Slow to respond to clicks, disconnects from dialup, lot of programs not responding

[seal123]

Hi Team
I know you are all extremely busy, so can I quickly say you guys and girls are so fantastic in the work and time you so generously give to help us poor saps who have not educated ourselves in the malware arena. Thank you so much.
My computer is very slow, not just on the net, but even responding to clicks to open programs or folders etc. I use a keyword search tool and other online tools and find I am constantly being disconnected on my dialup. A lot of programs I use end up not responding, and even use the task manager to shut them down takes forever. Recently when performing some normal tasks (can't remember exactly what) I got a message saying I had insufficient ram (I have one gig and wasnot using
any large programs at the time). Other computer users in the house said they have seen messages from AVG mentioning a Trojan and a Hack Tool. I hope this helps you help me.Thank you

Here is the DDS File

DDS (Version 1.0) - NTFSx86
Run by Deb at 15:15:26.07 on Thu 13/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.667 [GMT 10:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Deb\Desktop\Malware detection\dds.scr
C:\DOCUME~1\Deb\LOCALS~1\Temp\RarSFX1\CHIDE.exe

============== Psuedo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
dRunServices: [ssymsne] valuex.exe
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TrustedZone: www.linkshare.com
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent -Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS
S3 firewall;firewall;\??\c:\program files\foxie suite\firewall.sys
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S4 mswmf32;mswmf32;

=============== Created Last 30 ================

2008-11-09 13:11 <DIR> --d----- c:\docume~1\deb\applic~1\Free Download Manager
2008-11-09 13:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2008-11-09 13:10 <DIR> --d----- c:\program files\Free Download Manager
2008-11-07 11:50 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-07 11:50 1,409 a------- c:\windows\QTFont.for
2008-10-29 11:24 <DIR> --d----- c:\program files\SEO Elite 4

==================== Find3M ====================

2008-11-13 13:22 <DIR> --d----- c:\program files\PopCap Games
2008-11-13 13:22 <DIR> --d----- c:\program files\Reply Email Automator Setup
2008-11-13 13:22 <DIR> --d----- c:\program files\Real Link Finder
2008-11-13 13:00 <DIR> --d----- c:\program files\LimeWire
2008-11-12 18:56 <DIR> --d----- c:\program files\Keyword Elite
2008-11-12 10:55 143,096 a------- c:\windows\system32\guard32.dll
2008-11-05 10:20 <DIR> --d----- c:\program files\SpywareGuard
2008-10-11 09:06 <DIR> --d----- c:\program files\FreeRIP3
2008-10-11 09:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeRIP
2008-10-06 08:02 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-10-05 21:22 <DIR> --d----- c:\docume~1\deb\applic~1\DataCast
2008-10-05 15:14 <DIR> --d----- c:\program files\Lame MP3 Codec
2008-10-05 15:14 65,024 a------- c:\windows\IFinst26.exe
2008-10-05 15:13 <DIR> --d----- c:\program files\XviD
2008-10-05 15:12 <DIR> --d----- c:\program files\MarkAny
2008-10-05 15:12 <DIR> --d----- c:\program files\Samsung
2008-10-02 21:35 <DIR> --d----- c:\program files\Windows NT
2008-10-02 21:34 <DIR> --d----- c:\program files\Messenger
2008-09-15 21:57 1,846,016 -------- c:\windows\system32\win32k.sys
2008-08-26 17:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-14 10:05 <DIR> --d----- c:\docume~1\deb\applic~1\eBookPro6
2008-07-11 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-07-10 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2008-07-10 13:15 <DIR> --d----- c:\docume~1\deb\applic~1\Comodo
2008-06-18 12:00 <DIR> --d----- c:\docume~1\deb\applic~1\iolo
2008-06-18 12:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2008-05-21 11:42 <DIR> --d----- c:\docume~1\deb\applic~1\Sony
2008-05-18 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony
2008-05-16 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-03-30 07:25 <DIR> --d----- c:\docume~1\deb\applic~1\rsvme
2008-01-08 18:32 <DIR> --d----- c:\docume~1\deb\applic~1\Bytescout SWF To Video Scout
2007-12-29 07:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2007-12-24 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2007-12-17 17:43 <DIR> --d----- c:\docume~1\deb\applic~1\Good Keywords v2
2007-11-23 10:28 <DIR> --d----- c:\docume~1\deb\applic~1\Dcads Advanced Toolbar
2007-04-21 06:53 <DIR> --d----- c:\docume~1\deb\applic~1\SPAMfighter
2007-02-14 15:19 <DIR> --d--r-- c:\docume~1\deb\applic~1\Brother
2007-02-10 22:20 <DIR> --d----- c:\docume~1\deb\applic~1\SWEC_-_Stock_Wrap_Express
2006-11-18 07:49 <DIR> --d----- c:\docume~1\deb\applic~1\Secretmaker
2006-04-06 18:57 <DIR> --d----- c:\docume~1\deb\applic~1\funkitron
2006-02-25 18:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead
2006-02-17 08:45 <DIR> --d----- c:\docume~1\deb\applic~1\Publish Providers
2006-02-17 08:45 <DIR> --d----- c:\docume~1\deb\applic~1\NetMedia Providers
2006-02-16 16:01 <DIR> --d----- c:\docume~1\deb\applic~1\MSN6
2006-02-16 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6

