Solved Slow Computer ? Virus

[Resolved] Slow Computer ? Virus

Laptop has not been used for several weeks. Being used now by guest who repeatedly complained of it being slow. Ran Malewarebytes and viruses present. My DDS report.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Dell at 5:33:23.14 on Fri 02/20/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.167 [GMT -5:00]

AV: AVG *On-access scanning disabled* (Outdated)
AV: avast! antivirus 4.8.1335 [VPS 090219-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\PermissionResearch\prmrsr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=l4HxehpLgiRGwAO_03CWBA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://home.jzip.com/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar with netassistant\NetAssistant.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Smart-Shopper: {4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar with netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
mRun: [PermissionResearch] c:\program files\permissionresearch\prmrsr.exe -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HostManager] c:\program files\common files\aol\1211762669\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\dell\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\dell\startm~1\programs\startup\is-6sg0r.lnk - c:\documents and settings\dell\desktop\virus removal tool2\is-6sg0r\Startup.exe
StartupFolder: c:\docume~1\dell\startm~1\programs\startup\mostfun.lnk - c:\program files\mostfun\bin\MostFun.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1221952782890
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: PermissionResearch - c:\program files\permissionresearch\prls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\pm324p90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11080&client_id=a88688f2d8482313961c82c2&camp_id=93&install_time=2008-11-27T00:00:52Z&tb_version=2.0.0%28F%29pr=auto&q=
FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\pm324p90.default\extensions\{d7d30ba6-d1f4-4aa9-9187-f20c30930597}\components\FFAlert.dll
FF - component: c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
FF - component: c:\program files\permissionresearch\components\prxg.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\dell\application data\mozilla\firefox\profiles\pm324p90.default\extensions\npmozax@real.com\plugins\npmozax.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PermissionResearch

---- FIREFOX POLICIES ----

FF - user.js: browser.tabs.warnOnClose - true
FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: browser.sessionstore.resume_from_crash - true
FF - user.js: browser.startup.page - 1c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149 ", "AllAccess ");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE ", "AllAccess ");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-19 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-11 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-11 26824]
R1 is-1QOP6drv;is-1QOP6drv;c:\windows\system32\drivers\77576011.sys [2009-1-5 148496]
R1 is-6SG0Rdrv;is-6SG0Rdrv;c:\windows\system32\drivers\13878492.sys [2009-1-5 148496]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2008-9-17 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-19 138680]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-11 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-11 76040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-24 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-24 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-24 144704]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-19 352920]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-9-17 8832]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-8-15 38496]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-24 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-24 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-24 34152]
S2 0096691229613516mcinstcleanup;McAfee Application Installer Cleanup (0096691229613516);c:\windows\temp\009669~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\009669~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 avg8emc;AVG Free8 E-mail Scanner; [x]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-24 605512]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-24 40488]
S3 utk0mtqy;AVZ Kernel Driver; [x]

=============== Created Last 30 ================

2009-02-02 16:23 <DIR> --d----- c:\program files\WebEx
2009-01-30 18:43 <DIR> --d----- c:\program files\ABBYY FineReader 6.0
2009-01-30 18:43 <DIR> --d----- c:\program files\ABBYY FineReader 5.0 Sprint
2009-01-30 18:41 <DIR> --d----- c:\program files\Lexmark X6100 Series
2009-01-30 18:35 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-30 18:35 25,856 a------- c:\windows\system32\drivers\usbprint.sys

==================== Find3M ====================

2009-02-20 05:34 87,494,688 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-19 20:29 979,532 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-08 20:45 389,120 a------- c:\windows\system32\CF28291.exe
2009-01-08 20:38 389,120 a------- c:\windows\system32\CF26953.exe
2009-01-08 20:38 389,120 a------- c:\windows\system32\CF26946.exe
2008-12-22 16:50 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-24 11:10 410,976 a------- c:\windows\system32\deploytk.dll
2008-09-07 09:31 0 a------- c:\program files\temp01
2008-07-24 09:17 61,224 a------- c:\documents and settings\dell\GoToAssistDownloadHelper.exe
2008-07-22 13:44 110 a------- c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2008-07-07 14:56 774,144 a------- c:\program files\RngInterstitial.dll
2002-07-01 09:13 224 a--sh--- c:\docume~1\dell\applic~1\maildriver32.dat

