Solved Win32/Heur, (I think)

[Resolved] Win32/Heur, (I think)

Hello, awhile back I had gotten a virus (end of Dec beginning of Jan) Panda online found 6 infections and my AVG found Win32/Heur and Klone plus deleted 9 trojans. I don't have the Panda log, I accidently deleted it. Ever since my computer has slow to startup and to load programs. Today I downloaded Malwarebytes and ran a full scan and it found these in my Registry; Trojan.Agent, Rogue.WinAntivirus, Spyware.Agent.H, Hijack.Tray (after this one it has this, ->Bad: (C:\DOCUME~1\RICKAN~1\LOCALS~1\Temp\\shell32.dll) Good: (stobject.dll))
All were quaranttined and deleted.

My husband needs to do some schooling online for his job so I really need to make sure all traces are gone, and get rid of the slowdown if possible.

Thanks for your help.
Deb


DDS (Ver_09-02-01.01) - NTFSx86
Run by Rick and Deb at 20:53:11.17 on Sat 03/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.166 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Documents and Settings\Rick and Deb\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.myway.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather Pulse] c:\program files\weather pulse\weatherpulse.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\rickan~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\windows\system32\SYSTRAY.EXE
mPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-23 28544]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-12-4 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-8 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-8 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-8 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-14 266240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 mrtRate;mrtRate; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-03-14 17:01 <DIR> --d----- c:\docume~1\rickan~1\applic~1\Malwarebytes
2009-03-14 17:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-14 17:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 17:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 08:44 186,097 a------- c:\windows\system32\nvapps.xml
2009-03-14 08:43 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-03-14 08:43 <DIR> --d----- C:\NVIDIA
2009-03-14 08:38 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-02-25 07:48 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-23 11:49 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-14 17:45 266,240 a------- c:\windows\system32\CSHelper.exe
2009-02-14 17:45 225,280 a------- c:\windows\system32\CSInstru.DLL
2009-02-14 17:45 <DIR> --d----- c:\windows\ArtistScope Plugin IE 42

==================== Find3M ====================

2009-02-25 18:17 76,720 a------- c:\docume~1\rickan~1\applic~1\GDIPFONTCACHEV1.DAT
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-31 09:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 09:42 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 09:42 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-09 07:47 578,560 a------- c:\windows\system32\user32.DLL
2009-01-08 20:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-08 11:20 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2006-11-08 09:17 774,144 a------- c:\program files\RngInterstitial.dll
2001-07-26 17:58 47 a------- c:\program files\ACMonitor_X73.ini
2001-07-05 13:46 8,116 a------- c:\program files\OSLO3071b2.USB
2001-05-11 12:39 53,248 a------- c:\program files\ACMonitor_X73.exe
2001-05-08 17:36 114,688 a------- c:\program files\lxarscan.dll
2001-04-23 15:22 1,437 a------- c:\program files\gtx73.ini
2001-02-22 10:54 768 a------- c:\program files\x73_lut.dat
2005-05-05 18:42 379,904 ---sh--- c:\windows\config\rcagv.bak1
2005-05-06 18:42 383,854 ---sh--- c:\windows\config\rcagv.bak2
2008-08-30 08:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 20:54:37.18 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2003 10:46:23 PM
System Uptime: 3/14/2009 5:50:23 PM (3 hours ago)

Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 57.049 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/11/2009 1:53:47 PM - System Checkpoint
RP2: 3/12/2009 4:41:20 PM - System Checkpoint
RP3: 3/13/2009 1:09:03 AM - Software Distribution Service 3.0
RP4: 3/14/2009 2:01:07 AM - System Checkpoint

