011 12:27:48 AM - System Checkpoint
      RP63: 9/6/2011 1:22:54 AM - System Checkpoint
      RP64: 9/7/2011 2:46:13 AM - System Checkpoint
      RP65: 9/7/2011 4:50:35 AM - Software Distribution Service 3.0
      RP66: 9/8/2011 9:06:22 AM - System Checkpoint
      RP67: 9/9/2011 9:30:03 AM - System Checkpoint
      RP68: 9/10/2011 10:31:00 AM - System Checkpoint
      RP69: 9/11/2011 12:29:07 PM - System Checkpoint
      RP70: 9/12/2011 4:51:19 PM - System Checkpoint
      RP71: 9/13/2011 5:23:58 PM - System Checkpoint
      RP72: 9/14/2011 7:31:15 PM - System Checkpoint
      RP73: 9/15/2011 8:26:55 PM - System Checkpoint
      RP74: 9/16/2011 11:40:54 AM - Software Distribution Service 3.0
      RP75: 9/17/2011 3:27:30 PM - System Checkpoint
      RP76: 9/18/2011 8:31:26 PM - Removed BlackBerry Desktop Software 6.0.
      RP77: 9/19/2011 8:42:09 PM - System Checkpoint
      RP78: 9/20/2011 9:37:14 PM - System Checkpoint
      RP79: 9/21/2011 10:58:02 PM - System Checkpoint
      RP80: 9/22/2011 11:58:55 PM - System Checkpoint
      RP81: 9/24/2011 9:06:56 AM - System Checkpoint
      .
      ==== Installed Programs ======================
      .
      Acrobat.com
      Adobe AIR
      Adobe Flash Media Live Encoder 3
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 10 Plugin
      Adobe Reader X (10.1.1)
      Adobe Shockwave Player 11
      AIM 6
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      BitLord 1.1
      BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone
      Bonjour
      Canon Camera Access Library
      Canon Camera Support Core Library
      Canon Camera Window DC_DV 5 for ZoomBrowser EX
      Canon Camera Window DC_DV 6 for ZoomBrowser EX
      Canon Camera Window MC 6 for ZoomBrowser EX
      Canon G.726 WMP-Decoder
      Canon MovieEdit Task for ZoomBrowser EX
      Canon RAW Image Task for ZoomBrowser EX
      Canon RemoteCapture Task for ZoomBrowser EX
      Canon Utilities EOS Utility
      Canon Utilities PhotoStitch
      Canon Utilities ZoomBrowser EX
      CCleaner
      Citrix online plug-in - web
      Citrix online plug-in (DV)
      Citrix online plug-in (HDX)
      Citrix online plug-in (USB)
      Citrix online plug-in (Web)
      Compatibility Pack for the 2007 Office system
      Conexant D850 56K V.9x DFVc Modem
      Coupon Printer for Windows
      Critical Update for Windows Media Player 11 (KB959772)
      Dell AIO Printer A920
      Dell Digital Jukebox Driver
      Dell Driver Reset Tool
      Dell Support Center (Support Software)
      DellSupport
      Digital Content Portal
      ELIcon
      ESET Online Scanner v3
      Games, Music, & Photos Launcher
      GearDrvs
      GemMaster Mystic
      Google Chrome
      Google Earth
      Google Talk Plugin
      Google Toolbar for Internet Explorer
      Google Update Helper
      Google Updater
      High Definition Audio Driver Package - KB835221
      HiJackThis
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      Hotfix for Windows Internet Explorer 7 (KB947864)
      Hotfix for Windows Media Format 11 SDK (KB929399)
      Hotfix for Windows Media Player 10 (KB903157)
      Hotfix for Windows Media Player 11 (KB939683)
      Hotfix for Windows XP (KB2158563)
      Hotfix for Windows XP (KB2443685)
      Hotfix for Windows XP (KB2570791)
      Hotfix for Windows XP (KB952287)
      Hotfix for Windows XP (KB954550-v5)
      Hotfix for Windows XP (KB961118)
      Hotfix for Windows XP (KB970653-v3)
      Hotfix for Windows XP (KB976098-v2)
      Hotfix for Windows XP (KB979306)
      Hotfix for Windows XP (KB981793)
      Intel(R) Graphics Media Accelerator Driver
      Intel(R) PRO Network Connections Drivers
      Intel(R) PROSet for Wired Connections
      iTunes
      Java(TM) 6 Update 15
      Learn2 Player (Uninstall Only)
      Malwarebytes' Anti-Malware version 1.51.2.1300
      McAfee Security Scan Plus
      McAfee SecurityCenter
      MCU
      MetaFrame Presentation Server Web Client for Win32
      Microsoft .NET Framework 1.0 Hotfix (KB953295)
      Microsoft .NET Framework 1.0 Hotfix (KB979904)
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Security Update (KB2416447)
      Microsoft .NET Framework 1.1 Security Update (KB979906)
      Microsoft .NET Framework 2.0 Service Pack 2
      Microsoft .NET Framework 3.0 Service Pack 2
      Microsoft .NET Framework 3.5 SP1
      Microsoft ActiveX Control Pad
      Microsoft Compression Client Pack 1.0 for Windows XP
      Microsoft Digital Image Library 9 - Blocker
      Microsoft Digital Image Standard 2006
      Microsoft Digital Image Standard 2006 Editor
      Microsoft Digital Image Standard 2006 Library
      Microsoft Encarta Encyclopedia Standard 2006
      Microsoft Internationalized Domain Names Mitigation APIs
      Microsoft Money 2006
      Microsoft National Language Support Downlevel APIs
      Microsoft Office 2007 Service Pack 2 (SP2)
      Microsoft Office Excel MUI (English) 2007
      Microsoft Office File Validation Add-In
      Microsoft Office Home and Student 2007