============= FINISH: 5:35:00.00 ===============

 

Have removed the antivirus. Thanks Pete

 

Still have gotten no reply to this, did run a new
Malwarebytes today,will post, no viruses found. Will someone advise me where to go now for help to troubleshoot the slowness of this computer?
Malwarebytes' Anti-Malware 1.34
Database version: 1795
Windows 5.1.2600 Service Pack 3

2/22/2009 7:47:59 PM
mbam-log-2009-02-22 (19-47-59).txt

Scan type: Quick Scan
Objects scanned: 89391
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Pete.
Didn't mean to appear impatient, my apologies. I think I have had such a problem with printer business and still no help with that. It usually doesn't take this long in this category to get a response. I'm just trying to find out if I should continue on the virus path or go to a different category.
Thanks for responding,
Dee

 

Thanks Pete, Geri is working on another post and I gave him a heads up this AM. I'll run a Kaspersky and post it just to make sure.
Dee

 

I cannot get Kaspersky to scan this computer. I've tried 2 different browsers, tried scanning critical areas and folders only and it will not scan. It starts and will run up to 30 mins and stop. I don't know anything else to do.

 

Hi Dee
Try this one.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Geri

 

Geri,
The full scan stopped after 30% done and I can't remember how many infected files there were but it was it more that this quick scan indicates. Have report from quick scan which I did get to complete.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-26 03:18:37
PROTECTIONS: 2
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 0.0 No No
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040538 adware/zango Adware No 0 Yes No c:\program files\zango programs
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@mediaplex[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@atwola[1].txt
00477382 Application/OSSProxy HackTools Yes 0 Yes No C:\Program Files\PermissionResearch\prls.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
No C:\Program Files\PermissionResearch\prmrsr.exe 
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Geri,

