Active Slow startup/sound and memory problems

[Active] Slow startup/sound and memory problems

Here are 2 postings from another forum. I've done my best to describe what happened/is happening:

So here's my problem(s). The other day I had a pc cillin scan running and I cancelled it...I wanted to restart because I had just installed 2 windows updates. It took forever to cancel and restart. Once it restarted, I tried to play a video that I had recently downloaded and the sound/picture was dragging and skipping. Then I tried to play a song and itunes took forever to open...the song was skipping and popping once i got it to play and that has never happened with my laptop. The songs seem to drag and skip more when i'm running multiple programs/scanning, etc, which leads me to believe that I have a memory issue. Everything from the Windows welcome chime to video skips and drags. I have also been receiving memory parity errors/ and the blue screen of death explaining physical memory dump, memory parity error, etc. Now when I restart, it takes forever to get to my windows startup screen and takes forever to start up and open programs...once I finally get my browser open it seems to navigate the web at a decent pace, but when i try to do anything else, it drags the speed down and worsens the audio performance. I've also noticed other things not working...just little things...like my laptop mouse pad scrolling does not work, i can navigate and click, but can't scroll. Just for the record, i use trend micro pc cillin and superantispyware regularly. Suggestions?

So I did a search with Kaspersky and here's what it found:

C:\Documents and Settings\Loren Pinette\Desktop\Music\What.CD Toolbox - Windows 2.0\Ripping\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br (in defense of this alert, i've been "assured" that it is a false positive)

C:\Program Files\Trend Micro\Internet Security 14\Quarantine\486.tmpInfected: not-a-virus:Client-IRC.Win32.mIRC.63 1

Here are the results from my DDS scan:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Loren Pinette at 16:55:58.93 on Sat 03/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1230 [GMT -5:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\DOCUME~1\LORENP~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Documents and Settings\Loren Pinette\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070109
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [RegistryMechanic]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236212039562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lorenp~1\applic~1\mozilla\firefox\profiles\q9bmcedj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\loren pinette\application data\mozilla\firefox\profiles\q9bmcedj.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2006-9-25 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2006-9-25 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-25 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2006-9-25 566872]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-9-25 280392]
S2 gupdate1c993cbfd15a78e;Google Update Service (gupdate1c993cbfd15a78e);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2007-1-9 386560]

=============== Created Last 30 ================

2009-03-07 08:25 <DIR> --d----- c:\windows\system32\CatRoot2
2009-03-06 20:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-03-06 20:51 <DIR> --d----- c:\program files\Security Task Manager
2009-03-06 18:28 <DIR> --d----- c:\docume~1\lorenp~1\applic~1\Uniblue
2009-03-04 20:46 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-04 20:29 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-03-04 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-04 18:43 <DIR> --d----- c:\docume~1\lorenp~1\applic~1\DriverCure
2009-03-04 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-03-04 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-03-03 22:05 <DIR> --d----- C:\ac04f7c215095df7097dcb40f4
2009-03-03 22:02 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-02 19:12 165,362 a------- c:\windows\hplj1320.hi2
2009-03-02 19:12 12,770 a------- c:\windows\hplj1320.bu2
2009-03-02 19:10 827,187 a------- c:\windows\hpclj3600m.hi2
2009-03-02 19:10 11 a------- c:\windows\hpclj3600m.bu2
2009-03-02 18:53 1,788 a------- c:\windows\hplj1320.hi1
2009-03-02 18:53 356 a------- c:\windows\hplj1320.bu1
2009-03-02 18:53 131,426 a------- c:\windows\hpclj3600g.hi1
2009-03-02 18:53 11 a------- c:\windows\hpclj3600g.bu1
2009-03-02 18:52 124,559 a------- c:\windows\hpclj3600m.hi1
2009-03-02 18:52 11 a------- c:\windows\hpclj3600m.bu1
2009-02-18 23:09 <DIR> --d----- c:\program files\Turbo Tax Audit Support Center
2009-02-18 22:18 <DIR> --d----- c:\docume~1\lorenp~1\applic~1\Intuit
2009-02-18 22:16 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-02-18 22:12 <DIR> --d----- c:\program files\common files\Intuit
2009-02-18 22:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-02-18 22:12 <DIR> --d----- c:\program files\TurboTax
2009-02-16 18:39 <DIR> --d----- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$

==================== Find3M ====================

2009-03-07 15:48 90,075 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-14 09:18 6,064 a------- c:\windows\system32\d3d9caps.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2007-01-17 19:18 553 ac------ c:\program files\FLAC frontend.ini
2003-04-18 09:46 4,096 ac------ c:\program files\win2dos.exe
2008-10-21 18:30 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102120081022\index.dat

============= FINISH: 16:58:16.51 ===============

I truly appreciate any help.