      Microsoft Office OneNote MUI (English) 2007
      Microsoft Office PowerPoint MUI (English) 2007
      Microsoft Office PowerPoint Viewer 2007 (English)
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (English) 2007
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
      Microsoft Office Shared MUI (English) 2007
      Microsoft Office Shared Setup Metadata MUI (English) 2007
      Microsoft Office Word MUI (English) 2007
      Microsoft Plus! Digital Media Edition Installer
      Microsoft Plus! Photo Story 2 LE
      Microsoft Silverlight
      Microsoft Software Update for Web Folders  (English) 12
      Microsoft Streets & Trips 2006
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Microsoft VC9 runtime libraries
      Microsoft Visual C Runtime
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Microsoft Works
      Microsoft Works Suite 2006 Setup Launcher
      Microsoft Works Suite Add-in for Microsoft Word
      Modem Helper
      Mozilla Firefox 6.0.2 (x86 en-US)
      MSXML 4.0 SP2 (KB927978)
      MSXML 4.0 SP2 (KB936181)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      MSXML 6.0 Parser (KB933579)
      Norton 360
      OpenOffice.org Installer 1.0
      OptiPix
      Otto
      Photo Transport
      QuickTime
      RealNetworks - Microsoft Visual C++ 2008 Runtime
      RealPlayer
      RealUpgrade 1.1
      Rhapsody
      Rhapsody Player Engine
      Savings Bond Wizard
      Security Advisor
      Security Update for 2007 Microsoft Office System (KB2288621)
      Security Update for 2007 Microsoft Office System (KB2288931)
      Security Update for 2007 Microsoft Office System (KB2345043)
      Security Update for 2007 Microsoft Office System (KB2553074)
      Security Update for 2007 Microsoft Office System (KB2553089)
      Security Update for 2007 Microsoft Office System (KB2553090)
      Security Update for 2007 Microsoft Office System (KB2584063)
      Security Update for 2007 Microsoft Office System (KB969559)
      Security Update for 2007 Microsoft Office System (KB976321)
      Security Update for CAPICOM (KB931906)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
      Security Update for Microsoft Office Excel 2007 (KB2553073)
      Security Update for Microsoft Office InfoPath 2007 (KB979441)
      Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
      Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
      Security Update for Microsoft Office system 2007 (972581)
      Security Update for Microsoft Office system 2007 (KB974234)
      Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
      Security Update for Microsoft Office Word 2007 (KB2344993)
      Security Update for Windows Internet Explorer 7 (KB928090)
      Security Update for Windows Internet Explorer 7 (KB929969)
      Security Update for Windows Internet Explorer 7 (KB931768)
      Security Update for Windows Internet Explorer 7 (KB933566)
      Security Update for Windows Internet Explorer 7 (KB937143)
      Security Update for Windows Internet Explorer 7 (KB938127)
      Security Update for Windows Internet Explorer 7 (KB939653)
      Security Update for Windows Internet Explorer 7 (KB942615)
      Security Update for Windows Internet Explorer 7 (KB944533)
      Security Update for Windows Internet Explorer 7 (KB950759)
      Security Update for Windows Internet Explorer 7 (KB953838)
      Security Update for Windows Internet Explorer 7 (KB956390)
      Security Update for Windows Internet Explorer 7 (KB958215)
      Security Update for Windows Internet Explorer 7 (KB960714)
      Security Update for Windows Internet Explorer 7 (KB961260)
      Security Update for Windows Internet Explorer 7 (KB963027)
      Security Update for Windows Internet Explorer 7 (KB969897)
      Security Update for Windows Internet Explorer 7 (KB972260)
      Security Update for Windows Internet Explorer 7 (KB974455)
      Security Update for Windows Internet Explorer 7 (KB976325)
      Security Update for Windows Internet Explorer 7 (KB978207)
      Security Update for Windows Internet Explorer 8 (KB2183461)
      Security Update for Windows Internet Explorer 8 (KB2360131)
      Security Update for Windows Internet Explorer 8 (KB2416400)
      Security Update for Windows Internet Explorer 8 (KB2482017)
      Security Update for Windows Internet Explorer 8 (KB2497640)
      Security Update for Windows Internet Explorer 8 (KB2510531)
      Security Update for Windows Internet Explorer 8 (KB2530548)
      Security Update for Windows Internet Explorer 8 (KB2544521)
      Security Update for Windows Internet Explorer 8 (KB2559049)
      Security Update for Windows Internet Explorer 8 (KB971961)
      Security Update for Windows Internet Explorer 8 (KB976325)
      Security Update for Windows Internet Explorer 8 (KB978207)
      Security Update for Windows Internet Explorer 8 (KB981332)
      Security Update for Windows Internet Explorer 8 (KB982381)
      Security Update for Windows Media Player (KB2378111)