I ran Panda scan for 9 hrs today and think I completed the scan. I am posting the report I exported.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2008 4:45:43 PM
System Uptime: 2/19/2009 8:30:03 PM (9 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T1300 @ 1.66GHz | Microprocessor | 1312/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 178.871 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP124: 11/22/2008 9:58:52 AM - Installed Windows Media Player 11
RP125: 11/22/2008 10:01:06 AM - Installed Windows XP MSCompPackV1.
RP126: 11/22/2008 5:56:58 PM - Installed Between the Worlds
RP127: 11/23/2008 2:18:34 PM - Restore Operation
RP128: 11/23/2008 3:44:23 PM - Revo Uninstaller's restore point - AVG Free 8.0
RP129: 11/23/2008 4:02:41 PM - Installed Windows Installer Clean Up
RP130: 11/23/2008 4:04:52 PM - Revo Uninstaller's restore point - PC Power Partner Full
RP131: 11/23/2008 4:05:07 PM - Removed PC Power Partner Full
RP132: 11/23/2008 5:35:38 PM - Installed AVG Free 8.0
RP133: 11/23/2008 5:46:00 PM - Avg8 Update
RP134: 11/23/2008 5:47:02 PM - Avg8 Update
RP135: 11/24/2008 10:30:42 AM - Restore Operation
RP136: 11/24/2008 11:10:32 AM - Installed Java(TM) 6 Update 10
RP137: 11/24/2008 4:19:02 PM - Revo Uninstaller's restore point - AVG Free 8.0
RP138: 11/24/2008 6:52:58 PM - Revo Uninstaller's restore point - AOL Toolbar for Internet Explorer
RP139: 11/24/2008 6:54:37 PM - Revo Uninstaller's restore point - AOL Toolbar for Firefox
RP140: 11/27/2008 1:03:39 AM - System Checkpoint
RP141: 11/28/2008 1:50:44 AM - System Checkpoint
RP142: 11/29/2008 7:05:46 AM - System Checkpoint
RP143: 12/1/2008 12:24:57 PM - System Checkpoint
RP144: 12/2/2008 12:27:40 PM - System Checkpoint
RP145: 12/4/2008 5:49:41 PM - System Checkpoint
RP146: 12/4/2008 8:39:23 PM - Installed Lost Secrets Bermuda Triangle
RP147: 12/4/2008 10:17:38 PM - Installed Enigma 7
RP148: 12/6/2008 3:59:55 AM - System Checkpoint
RP149: 12/7/2008 7:54:09 PM - Installed Yard Sale Hidden Treasures Sunnyville
RP150: 12/8/2008 10:37:11 AM - Installed Hawaiian Explorer Lost Island
RP151: 12/9/2008 11:08:33 AM - System Checkpoint
RP152: 12/10/2008 5:19:18 PM - System Checkpoint
RP153: 12/10/2008 11:07:21 PM - Software Distribution Service 3.0
RP154: 12/11/2008 3:00:30 AM - Software Distribution Service 3.0
RP155: 12/12/2008 3:40:34 AM - System Checkpoint
RP156: 12/12/2008 3:09:42 PM - Software Distribution Service 3.0
RP157: 12/13/2008 3:00:40 AM - Software Distribution Service 3.0
RP158: 12/14/2008 6:48:52 PM - System Checkpoint
RP159: 12/16/2008 2:31:22 PM - Revo Uninstaller's restore point - Trojan Remover 6.7.5
RP160: 12/17/2008 5:00:46 PM - System Checkpoint
RP161: 12/18/2008 3:00:19 AM - Software Distribution Service 3.0
RP162: 12/19/2008 7:02:35 PM - Installed DirectX
RP163: 12/19/2008 7:22:44 PM - Revo Uninstaller's restore point - Ask Toolbar
RP164: 12/19/2008 7:26:24 PM - Revo Uninstaller's restore point - Treasure Masters, Inc.
RP165: 12/19/2008 7:27:29 PM - Revo Uninstaller's restore point - Alawar Game Box
RP166: 12/19/2008 7:29:33 PM - Revo Uninstaller's restore point - Wyzo 0.5.3
RP167: 12/19/2008 7:30:50 PM - Revo Uninstaller's restore point - Vuze
RP168: 12/20/2008 12:32:19 AM - Software Distribution Service 3.0