============= FINISH: 15:16:18.50 ===============

[Angelfire777]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[seal123]

Thanks again, have done as requested. Combofix could not download the
recovery console, but it continued to scan. The log is as follows:




ComboFix 08-11-12.01 - Deb 2008-11-14 17:01:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.614 [GMT 10:00]
Running from: c:\documents and settings\Deb\Desktop\Malware detection\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dcads Advanced Toolbar
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\_005445_.tmp.dll
c:\windows\system32\_005446_.tmp.dll
c:\windows\system32\_005447_.tmp.dll
c:\windows\system32\_005448_.tmp.dll
c:\windows\system32\_005455_.tmp.dll
c:\windows\system32\_005456_.tmp.dll
c:\windows\system32\_005457_.tmp.dll
c:\windows\system32\_005459_.tmp.dll
c:\windows\system32\_005460_.tmp.dll
c:\windows\system32\_005463_.tmp.dll
c:\windows\system32\_005464_.tmp.dll
c:\windows\system32\_005466_.tmp.dll
c:\windows\system32\_005467_.tmp.dll
c:\windows\system32\_005468_.tmp.dll
c:\windows\system32\_005470_.tmp.dll
c:\windows\system32\_005473_.tmp.dll
c:\windows\system32\_005474_.tmp.dll
c:\windows\system32\_005478_.tmp.dll
c:\windows\system32\_005479_.tmp.dll
c:\windows\system32\_005481_.tmp.dll
c:\windows\system32\_005484_.tmp.dll
c:\windows\system32\_005486_.tmp.dll
c:\windows\system32\_005487_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005492_.tmp.dll
c:\windows\system32\_005493_.tmp.dll
c:\windows\system32\_005494_.tmp.dll
c:\windows\system32\_005495_.tmp.dll
c:\windows\system32\_005496_.tmp.dll
c:\windows\system32\_005501_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_007854_.tmp.dll
c:\windows\system32\_007855_.tmp.dll
c:\windows\system32\_007856_.tmp.dll
c:\windows\system32\_007857_.tmp.dll
c:\windows\system32\_007864_.tmp.dll
c:\windows\system32\_007865_.tmp.dll
c:\windows\system32\_007866_.tmp.dll
c:\windows\system32\_007867_.tmp.dll
c:\windows\system32\_007869_.tmp.dll
c:\windows\system32\_007870_.tmp.dll
c:\windows\system32\_007873_.tmp.dll
c:\windows\system32\_007874_.tmp.dll
c:\windows\system32\_007876_.tmp.dll
c:\windows\system32\_007877_.tmp.dll
c:\windows\system32\_007878_.tmp.dll
c:\windows\system32\_007880_.tmp.dll
c:\windows\system32\_007883_.tmp.dll
c:\windows\system32\_007884_.tmp.dll
c:\windows\system32\_007888_.tmp.dll
c:\windows\system32\_007889_.tmp.dll
c:\windows\system32\_007891_.tmp.dll
c:\windows\system32\_007894_.tmp.dll
c:\windows\system32\_007896_.tmp.dll
c:\windows\system32\_007897_.tmp.dll
c:\windows\system32\_007898_.tmp.dll
c:\windows\system32\_007899_.tmp.dll
c:\windows\system32\_007900_.tmp.dll
c:\windows\system32\_007903_.tmp.dll
c:\windows\system32\_007904_.tmp.dll
c:\windows\system32\_007905_.tmp.dll
c:\windows\system32\_007906_.tmp.dll
c:\windows\system32\_007907_.tmp.dll
c:\windows\system32\_007912_.tmp.dll
c:\windows\system32\_007914_.tmp.dll
c:\windows\system32\dcads-remove.exe
c:\windows\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.