==== Installed Programs ======================


Acrophobia
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11
Adobe Type Manager 4.0
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan_CDA
AiOSoftwareNPI
ArtistScope Plugin IE 42
AVG Free 8.0
Banctec Service Agreement
BCM V.92 56K Modem
Bejeweled Deluxe 1.862
BroadJump Client Foundation
BufferChm
Contraptions Demo
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Cross Stitch Design Studio
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
Destinations
DeviceManagementQFolder
Digital Locker Assistant
DocProc
DS21Patch
DVD Shrink 3.2
DVDSentry
Edmark - FrippleTown (Remove only)
eSupportQFolder
F300
F300_Help
F300Trb
Family Tree Maker 2006
Family Tree Maker Version 16
Fax_CDA
Free Password Manager Plus
GdiplusUpgrade
Generations® Deluxe 6
GenSmarts
Hard Truck 2
Help and Support Customization
Hot Rod Garage to Glory
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hoyle Board Games 3 Demo
Hoyle Card Games 2 OEM
Hoyle Casino 5
Hoyle Solitaire and Mahjong
Hoyle Word Games Demo
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Default Page
Internet Explorer Q903235
Invoke Solutions Participant 6.2.0.1450
Itiva Media Accelerator
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Keynote Connector
KODAK EASYSHARE Gallery Upload ActiveX Control
Logitech Gaming Software
Logitech MouseWare 9.70
Malwarebytes' Anti-Malware
MarketResearch
MasterCook 6: Deluxe Edition
Match-Up!
MediaFACE 4.0
MediaFACE 4.0 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Command & Control Engine
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Speech API 3.0
Microsoft Speech Lexicon
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (2.0.0.17)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
NewCopy_CDA
NVIDIA Display Driver
NVIDIA Drivers
Panda ActiveScan
Panda ActiveScan 2.0
Panda spyXposer
PCStitch 5
PCStitch Lite
PCStitch Pattern Viewer
Personal Ancestral File 5
Personalized Learning Center
Picasa 3
PowerDVD
ProductContextNPI
Puzzle Master
Qualxserve Service Agreement
Quicken 2004
QuickTime
Reader Rabbit's Reading Ages 4-6
Reader Rabbit Personalized Kindergarten
Reader Rabbit Personalized Preschool
Readme
RealArcade
RealOne Player
Ricochet Lost Worlds
Riddle of the Sphinx(tm)
ROBLOX
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Solitaire
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Status
Stop the Morbuzakh (remove only)
SUPERAntiSpyware Free Edition
System Requirements Lab
Tonka Raceway
Toolbox
TrayApp
Ultimate Mahjongg 15
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
User Profile Hive Cleanup Service
Weather Pulse 2.05 build 26
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

3/9/2009 5:38:48 AM, error: Service Control Manager [7000] - The mrtRate service failed to

start due to the following error: The system cannot find the file specified.
3/9/2009 5:38:48 AM, error: Service Control Manager [7000] - The Lexmark X73 MFP

Scanner service failed to start due to the following error: The system cannot find the file

specified.
3/8/2009 1:00:39 PM, error: Service Control Manager [7000] - The WMDM PMSP Service

service failed to start due to the following error: The system cannot find the path specified.
3/8/2009 1:00:39 PM, error: Service Control Manager [7000] - The User Profile Hive

Cleanup service failed to start due to the following error: The system cannot find the path

specified.
3/14/2009 4:56:01 AM, error: ATMhelpr [43] -
3/14/2009 5:51:28 PM, error: sr [1] - The System Restore filter encountered the unexpected

error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has

stopped monitoring the volume.

==== End Of File ===========================

 

Hi rdmu85
Welcome to WindowsBBS

Please do the following in the order given.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • c:\windows\config\rcagv.bak1
• Click on the submit button
  
• Please post the results in your next reply.

Now this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Please post the Jotti results and the Combofix log.

Thanks
Geri

 

Thank you for your help. Combofix had me download and install 'Windows Recovery Console'. Here are the two logs.

Deb

Jotti's malware scan

File: rcagv.bak1
Status: OK
MD5: 9a3c70451d6ec86262e3e0226caf3108
Packers detected: -
Scan taken on 20 Mar 2009 03:15:36 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

***

ComboFix 09-03-18.01 - Rick and Deb 2009-03-19 22:30:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.217 [GMT -5:00]
Running from: c:\documents and settings\Rick and Deb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rick and Deb\Local Settings\Temporary Internet Files\favicon.ico
c:\windows\patch.exe
c:\windows\system32\drivers\atmapi.sys
c:\windows\system32\open.ico