      Security Update for Windows Media Player (KB952069)
      Security Update for Windows Media Player (KB954155)
      Security Update for Windows Media Player (KB968816)
      Security Update for Windows Media Player (KB973540)
      Security Update for Windows Media Player (KB975558)
      Security Update for Windows Media Player (KB978695)
      Security Update for Windows Media Player 10 (KB917734)
      Security Update for Windows Media Player 11 (KB936782)
      Security Update for Windows Media Player 11 (KB954154)
      Security Update for Windows XP (KB2079403)
      Security Update for Windows XP (KB2115168)
      Security Update for Windows XP (KB2121546)
      Security Update for Windows XP (KB2160329)
      Security Update for Windows XP (KB2229593)
      Security Update for Windows XP (KB2259922)
      Security Update for Windows XP (KB2279986)
      Security Update for Windows XP (KB2286198)
      Security Update for Windows XP (KB2296011)
      Security Update for Windows XP (KB2296199)
      Security Update for Windows XP (KB2347290)
      Security Update for Windows XP (KB2360937)
      Security Update for Windows XP (KB2387149)
      Security Update for Windows XP (KB2393802)
      Security Update for Windows XP (KB2412687)
      Security Update for Windows XP (KB2419632)
      Security Update for Windows XP (KB2423089)
      Security Update for Windows XP (KB2436673)
      Security Update for Windows XP (KB2440591)
      Security Update for Windows XP (KB2443105)
      Security Update for Windows XP (KB2476490)
      Security Update for Windows XP (KB2476687)
      Security Update for Windows XP (KB2478960)
      Security Update for Windows XP (KB2478971)
      Security Update for Windows XP (KB2479628)
      Security Update for Windows XP (KB2481109)
      Security Update for Windows XP (KB2483185)
      Security Update for Windows XP (KB2485376)
      Security Update for Windows XP (KB2485663)
      Security Update for Windows XP (KB2491683)
      Security Update for Windows XP (KB2503658)
      Security Update for Windows XP (KB2503665)
      Security Update for Windows XP (KB2506212)
      Security Update for Windows XP (KB2506223)
      Security Update for Windows XP (KB2507618)
      Security Update for Windows XP (KB2507938)
      Security Update for Windows XP (KB2508272)
      Security Update for Windows XP (KB2508429)
      Security Update for Windows XP (KB2509553)
      Security Update for Windows XP (KB2511455)
      Security Update for Windows XP (KB2524375)
      Security Update for Windows XP (KB2535512)
      Security Update for Windows XP (KB2536276-v2)
      Security Update for Windows XP (KB2536276)
      Security Update for Windows XP (KB2544893)
      Security Update for Windows XP (KB2555917)
      Security Update for Windows XP (KB2562937)
      Security Update for Windows XP (KB2566454)
      Security Update for Windows XP (KB2567680)
      Security Update for Windows XP (KB2570222)
      Security Update for Windows XP (KB2570947)
      Security Update for Windows XP (KB923561)
      Security Update for Windows XP (KB938464)
      Security Update for Windows XP (KB941569)
      Security Update for Windows XP (KB946648)
      Security Update for Windows XP (KB950760)
      Security Update for Windows XP (KB950762)
      Security Update for Windows XP (KB950974)
      Security Update for Windows XP (KB951066)
      Security Update for Windows XP (KB951376-v2)
      Security Update for Windows XP (KB951376)
      Security Update for Windows XP (KB951698)
      Security Update for Windows XP (KB951748)
      Security Update for Windows XP (KB952004)
      Security Update for Windows XP (KB952954)
      Security Update for Windows XP (KB953839)
      Security Update for Windows XP (KB954211)
      Security Update for Windows XP (KB954459)
      Security Update for Windows XP (KB954600)
      Security Update for Windows XP (KB955069)
      Security Update for Windows XP (KB956391)
      Security Update for Windows XP (KB956572)
      Security Update for Windows XP (KB956744)
      Security Update for Windows XP (KB956802)
      Security Update for Windows XP (KB956803)
      Security Update for Windows XP (KB956841)
      Security Update for Windows XP (KB956844)
      Security Update for Windows XP (KB957095)
      Security Update for Windows XP (KB957097)
      Security Update for Windows XP (KB958644)
      Security Update for Windows XP (KB958687)
      Security Update for Windows XP (KB958690)
      Security Update for Windows XP (KB958869)
      Security Update for Windows XP (KB959426)
      Security Update for Windows XP (KB960225)
      Security Update for Windows XP (KB960715)
      Security Update for Windows XP (KB960803)
      Security Update for Windows XP (KB960859)
      Security Update for Windows XP (KB961371)
      Security Update for Windows XP (KB961373)
      Security Update for Windows XP (KB961501)
      Security Update for Windows XP (KB968537)
      Security Update for Windows XP (KB969059)