 

Hi lpine4
Welcome to WindowsBBS

I'm not seeing any malware in the log.

I would try a uninstall and reinstall of pc cillin and see if that helps.

Geri

 

No luck, but thanks anyway, Geri. When using a web browser, it runs pretty snappy, but i'm still getting bogged down when attempting to play any music/video and still has a very slow startup. My icons look all funny now too...with a blue shadow behind the icon. Do you think a reformat is the way to go?

 

Hi
Lets get a on line scan and see what it shows.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now a Scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

This was the infected file according to Kaspersky...I think it's a false positive. I think Kaspersky is finding a crack here.

C:\Documents and Settings\Ripping\freeripmp3.exe
Infected: not-a-virus:AdTool.Win32.MyWebSearch.br

*shrugs*

 

Hi
OK, first off we do not approve of cracked, hacked or otherwise stolen programs, music or games.

To receive any further help all the above must be removed from your system.

More then likely that is infected.
Geri

 

I apologize, Geri. I share my laptop with my brother and we both have external hd's, which I scanned. I have removed the programs from the system. It's taking even longer to startup and i'm having some other fishy problems. I'm thinking the best way to go from here is a reformat. I called dell for a boot disk and she couldn't guarantee that they will send me one so she told me that if I do not see a boot disk within 2 weeks that I should call microsoft and/or upgrade to Vista.

 

Hi
OK lets try this.
If promted to install the recovery console please do so.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

 