.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2100-02-23 15:35 . 2001-02-22 10:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 17:03 . 2001-05-11 12:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2009-03-14 17:01 . 2009-03-14 18:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 17:01 . 2009-03-14 17:01 <DIR> d-------- c:\documents and settings\Rick and Deb\Application Data\Malwarebytes
2009-03-14 17:01 . 2009-03-14 17:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 17:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-14 17:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-14 08:44 . 2009-03-19 13:20 186,097 --a------ c:\windows\SYSTEM32\nvapps.xml
2009-03-14 08:43 . 2009-03-14 08:43 <DIR> d-------- C:\NVIDIA
2009-03-14 08:43 . 2008-05-16 11:48 446,464 --a------ c:\windows\SYSTEM32\NVUNINST.EXE
2009-03-14 08:38 . 2009-03-14 08:38 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-02-25 07:48 . 2009-01-09 14:19 1,089,593 --------- c:\windows\SYSTEM32\DLLCACHE\ntprint.cat
2009-02-23 11:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 13:04 --------- d-----w c:\program files\Weather Pulse
2009-03-13 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-03-13 18:33 --------- d-----w c:\program files\Kodak
2009-03-02 21:56 --------- d-----w c:\documents and settings\Rick and Deb\Application Data\Image Zone Express
2009-03-01 16:05 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-27 21:03 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 23:17 76,720 ----a-w c:\documents and settings\Rick and Deb\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 18:16 --------- d-----w c:\documents and settings\Rick and Deb\Application Data\CoxFastConnect20
2009-02-14 15:56 --------- d-----w c:\program files\Billeo
2009-02-08 00:42 --------- d-----w c:\program files\GenSmarts
2009-01-31 14:42 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:42 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-31 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2006-11-08 14:17 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-04-07 18:12 75,640 ----a-w c:\documents and settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
2001-07-26 22:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 18:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-05-08 22:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 20:22 1,437 ----a-w c:\program files\gtx73.ini
2008-12-25 04:07 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-25 04:07 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-25 04:07 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-25 04:07 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-25 04:07 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-05 23:42 379,904 --sh--w c:\windows\Config\rcagv.bak1
2005-05-06 23:42 383,854 --sh--w c:\windows\Config\rcagv.bak2
2008-08-30 13:30 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather Pulse "= "c:\program files\Weather Pulse\weatherpulse.exe" [2008-09-02 3328512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2004-07-26 98304]
"Itiva Media Accelerator "= "c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-12-11 151597]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz "= "nwiz.exe" [2008-05-16 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-07-10 24651]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-07-10 24651]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - c:\program files\Billeo\billeo.exe [2007-08-31 1176840]
Shortcut to SYSTRAY.lnk - c:\windows\SYSTEM32\SYSTRAY.EXE [2002-08-29 3072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-08 16:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 09:42 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3 "= c:\windows\System32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk
backup=c:\windows\pss\PreCast Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 02:01 135264 c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
--a------ 2006-11-01 21:46 30928 c:\program files\Kuma Games\hcsystray\hc_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 08:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2003-10-06 11:05 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-10-06 11:05 118784 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-07-26 10:11 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 02:01 155648 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-03-01 11:05 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2003-12-11 19:23 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\StubInstaller.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-02-23 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-10-08 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-10-08 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-08 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [2009-02-14 266240]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 mrtRate;mrtRate; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-08-19 c:\windows\Tasks\Disk Cleanup -t.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-13 19:12]

2009-03-19 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\CLEANMGR.EXE [2008-04-13 19:12]

2009-03-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-iefeatures - c:\windows\System32\iefeatures.exe
MSConfigStartUp-MSVersion - c:\windows\System32\internetfeatures.exe
MSConfigStartUp-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
MSConfigStartUp-YBrowser - c:\program files\Yahoo!\browser\ybrwicon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.myway.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 22:34:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-42243925-2180214520-125330197-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-03-19 22:39:52
ComboFix-quarantined-files.txt 2009-03-20 03:38:56

Pre-Run: 60,687,446,016 bytes free
Post-Run: 61,030,481,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

250 --- E O F --- 2009-03-11 14:40:07

 

Hi
OK that looks good.

Now lets get a on line scan.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Make sure you do the FireFox instructions as well.

Now this.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Kaspersky scan came back clean. Thank you so much for your time and help. Hopefully this thing will start running a bit faster!

Deb

Here is the scan log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 20, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 21, 2009 01:43:55
Records in database: 1942823
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 90371
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:54:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Hi
OK that's good.
Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Delete DDS from your Desktop.

Here is a web page that may help speed up your computer by miekiemoes.She has some very good suggestions.
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Let me know if that helped speed things up a bit.

Geri

 

Hi Geri,

It is moving a bit faster. I had already had that site in my favorites. I uninstalled a bunch of my sons old educational games and some other programs that I have not used in a long time.

Since this started I sometimes get a yellow caution sign with an exclamation mark
on my task bar when I open IE or click on a link. I only saw it happen once today. From what I could find online I am presuming that it means the virtual memory is low. It is only there for less then 30 sec. and nothing comes up when I mouse over it.

Thank you again for taking the time to help me out.
Deb

 

Hi Deb
You're welcome.

Do you know how much RAM you have installed?

IMO Malwarebytes Anti-Malware is a much better program then SUPERAntiSpyware and you could delete it, This is your choice however. Just my two cents worth.

Geri

 

I have 512 mb of ram. I will delete SuperAntiSpyware, it takes forever to run anyways!

Thanks for the tip!
Deb

 

Hi Deb
You may want to up your RAM, check your manufacturers Specifications on what type of RAM and the limit you can install.

I would go with another 512MB at least, for 1 Gig of RAM.

Geri

 

Thanks Geri, I will check into it. Thank you for your time. Have a great week! Deb