      Security Update for Windows XP (KB969898)
      Security Update for Windows XP (KB969947)
      Security Update for Windows XP (KB970238)
      Security Update for Windows XP (KB970430)
      Security Update for Windows XP (KB971468)
      Security Update for Windows XP (KB971486)
      Security Update for Windows XP (KB971557)
      Security Update for Windows XP (KB971633)
      Security Update for Windows XP (KB971657)
      Security Update for Windows XP (KB971961)
      Security Update for Windows XP (KB972270)
      Security Update for Windows XP (KB973346)
      Security Update for Windows XP (KB973354)
      Security Update for Windows XP (KB973507)
      Security Update for Windows XP (KB973525)
      Security Update for Windows XP (KB973869)
      Security Update for Windows XP (KB973904)
      Security Update for Windows XP (KB974112)
      Security Update for Windows XP (KB974318)
      Security Update for Windows XP (KB974392)
      Security Update for Windows XP (KB974571)
      Security Update for Windows XP (KB975025)
      Security Update for Windows XP (KB975467)
      Security Update for Windows XP (KB975560)
      Security Update for Windows XP (KB975561)
      Security Update for Windows XP (KB975562)
      Security Update for Windows XP (KB975713)
      Security Update for Windows XP (KB977165)
      Security Update for Windows XP (KB977816)
      Security Update for Windows XP (KB977914)
      Security Update for Windows XP (KB978037)
      Security Update for Windows XP (KB978251)
      Security Update for Windows XP (KB978262)
      Security Update for Windows XP (KB978338)
      Security Update for Windows XP (KB978542)
      Security Update for Windows XP (KB978601)
      Security Update for Windows XP (KB978706)
      Security Update for Windows XP (KB979309)
      Security Update for Windows XP (KB979482)
      Security Update for Windows XP (KB979559)
      Security Update for Windows XP (KB979683)
      Security Update for Windows XP (KB979687)
      Security Update for Windows XP (KB980195)
      Security Update for Windows XP (KB980218)
      Security Update for Windows XP (KB980232)
      Security Update for Windows XP (KB980436)
      Security Update for Windows XP (KB981322)
      Security Update for Windows XP (KB981852)
      Security Update for Windows XP (KB981957)
      Security Update for Windows XP (KB981997)
      Security Update for Windows XP (KB982132)
      Security Update for Windows XP (KB982214)
      Security Update for Windows XP (KB982665)
      Security Update for Windows XP (KB982802)
      Smilebox
      Sonic Activation Module
      Sonic Encoders
      SopCast 3.0.3
      SUPERAntiSpyware Free Edition
      Update for 2007 Microsoft Office System (KB967642)
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      Update for Microsoft Office 2007 System (KB2539530)
      Update for Microsoft Office OneNote 2007 (KB980729)
      Update for Windows Internet Explorer 7 (KB976749)
      Update for Windows Internet Explorer 8 (KB976662)
      Update for Windows Internet Explorer 8 (KB978506)
      Update for Windows Internet Explorer 8 (KB980182)
      Update for Windows Media Format SDK (KB902344)
      Update for Windows Media Player 10 (KB913800)
      Update for Windows Media Player 10 (KB926251)
      Update for Windows XP (KB2141007)
      Update for Windows XP (KB2345886)
      Update for Windows XP (KB2467659)
      Update for Windows XP (KB2541763)
      Update for Windows XP (KB2607712)
      Update for Windows XP (KB2616676)
      Update for Windows XP (KB951072-v2)
      Update for Windows XP (KB951978)
      Update for Windows XP (KB955759)
      Update for Windows XP (KB955839)
      Update for Windows XP (KB967715)
      Update for Windows XP (KB968389)
      Update for Windows XP (KB971029)
      Update for Windows XP (KB971737)
      Update for Windows XP (KB973687)
      Update for Windows XP (KB973815)
      Update Rollup 2 for Windows XP Media Center Edition 2005
      Veetle TV 0.9.18
      VideoLAN VLC media player 0.8.6d
      Visual C++ 2008 x86 Runtime - (v9.0.30729)
      Visual C++ 2008 x86 Runtime - v9.0.30729.01
      vShare Plugin
      WebFldrs XP
      WebIQ Technology Engine
      Windows Internet Explorer 7
      Windows Internet Explorer 8
      Windows Media Format 11 runtime
      Windows Media Player 10
      Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
      Windows Media Player 11
      Windows Media Player Firefox Plugin
      Windows XP Media Center Edition 2005 KB2502898
      Windows XP Media Center Edition 2005 KB908246
      Windows XP Media Center Edition 2005 KB925766
      Windows XP Media Center Edition 2005 KB973768
      Windows XP Service Pack 3
      Works Upgrade
      .
      ==== Event Viewer Messages From Past Week ========
      .
      9/18/2011 11:59:10 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
      9/18/2011 11:59:10 AM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
      .
      ==== End Of File ===========================