RP169: 12/20/2008 4:32:14 AM - Installed DirectX
RP170: 12/21/2008 7:23:45 AM - Software Distribution Service 3.0
RP171: 12/21/2008 2:00:00 PM - Installed WinZip 12.0
RP172: 12/21/2008 2:10:17 PM - Revo Uninstaller's restore point - Zango
RP173: 12/21/2008 5:02:45 PM - Revo Uninstaller's restore point - 7-Zip 4.57
RP174: 12/21/2008 5:12:11 PM - Software Distribution Service 3.0
RP175: 12/21/2008 5:36:59 PM - Revo Uninstaller's restore point - WinZip 12.0
RP176: 12/21/2008 5:37:25 PM - Removed WinZip 12.0
RP177: 12/22/2008 3:45:28 AM - Software Distribution Service 3.0
RP178: 12/22/2008 3:54:47 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP179: 12/22/2008 3:58:29 PM - Installed Microsoft Office Word Viewer 2003
RP180: 12/22/2008 4:23:53 PM - Software Distribution Service 3.0
RP181: 12/22/2008 11:22:22 PM - Software Distribution Service 3.0
RP182: 12/23/2008 2:44:17 PM - Software Distribution Service 3.0
RP183: 12/24/2008 4:58:28 PM - System Checkpoint
RP184: 12/27/2008 2:06:16 PM - Installed Driver Detective
RP185: 12/27/2008 2:16:47 PM - Installed Driver Detective
RP186: 12/28/2008 1:26:12 AM - Installed Driver Detective
RP187: 12/28/2008 11:14:03 AM - Installed Driver Detective
RP188: 12/29/2008 11:45:20 AM - System Checkpoint
RP189: 12/30/2008 2:15:22 PM - System Checkpoint
RP190: 12/31/2008 6:24:57 PM - System Checkpoint
RP191: 1/1/2009 12:36:54 AM - ComboFix created restore point
RP192: 1/1/2009 2:31:44 AM - Installed Driver Detective
RP193: 1/1/2009 4:15:27 PM - Installed Driver Detective
RP194: 1/1/2009 11:22:15 PM - Installed Hidden Relics
RP195: 1/3/2009 4:10:18 AM - System Checkpoint
RP196: 1/4/2009 11:27:09 AM - System Checkpoint
RP197: 1/5/2009 3:36:42 AM - Revo Uninstaller's restore point - avast! Antivirus
RP198: 1/5/2009 7:49:10 AM - Revo Uninstaller's restore point - Animal Agents (remove only)
RP199: 1/6/2009 10:03:06 AM - System Checkpoint
RP200: 1/7/2009 12:59:43 PM - System Checkpoint
RP201: 1/8/2009 1:02:21 PM - System Checkpoint
RP202: 1/9/2009 2:49:54 PM - System Checkpoint
RP203: 1/10/2009 8:25:15 PM - System Checkpoint
RP204: 1/11/2009 11:06:13 PM - System Checkpoint
RP205: 1/13/2009 12:56:45 AM - System Checkpoint
RP206: 1/14/2009 3:09:23 PM - System Checkpoint
RP207: 1/15/2009 3:00:28 AM - Software Distribution Service 3.0
RP208: 1/16/2009 11:32:34 AM - System Checkpoint
RP209: 1/17/2009 12:02:04 PM - System Checkpoint
RP210: 1/18/2009 2:19:58 PM - System Checkpoint
RP211: 1/19/2009 11:32:03 PM - System Checkpoint
RP212: 1/21/2009 6:48:17 AM - System Checkpoint
RP213: 1/22/2009 6:55:43 AM - System Checkpoint
RP214: 1/28/2009 6:40:56 PM - System Checkpoint
RP215: 1/29/2009 7:12:14 PM - System Checkpoint
RP216: 1/30/2009 6:41:53 PM - Installed Print to Fax
RP217: 1/30/2009 6:43:13 PM - Printer Driver CAPTURE FAX Installed
RP218: 1/31/2009 7:15:18 PM - System Checkpoint
RP219: 2/2/2009 4:25:40 PM - Installed Cisco Network Magic
RP220: 2/2/2009 4:26:49 PM - Printer Driver Lexmark Z600 Series Installed
RP221: 2/2/2009 5:01:35 PM - Removed Cisco Network Magic
RP222: 2/2/2009 5:02:46 PM - Removed Pure Networks Platform
RP223: 2/14/2009 9:45:08 AM - Software Distribution Service 3.0
RP224: 2/17/2009 5:17:51 PM - System Checkpoint
RP225: 2/19/2009 1:06:56 PM - System Checkpoint