ComboFix 09-03-27.02 - Loren Pinette 2009-03-28 13:59:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1340 [GMT -4:00]
Running from: c:\documents and settings\Loren Pinette\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated)
FW: PC-cillin Internet Security - Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\uninstall.exe
E:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-11 21:32 . 2009-03-11 21:32 <DIR> d-------- c:\program files\Uniblue
2009-03-11 21:32 . 2009-03-11 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-11 21:30 . 2009-03-11 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-11 20:00 . 2009-03-11 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-11 20:00 . 2006-11-09 16:04 73,288 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-10 18:04 . 2009-03-10 18:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-08 10:26 . 2009-03-08 10:26 <DIR> d-------- c:\documents and settings\Loren Pinette\Application Data\Malwarebytes
2009-03-08 10:26 . 2009-03-08 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-07 09:25 . 2009-03-28 13:59 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-06 21:51 . 2009-03-06 21:51 <DIR> d-------- c:\program files\Security Task Manager
2009-03-06 21:51 . 2009-03-06 21:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-03-06 19:28 . 2009-03-11 21:32 <DIR> d-------- c:\documents and settings\Loren Pinette\Application Data\Uniblue
2009-03-04 21:46 . 2009-01-09 15:18 1,089,601 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-04 21:29 . 2009-03-06 21:18 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-03-04 20:36 . 2009-03-06 21:18 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-04 20:07 . 2009-03-04 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-04 19:43 . 2009-03-04 19:43 <DIR> d-------- c:\documents and settings\Loren Pinette\Application Data\DriverCure
2009-03-04 19:42 . 2009-03-04 19:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-04 19:42 . 2009-03-04 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverCure
2009-03-03 23:05 . 2009-03-03 23:10 <DIR> d-------- C:\ac04f7c215095df7097dcb40f4
2009-03-03 23:02 . 2009-03-04 08:19 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-02 20:12 . 2008-04-19 12:45 165,362 --a------ c:\windows\hplj1320.hi2
2009-03-02 20:12 . 2008-04-19 12:45 12,770 --a------ c:\windows\hplj1320.bu2
2009-03-02 20:10 . 2008-04-19 13:11 827,187 --a------ c:\windows\hpclj3600m.hi2
2009-03-02 20:10 . 2008-04-19 13:10 11 --a------ c:\windows\hpclj3600m.bu2
2009-03-02 19:53 . 2008-04-19 13:10 131,426 --a------ c:\windows\hpclj3600g.hi1
2009-03-02 19:53 . 2009-03-02 19:54 1,788 --a------ c:\windows\hplj1320.hi1
2009-03-02 19:53 . 2009-03-02 19:54 356 --a------ c:\windows\hplj1320.bu1
2009-03-02 19:53 . 2008-04-19 13:10 11 --a------ c:\windows\hpclj3600g.bu1
2009-03-02 19:52 . 2009-03-02 20:01 124,559 --a------ c:\windows\hpclj3600m.hi1
2009-03-02 19:52 . 2009-03-02 20:01 11 --a------ c:\windows\hpclj3600m.bu1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 23:18 --------- d-----w c:\documents and settings\Loren Pinette\Application Data\.gaim
2009-03-26 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-12 07:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 23:51 --------- d-----w c:\program files\Trend Micro
2009-03-11 23:32 --------- d-----w c:\program files\Essentials Codec Pack
2009-03-11 22:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 00:28 --------- d-----w c:\documents and settings\Loren Pinette\Application Data\foobar2000
2009-03-07 20:24 --------- d-----w c:\program files\Lavasoft
2009-03-07 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-07 01:24 --------- d-----w c:\documents and settings\Loren Pinette\Application Data\uTorrent
2009-03-05 01:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 12:19 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-03 00:16 --------- d-----w c:\program files\Hewlett-Packard
2009-03-03 00:15 --------- d--h--w c:\program files\Zero G Registry
2009-02-27 18:50 --------- d-----w c:\documents and settings\Loren Pinette\Application Data\Move Networks
2009-02-26 00:27 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-24 23:42 --------- d-----w c:\program files\PokerStars.NET
2009-02-21 02:27 --------- d-----w c:\program files\Google
2009-02-19 04:09 --------- d-----w c:\program files\Turbo Tax Audit Support Center
2009-02-19 03:18 --------- d-----w c:\documents and settings\Loren Pinette\Application Data\Intuit
2009-02-19 03:17 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-02-19 03:14 --------- d-----w c:\program files\Common Files\Intuit
2009-02-19 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-19 03:12 --------- d-----w c:\program files\TurboTax
2009-02-14 00:14 --------- d-----w c:\program files\Java
2007-01-18 00:18 553 -c--a-w c:\program files\FLAC frontend.ini
2003-04-18 14:46 4,096 -c--a-w c:\program files\win2dos.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-25 1830128]
"OE_OEM "= "c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-11-01 321040]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTSysVol "= "c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task "= "c:\program files\QuickTime Alternative\qttask.exe" [2008-09-06 413696]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"pccguide.exe "= "c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-25 c:\windows\stsystra.exe]
"MBMon "= "CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-10 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 20:24 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis "= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 04:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 11:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\uTorrent\\utorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-11-16 36368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-11-09 280392]
S2 gupdate1c993cbfd15a78e;Google Update Service (gupdate1c993cbfd15a78e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-15 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2007-01-10 386560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{437f4def-a5ab-11db-966e-806d6172696f}]
\shell\play\Command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L "
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 21:02]

2009-03-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:27]

2009-03-28 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Loren Pinette\Application Data\Mozilla\Firefox\Profiles\q9bmcedj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Loren Pinette\Application Data\Mozilla\Firefox\Profiles\q9bmcedj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 14:16:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\*& 2*]
"Path "= "c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\ "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1488)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-03-28 14:24:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-28 18:24:17

Pre-Run: 66,778,251,264 bytes free
Post-Run: 66,994,352,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=19 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
248 --- E O F --- 2009-03-22 10:26:23

 

Hi
OK lets get a on line scan again.

Please run ATF Cleaner and do another Kaspersky scan.

Thanks
Geri

 

Sorry i've slept on this, Geri. I've been extremely busy with work and went on vacation. Is there somewhere you can point me on the site/net for reformatting advise? I have my orange reinstallation DVD along with my blue drivers and utility disk and my pc cillin reinstallation disk. I have most everything I need backed up, but I want to make sure I go through the right steps. Thanks for your help, but i've been meaning to reformat for some time, I just haven't had my software.

 

Hi
Ok here is a site on reformatting.

Reformatting WindowsXP

Geri