      bluecountry

        Topic Starter


        Apprentice

        Thanked: 1
        Re: Computer Problem
        « Reply #3 on: September 24, 2011, 11:34:23 PM »
        Now per my 2nd question.....again I have XP.
        So when windows starts, the sign on screen has five different user accounts (say account 1-5).
        This is because several other people share this computer.

        Why is it, when in account 1, I download CClean and run it, if I go to account 2, it does not have CClean (unless I download it a separate time) and even then, if I run CClean in account 1, in account 2 it still needs to be run?

        I want it where if I do my weekly computer maintenance, I do not have to five separate scans in five different accounts!

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Computer Problem
        « Reply #4 on: September 25, 2011, 12:00:37 PM »
        The logs show that you're running two AV programs on your computer; AV: ThreatFire and AV: McAfee Anti-Virus and Anti-Spyware One will have to be disabled/ uninstalled.

        You have Viewpoint installed.

        Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

        More information:

        * ViewMgr.exe - Useless
        * Viewpoint to Plunge Into Adware

        It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

        * Viewpoint
        * Viewpoint Manager
        * Viewpoint Media Player
        * Viewpoint Toolbar
        * Viewpoint Experience Technology

        ******************************************************
        P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

        Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

        I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
        *******************************************************
        Update Your Java (JRE)

        Old versions of Java have vulnerabilities that malware can use to infect your system.


        First Verify your Java Version

        If there are any other version(s) installed then update now.

        Get the new version (if needed)

        If your version is out of date install the newest version of the Sun Java Runtime Environment.

        Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

        Be sure to close ALL open web browsers before starting the installation.

        Remove any old versions

        1. Download JavaRa and unzip the file to your Desktop.
        2. Open JavaRA.exe and choose Remove Older Versions
        3. Once complete exit JavaRA.

        Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
        ************************************************
        Quote
        I want it where if I do my weekly computer maintenance, I do not have to five separate scans in five different accounts!

        Sorry. I don't know too much about accounts. You could try running it as Administrator or perhaps you should ask that question in one of the other forums.

        Download OTL to your desktop.

        * Open OTL
        * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

        Code: [Select]
        :OTL

        uURLSearchHooks: H - No File
        uURLSearchHooks: H - No File
        TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
        TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
        TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
        TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
        EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
        EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
        mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
        Trusted Zone: internet
        Trusted Zone: mcafee.com

        :COMMANDS
        [resethosts]
        [purity]
        [start explorer]

        * Click Run Fix
        * OTLI2 may ask to reboot the machine. Please do so if asked.
        * Click OK
        * A report will open. Copy and Paste that report in your next reply.
        ****************************************************************

        Please download ComboFix from BleepingComputer.com

        Alternate link: GeeksToGo.com

        and save it to your Desktop.
        It would be easiest to download using Internet Explorer.
        If you insist on using Firefox, make sure that your download settings are as follows:

        * Tools->Options->Main tab
        * Set to "Always ask me where to Save the files".

        Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
        Double click ComboFix.exe & follow the prompts.
        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

        Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


        Click on Yes, to continue scanning for malware.
        When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

        If you have problems with ComboFix usage, see How to use ComboFix
        Windows 8 and Windows 10 dual boot with two SSD's

        bluecountry

          Topic Starter


          Apprentice

          Thanked: 1
          Re: Computer Problem
          « Reply #5 on: September 29, 2011, 04:19:32 PM »
          1)  Are you sure I am running TWO anti-viruses, I can only find MCAfee, I never heard of threatfire?

          2) I cannot find viewpoint under add/remove programs, are you sure it is there and if not, where can I delete it?

          3)  I cannot verify java, each time I click the link, in firefox, it boots me off, what do I do?

          4) When I download OTL, it just gives me a screen, no text, do I need to run a scan?

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Computer Problem
          « Reply #6 on: September 29, 2011, 04:35:50 PM »
          Quote
          Are you sure I am running TWO anti-viruses, I can only find MCAfee, I never heard of threatfire?
          The DDS log shows it. Let's check it again.

          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Unzip SecurityCheck.zip and a folder named Security Check should appear.
          * Open the Security Check folder and double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          *****************************************************
          Quote
          I cannot find viewpoint under add/remove programs, are you sure it is there and if not, where can I delete it?
          Ok. It was a plugin on FireFox. You can remove the plugin.

          ****************************************************
          Quote
          I cannot verify java, each time I click the link, in firefox, it boots me off, what do I do?
          You can try using Internet Explorer.