==== Installed Programs ======================


10 Days Under The Sea
ABBYY FineReader 5.0 Sprint Plus
Abundante!
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9
Adobe Shockwave Player
Agatha Christie - Death on the Nile
Age of Emerald
Age of Emerald (remove only)
AI RoboForm (All Users)
Amazing Adventures The Lost Tomb
Anabel 1.00
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Arctic Quest 2 (remove only)
Around the World in 80 Days
Ashley Jones: The Heart Of Egypt
aspi
Atlantis Quest
avast! Antivirus
Between the Worlds
Big City Adventure-Sydney Australia
Broadcom 440x 10/100 Integrated Controller
CCHelp
CCleaner (remove only)
CCScore
Christmasville (remove only)
Compatibility Pack for the 2007 Office system
Concentration
Conexant HDA D110 MDC V.92 Modem
CR2
Dell Media Experience
Dell Resource CD
Dell Wireless WLAN Card
Diamond Detective
Discovery
Dream Day Wedding
Enigma 7
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Fabulous Finds
Fairy Jewels 2 1.0
Forgotten Riddles
Forgotten Riddles - The Mayan Princess
Frosty Games
GameHouse
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hawaiian Explorer Lost Island
Hidden Expedition - Titanic
Hidden Expedition Everest
Hidden Mysteries Civil War
Hidden Relics
Hidden Wonders of the Depths (remove only)
Hidden World Of Art 1.00
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
Hoteis Jewels
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Invoke Solutions Participant 6.2.0.1450
IWON Games - The Rise of Atlantis (remove only)
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Jewel Fever
Jigsaws Galore
jZip
Kaspersky Online Scanner
Kodak EasyShare printer dock
Kodak EasyShare software
KSU
Laura Jones and the Gates of Good and Evil (remove only)
Lexmark X6100 Series
Lexmark Z600 Series
Little Shop - Road Trip
Little Shop of Treasures 2
Lost Secrets Bermuda Triangle
Luxor 2
Luxor 3
Magic Drop
Magic Encyclopedia
Magic Jigsaw
Magic Runes
Malwarebytes' Anti-Malware
Masters Of Mystery - Crime Of Fashion
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Beta 2
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MostFun - Atlantis Quest
MostFun - Big City Adventure: San Francisco
MostFun - GHOST Hunters: The Haunting of Majesty Manor
MostFun - Ghost in the Sheet
MostFun - Jewel Quest
MostFun - Legend of Aladdin
MostFun - Luxor 3
MostFun - Mortimer and the Enchanted Castle
MostFun - Pirate Island
MostFun Game Player
MostFun.com Games - Age of Emerald (remove only)
MostFun.com Games - Around the World in 80 Days (remove only)
MostFun.com Games - Ashley Jones: The Heart Of Egypt (remove only)
MostFun.com Games - Atlantis Quest (remove only)
MostFun.com Games - Discovery (remove only)
MostFun.com Games - Jewel Fever (remove only)
MostFun.com Games - Luxor 2 (remove only)
MostFun.com Games - Luxor 3 (remove only)
MostFun.com Games - Neverland (remove only)
MostFun.com Games - Rainbow Mystery (remove only)
MostFun.com Games - Righteous Kill (remove only)
MostFun.com Games - The Lost Cases of Sherlock Holmes (remove only)
MostFun.com Games - Treasure Masters (remove only)
Mozilla Firefox (3.0.6)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My.Freeze.com Toolbar with NetAssistant
Mysterious Travel - beta
Mystery Case Files - Prime Suspects
Mystery Case Files - Ravenhearst
Mystery Case Files Huntsville
Mysteryville
Nancy Drew(R) - Dossier(TM) - Lights, Camera, Curses!
Neverland
Nielsen//NetRatings
Notifier
Ocucom PreCast 1.6
OTtBP
ParetoLogic Data Recovery
PC Fixer
PCDLNCH
PermissionResearch
Pharaoh Puzzle
Pirateville (remove only)
PowerDVD 5.5
Print to Fax
QuickSet
QuickTime
Rainbow Mystery
Rainforest Adventure
RealArcade
RealPlayer
Remote Process Explorer version 1.0.0.16
Retail Virtual EVE
Revo Uninstaller 1.75
Rhombis
Righteous Kill
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SFR
SFR2
Shockwave
SigmaTel Audio
SmartShopper
Sonic Update Manager
Sultan of Persia
Super Collapse Puzzle Gallery 4
Super Collapse! 3
Super Collapse! Puzzle Gallery 3
Super Collapse! Puzzle Gallery 4
Super Jigsaw Caboodle
Synaptics Pointing Device Driver
The Hidden Prophecies of Nostradamus 1.00
The Lost Cases of Sherlock Holmes
The Lost Treasures Of Alexandria
The Rise of Atlantis
Treasure Masters
Treasure Puzzle
Unicorn Castle 1.0
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Val Gor
VCAMCEN
Viewpoint Media Player
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows Update Remover
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
WordPerfect Office X3
Yahoo! Toolbar for Internet Explorer
Yard Sale Hidden Treasures Sunnyville
Zuma Deluxe
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

2/17/2009 2:48:15 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2009 2:48:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
2/17/2009 2:44:33 PM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The system cannot find the file specified.
2/19/2009 10:34:14 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

 

Hi Dee
OK that was a DDS log. Did you save the Panda report?

Geri

 