          ***********************************************
          Quote
          When I download OTL, it just gives me a screen, no text, do I need to run a scan?
          No. No scan. Just follow the instructions I've provided.
          Windows 8 and Windows 10 dual boot with two SSD's

          bluecountry

            Topic Starter


            Apprentice

            Thanked: 1
            Re: Computer Problem
            « Reply #7 on: September 29, 2011, 05:11:37 PM »
            1) Security screen 317

            Quote
            Results of screen317's Security Check version 0.99.19 
             Windows XP Service Pack 3 
             Internet Explorer 8 
            ``````````````````````````````
            Antivirus/Firewall Check:

             Windows Firewall Disabled! 
             ESET Online Scanner v3   
             Norton 360     
             McAfee Security Scan Plus   
             McAfee SecurityCenter     
             Antivirus up to date! 
            ```````````````````````````````
            Anti-malware/Other Utilities Check:

             Malwarebytes' Anti-Malware   
             CCleaner     
             Java(TM) 6 Update 15 
             Out of date Java installed!
             Adobe Flash Player    10.3.183.5 
             Adobe Reader X (10.1.1)
             Mozilla Firefox (Player..)
            ````````````````````````````````
            Process Check: 
            objlist.exe by Laurent

            ``````````End of Log````````````

            2) I checked firefox and could not find viewpoint plugin, are you sure it is still there?


            3) Major problem with checking java....in my first post on this thread I reported this problem which prompted my inquiry.

            When I check java in firefox, I get booted off.
            I just checked again in internet explorer and go this same error message:
            When in internet explorer I clicked to verify java, a pop up box keep popping up continuously stating:
            Quote
               Microsoft visual C+++ Runtime Library

            Runtime Error!

            Program C:\Program file\internet explorer\iexplorer.exe

            R6025
            -pure virtual function cell


            3a) Also, when I went to firefox, I saw this java plugin:

            Javadeployment toolkit 6.0.150.3 6.0.150.3
            nruntime script plugin-library for Java (TM) deploy


            It had this message....Java deployment toolkit 6.0.150.3 is known to cause security or stability issues

            It was disabled, should I keep it disabled?

            4) Did the OTL sacn, here are results:

            Quote
            ========== OTL ==========
            ========== COMMANDS ==========
            C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
            HOSTS file reset successfully
             
            OTL by OldTimer - Version 3.2.29.1 log created on 09292011_190531

            5) Have not run combo fix yet, I will hold off until you want me to.

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Computer Problem
            « Reply #8 on: September 30, 2011, 04:55:50 PM »
            Quote
            I checked firefox and could not find viewpoint plugin, are you sure it is still there?
            It's right here: If you can't find it, it's not a big deal. (FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll)

            Quote
            When in internet explorer I clicked to verify java, a pop up box keep popping up continuously stating:
            This might help.

            Yes, please run ComboFix.
            Windows 8 and Windows 10 dual boot with two SSD's

            bluecountry

              Topic Starter


              Apprentice

              Thanked: 1
              Re: Computer Problem
              « Reply #9 on: September 30, 2011, 10:21:30 PM »
              1) You said I have two anti-virus programs running, one being threatfire.  I can't find it, do I still have it, and if so, how can I find, disable, and delete?

              2) Java, read the article, what can I do about it?  I still cannot find a way to verify java, I can try it in firefox, but then firefox crashes.  How can we work on this?

              3) Overall, PC is ok after running ccleaner, but after 30 minutes of browsing it is slow, crashes, and freezes, any reason why?

              4) Combofix log pasted:

              Quote
              ComboFix 11-09-30.05 - Sally Berger 09/30/2011  21:23:41.3.2 - x86
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.335 [GMT -4:00]
              Running from: c:\documents and settings\Sally Berger\My Documents\Downloads\ComboFix.exe
              AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
              AV: ThreatFire *Enabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
              FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
              .
              .
              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\windows\kb913800.exe
              .
              .
              (((((((((((((((((((((((((   Files Created from 2011-09-01 to 2011-10-01  )))))))))))))))))))))))))))))))
              .
              .
              2011-09-29 23:05 . 2011-09-29 23:05   --------   d-----w-   C:\_OTL
              2011-09-19 00:41 . 2011-08-31 21:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2011-09-05 17:04 . 2011-09-05 17:04   183696   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
              2011-09-05 17:04 . 2011-09-05 17:04   183696   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
              2011-09-03 10:17 . 2011-09-09 09:12   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2011-09-09 09:12 . 2005-08-16 08:18   599040   ----a-w-   c:\windows\system32\crypt32.dll
              2011-08-22 17:46 . 2011-05-17 17:20   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
              2011-07-15 13:29 . 2006-06-19 17:26   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
              2011-07-08 14:02 . 2005-08-16 08:18   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
              2010-03-11 04:01 . 2010-03-11 04:01   124272   ----a-w-   c:\program files\mozilla firefox\plugins\CCMSDK.dll
              2010-03-11 04:40 . 2010-03-11 04:40   13168   ----a-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
              2010-03-11 04:02 . 2010-03-11 04:02   70512   ----a-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
              2010-03-11 04:01 . 2010-03-11 04:01   91504   ----a-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
              2010-03-11 04:01 . 2010-03-11 04:01   22384   ----a-w-   c:\program files\mozilla firefox\plugins\ctxlogging.dll
              2010-03-11 04:00 . 2010-03-11 04:00   255344   ----a-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
              2010-03-11 04:01 . 2010-03-11 04:01   31088   ----a-w-   c:\program files\mozilla firefox\plugins\icafile.dll
              2010-03-11 04:01 . 2010-03-11 04:01   40304   ----a-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
              2009-10-05 17:49 . 2009-10-05 17:49   652640   ----a-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
              2010-03-11 04:02 . 2010-03-11 04:02   23920   ----a-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
              2011-09-08 01:01 . 2011-03-25 15:32   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
              2011-04-14 18:01 . 2011-01-22 01:21   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
              .
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 4611456]
              "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-27 68856]
              "SmileboxTray"="c:\documents and settings\Sally Berger\Application Data\Smilebox\SmileboxTray.exe" [2011-06-02 313160]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
              "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
              "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
              "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
              "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
              "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
              "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
              "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
              "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
              "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-24 273544]
              "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
              "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
              "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-09 161336]
              .
              c:\documents and settings\Sally Berger\Start Menu\Programs\Startup\
              OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
              .
              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2009-09-08 14:56   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
              .
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
              BootExecute   REG_MULTI_SZ      \0
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
              backup=c:\windows\pss\ymetray.lnkCommon Startup
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
              2007-03-15 15:09   460784   ----a-w-   c:\program files\DellSupport\DSAgnt.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
              2009-05-21 14:55   206064   ----a-w-   c:\program files\Dell Support Center\bin\sprtcmd.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
              2007-11-15 14:24   16384   -c--a-w-   c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
              2007-10-08 21:50   41824   ----a-w-   c:\program files\Common Files\AOL\1151195914\ee\aolsoftware.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
              2010-07-21 19:53   141608   -c--a-w-   c:\program files\iTunes\iTunesHelper.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
              2011-05-24 15:32   273544   ----a-w-   c:\program files\real\realplayer\Update\realsched.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
              2007-03-11 21:37   936960   -c--a-w-   c:\program files\Verizon\McciTrayApp.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
              2005-06-17 03:30   401408   -c--a-w-   c:\progra~1\Yahoo!\YOP\yop.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
              "DisableMonitoring"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
              "DisableMonitoring"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "c:\\Program Files\\America Online 9.0\\waol.exe"=
              "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
              "c:\\Program Files\\Common Files\\AOL\\1151195914\\ee\\aolsoftware.exe"=
              "c:\\Program Files\\Common Files\\AOL\\1151195914\\ee\\aim6.exe"=
              "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
              "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "c:\\Program Files\\AIM6\\aim6.exe"=
              "c:\\StubInstaller.exe"=
              "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
              "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
              "c:\\Program Files\\AOL 9.1a\\waol.exe"=
              "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
              "c:\\Program Files\\iTunes\\iTunes.exe"=
              "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
              .
              R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2009 1:40 PM 64160]
              R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]
              R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/21/2011 9:20 PM 84200]
              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 12880]
              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 67664]
              R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/3/2010 12:34 PM 116608]
              R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/16/2010 1:41 PM 94880]
              R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/21/2011 9:20 PM 271480]
              R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/21/2011 9:20 PM 271480]
              R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/21/2011 9:21 PM 188136]
              R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/21/2011 9:20 PM 141792]
              R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/21/2011 9:20 PM 56064]
              R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/21/2011 9:20 PM 314088]
              R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/21/2011 9:20 PM 88736]
              S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:43 AM 135664]
              S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:43 AM 135664]
              S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/21/2011 9:20 PM 88736]
              S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/21/2011 9:20 PM 84488]
              S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 12872]
              S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
              .
              --- Other Services/Drivers In Memory ---
              .
              *Deregistered* - mfeavfk01
              .
              Contents of the 'Scheduled Tasks' folder
              .
              2011-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
              .
              2011-10-01 c:\windows\Tasks\Google Software Updater.job
              - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-27 02:21]
              .
              2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 05:42]
              .
              2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 05:42]
              .
              2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614667138-659496962-2533976660-1006Core.job
              - c:\documents and settings\Sally Berger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 18:04]
              .
              2011-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614667138-659496962-2533976660-1006UA.job
              - c:\documents and settings\Sally Berger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 18:04]
              .
              2011-09-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-614667138-659496962-2533976660-1005.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              2011-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-614667138-659496962-2533976660-1006.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              2011-09-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-614667138-659496962-2533976660-1008.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              2011-09-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-614667138-659496962-2533976660-1005.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              2011-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-614667138-659496962-2533976660-1006.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              2011-09-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-614667138-659496962-2533976660-1008.job
              - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
              .
              .
              ------- Supplementary Scan -------
              .
              uStart Page = hxxp://www.aol.com/?ncid=toolbar
              uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
              mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
              uInternet Connection Wizard,ShellNext = iexplore
              uInternet Settings,ProxyOverride = *.local
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
              IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
              IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
              Trusted Zone: internet
              Trusted Zone: mcafee.com
              TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
              DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} - hxxp://www.flyword.com/loaderword_win.cab
              FF - ProfilePath - c:\documents and settings\Sally Berger\Application Data\Mozilla\Firefox\Profiles\byaog33o.default\
              FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
              FF - prefs.js: browser.search.selectedEngine - Google
              FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=
              FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
              FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
              FF - user.js: protocol-handler.warn-external.dnUpdate - false
              .
              .
              ------- File Associations -------
              .
              JSEFile=NOTEPAD.EXE %1
              .
              - - - - ORPHANS REMOVED - - - -
              .
              HKCU-Run-Aim6 - (no file)
              .
              .
              .
              **************************************************************************
              .
              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2011-09-30 21:34
              Windows 5.1.2600 Service Pack 3 NTFS
              .
              scanning hidden processes ... 
              .
              scanning hidden autostart entries ...
              .
              scanning hidden files ... 
              .
              scan completed successfully
              hidden files: 0
              .
              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------
              .
              - - - - - - - > 'winlogon.exe'(1004)
              c:\program files\SUPERAntiSpyware\SASWINLO.DLL
              c:\windows\system32\WININET.dll
              .
              Completion time: 2011-09-30  21:39:25
              ComboFix-quarantined-files.txt  2011-10-01 01:39
              .
              Pre-Run: 76,099,682,304 bytes free
              Post-Run: 76,100,141,056 bytes free
              .
              - - End Of File - - FE44F6CE61439463BED6CBA62550AACF