Geri,
Sorry about that, got the right one this time. This computer is so slow that you lose you lose your train of thought.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-26 18:23:28
PROTECTIONS: 2
MALWARE: 17
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 0.0 No No
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040538 adware/zango Adware No 0 Yes No c:\program files\zango programs
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@mediaplex[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Dell\Cookies\dell@atwola[1].txt
00477382 Application/OSSProxy HackTools Yes 0 Yes No C:\Program Files\PermissionResearch\prls.dll
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP179\A0059164.sys
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP191\A0066867.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP191\A0066823.sys
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP196\A0068010.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Dell\Desktop\ComboFix.exe
03666291 Spyware/MarketScore Spyware No 1 No No C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\pm324p90.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}\prinstaller.msi[unk_0022][prmrsr]
03703215 Spyware/MarketScore Spyware No 1 No No C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\pm324p90.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}\prinstaller.msi[unk_0022][prls]
03904610 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\Program Files\Escape the Museum\Uninstall.exe
04034585 Spyware/MarketScore Spyware No 1 Yes No C:\Program Files\OpinionSquare\opnsqr.exe
04128739 Adware/KoolBar Adware No 0 No No C:\Documents and Settings\Dell\Desktop\misc installer 3\jZipV1c.exe[²Ã‡Ã‡.exe]
04415496 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP177\A0059109.exe[LaunchHelp.dll]
05055922 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Dell\My Documents\Fix co
05055922 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Dell\My Documents\Fix combo 1
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Dell\Desktop\Misc installers 2\persian\Sherlock Holmes - The Mystery of the Persian Carpet\qdxrmcx.exe
No C:\Documents and Settings\Dell\Desktop\Misc installers 2\persian.rar[Sherlock Holmes - The Mystery of the Persian Carpet\qdxrmcx.exe]
No C:\Documents and Settings\Teva\Local Settings\Application Data\Mozilla\Firefox\Profiles\x3if5bfe.default\Cache(2)\09E9772Ed01
No C:\GameHouse Games\Magic Encyclopedia\magic.exe
No C:\My Games\Diner Dash(R) - Flo Through Time(TM)\Diner Dash-Flo Through Time.exe
No C:\Program Files\Games\The Hidden Prophecies of Nostradamus\Nostradamus.exe
No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP191\A0066700.exe[²«Ã‡]
No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP191\A0066703.exe[²«Ã‡]
No C:\System Volume Information\_restore{993AF628-CAAA-4A28-8568-6EFEF7E4E15E}\RP191\A0066704.exe[²«Ã‡]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Geri,

Decided to try Kaspersky on Safe Mode and it worked and I've got the reoport. Didn't feel good about the acuracy of the Panda reports.

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 27, 2009 18:25:22
Records in database: 1853238


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 147535
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 02:08:54

File name Threat name Threats count
C:\Documents and Settings\Dell\Desktop\Misc installers\MostFun-Age of Emerald.zip Infected: Trojan-Downloader.Win32.Agent.biba 2

C:\Documents and Settings\Dell\Desktop\Misc installers\SD_Neptunes_Secret\Neptunes Secret\NeptunesSecret.exe Infected: Trojan-Downloader.Win32.Agent.biba 1

C:\Documents and Settings\Dell\Desktop\Misc installers\SD_Neptunes_Secret\Neptunes Secret\NeptunesSecret.exe.BAK Infected: Trojan-Downloader.Win32.Agent.biba 1

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll.vir Infected: not-a-virus:WebToolbar.Win32.Zango.bd 1

The selected area was scanned.

 

Hi Dee

Delete these folders.
c:\program files\zango programs
C:\Program Files\Escape the Museum
C:\Documents and Settings\Dell\My Documents\Fix co
C:\Documents and Settings\Dell\My Documents\Fix combo 1
C:\Documents and Settings\Dell\Desktop\Misc installers\SD_Neptunes_Secret
C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\pm324p90.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}

Delete these files
C:\Documents and Settings\Dell\Desktop\misc installer 3\jZipV1c.exe
C:\Documents and Settings\Dell\Desktop\Misc installers\MostFun-Age of Emerald.zip


MarketScore is spyware I would delete it.
http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99

C:\Program Files\OpinionSquare

Both of these are in your Add/Remove list.
You can not have 2 Anti Virus programs running
McAfee SecurityCenter
avast! Antivirus

Delete ComboFix.exe from your Desktop.

Turn off and on your System Restore as you did in the other post.

Let me know how things are running.

Thanks
Geri

 

Geri,

Removed all the files. You wouldn't believe how slow this computer is, takes forever to open a file and then you cant close it.

Dee

 

Hi Dee
You have multiple games downloaded, I would go through your Add/Remove list and delete any games you don't play.

I'm not sure I understand this? Open what files? Please give me some more information on what you mean.

Thanks
Geri

 

Whenever I try open any file or even a browser, it takes forever to open and when I finally get get it open then I can't it to close. I have to use task manager to close the file or power down the computer. Its impossible to search for anything online. Im not using it now, I only use it to do the things you direct me to.
I delete the games as soon as I finish them.

Dee

 

Do you know when the last time it was Defraged and a checkdisk ran on it?