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Computer Problem
              « Reply #10 on: October 01, 2011, 11:16:00 AM »
              ComboFix is running from the wrong location. Please uninstall/delete your copy, download and install it on your desktop. Then run this script.
              Re-running ComboFix to remove infections:

              • Close any open browsers.
              • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
              • Open notepad and copy/paste the text in the quotebox below into it:
                Quote
                KillAll::

                SecCenter::
                67B2B9A1-25C8-4057-962D-807958FFC9E3

                DDS::
                Trusted Zone: internet
                Trusted Zone: mcafee.com

              • Save this as CFScript.txt, in the same location as ComboFix.exe



              • Referring to the picture above, drag CFScript into ComboFix.exe
              • When finished, it shall produce a log for you at C:\ComboFix.txt
              • Please post the contents of the log in your next reply.
              ***************************************************
              SysProt Antirootkit

              Download
              SysProt Antirootkit from the link below (you will find it at the bottom
              of the page under attachments, or you can get it from one of the
              mirrors).

              http://sites.google.com/site/sysprotantirootkit/

              Unzip it into a folder on your desktop.
              • Double click Sysprot.exe to start the program.
              • Click on the Log tab.
              • In the Write to log box select the following items.
                • Process << Selected
                • Kernel Modules << Selected
                • SSDT << Selected
                • Kernel Hooks << Selected
                • IRP Hooks << NOT Selected
                • Ports << NOT Selected
                • Hidden Files << Selected
              • At the bottom of the page
                • Hidden Objects Only << Selected
              • Click on the Create Log button on the bottom right.
              • After a few seconds a new window should appear.
              • Select Scan Root Drive. Click on the Start button.
              • When it is complete a new window will appear to indicate that the scan is finished.
              • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
              Windows 8 and Windows 10 dual boot with two SSD's

              bluecountry

                Topic Starter


                Apprentice

                Thanked: 1
                Re: Computer Problem
                « Reply #11 on: October 05, 2011, 01:04:19 PM »
                Hey man I just tried combo fix for 50 minutes, all it did was freeze up and waste my time what gives?  50 minutes and it just stood still!  Ok what now.....I finally could not take it and just unplugged the pc, then reran the scan waited another 30 min same result nothing and had to unplug as it froze.......ahhhhhhhh

                bluecountry

                  Topic Starter


                  Apprentice

                  Thanked: 1
                  Re: Computer Problem
                  « Reply #12 on: October 06, 2011, 12:12:23 AM »
                  Look this is not working I have downloaded and typed in what you said THRee times today and waited an hour each time ANd nothing happens I cannot devote three hours for the scan to do nothing.......why is my pc slow and can you help me fix it or do I need an in person repairman?

                  bluecountry

                    Topic Starter


                    Apprentice

                    Thanked: 1
                    Re: Computer Problem
                    « Reply #13 on: October 06, 2011, 10:45:33 AM »
                    OK, well I tried again.  It is not working.  When I run the combo fix scan, it begins with "this should take ten minutes but can easily double on infected pc's" and it just sits there for an hour.  When I go to cancel, it freezes, and I have to unplug the PC from the outlet.

                    Look, I have done this four times and spent four hours, and gotten nowhere.  The bottom line is, my PC is slow, I get script errors, my java is old, I can't verify it without getting errors, I have two anti-virus softwares running, one of which I never recall installing (threatfire), can't find, and can't seem to disable.
                    Little help on how to clean this mess?

                    Thanks.

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Computer Problem
                    « Reply #14 on: October 06, 2011, 01:12:23 PM »
                    Forget the ComboFix script for now and run the other scan.
                    Windows 8 and Windows 10 dual boot with two SSD's