2008-11-09 13:11 . 2008-11-14 16:54 <DIR> d-------- c:\documents and settings\Deb\Application Data\Free Download Manager
2008-11-09 13:11 . 2008-11-09 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-09 13:10 . 2008-11-09 13:11 <DIR> d-------- c:\program files\Free Download Manager
2008-11-07 11:50 . 2008-11-13 07:02 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-07 11:50 . 2008-11-07 11:50 1,409 --a------ c:\windows\QTFont.for
2008-10-29 11:24 . 2008-10-29 11:26 <DIR> d-------- c:\program files\SEO Elite 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 03:22 --------- d-----w c:\program files\Reply Email Automator Setup
2008-11-13 03:22 --------- d-----w c:\program files\Real Link Finder
2008-11-13 03:22 --------- d-----w c:\program files\PopCap Games
2008-11-13 03:00 --------- d-----w c:\program files\LimeWire
2008-11-12 08:56 --------- d-----w c:\program files\Keyword Elite
2008-11-12 00:56 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-12 00:56 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-12 00:55 143,096 ----a-w c:\windows\system32\guard32.dll
2008-11-10 12:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-09 02:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 00:20 --------- d-----w c:\program files\SpywareGuard
2008-10-21 04:42 --------- d-----w c:\program files\Java
2008-10-10 23:06 --------- d-----w c:\program files\FreeRIP3
2008-10-10 23:05 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP
2008-10-05 22:02 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-05 11:22 --------- d-----w c:\documents and settings\Deb\Application Data\DataCast
2008-10-05 11:21 --------- d-----w c:\documents and settings\Deb\Application Data\InstallShield
2008-10-05 05:14 65,024 ----a-w c:\windows\IFinst26.exe
2008-10-05 05:14 --------- d-----w c:\program files\Lame MP3 Codec
2008-10-05 05:13 --------- d-----w c:\program files\XviD
2008-10-05 05:12 --------- d-----w c:\program files\Samsung
2008-10-05 05:12 --------- d-----w c:\program files\MarkAny
2008-10-03 02:31 4 ----a-w C:\results.bin
2008-10-02 03:12 --------- d-----w c:\documents and settings\Deb\Application Data\Lavasoft
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\win32k.sys
2008-08-30 20:31 91,712 ----a-w c:\documents and settings\Deb\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:00 2,180,352 ------w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ------w c:\windows\system32\ntkrnlpa.exe
2008-07-11 04:11 48,367,896 ----a-w c:\program files\avg_free_stf_en_8_138a1332.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

c:\documents and settings\Deb\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Deb^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2007-12-31 23:05 2449455 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Keyword Elite\\Keyword Elite.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=

NETSVCS REQUIRES REPAIRS - current entries shown

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AB6923F99122D6D1.job
- c:\docume~1\deb\applic~1\byteho~1\data skip license.exe []

2008-11-14 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-Aware.exe []

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-14 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2008-01-28 11:43]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunServices-ssymsne - valuex.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 17:07:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-11-14 17:20:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 07:20:31

Pre-Run: 97,555,017,728 bytes free
Post-Run: 97,447,825,408 bytes free

227 --- E O F --- 2008-11-13 00:12:52

[Angelfire777]

Hi,

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
• At the next prompt, click 'No' and do not run another combofix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the contents of the log that it created.



download and run this tool: http://download.bleepingcomputer.com...a/querySvc.exe

it shall create a log after its run, please include it in your next reply.

[seal123]

Thanks again
Here are the logs

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn




------ REGISTRY:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
- LocalService - Alerter, WebClient, LmHosts, RemoteRegistry, upnphost, SSDPSRV
- NetworkService - DnsCache
- rpcss - RpcSs
- imgsvc - StiSvc
- termsvcs - TermService
- HTTPFilter - HTTPFilter
- DcomLaunch - DcomLaunch, TermService
- eapsvcs - eaphost
- dot3svc - dot3svc
- WudfServiceGroup - WUDFSvc
- netsvcs - 6to4, AppMgmt, AudioSrv, Browser, CryptSvc, DMServer, DHCP, ERSvc, EventSystem, FastUserSwitchingCompatibility, HidServ, Ias, Iprip, Irmon, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, Schedule, Seclogon, SENS, Sharedaccess, SRService, Tapisrv, Themes, TrkWks, W32Time, WZCSVC, Wmi, WmdmPmSp, winmgmt, TermService, wuauserv, BITS, ShellHWDetection, xmlprov, wscsvc, helpsvc, uploadmgr

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

------ SVCHOST SERVICES NOT RUNNING

STOPPED: AUTO_START: Schedule : Task Scheduler
STOPPED: AUTO_START: uploadmgr : Upload Manager
STOPPED: DEMAND_START: AppMgmt : Application Management
STOPPED: DEMAND_START: HTTPFilter : HTTP SSL
STOPPED: DEMAND_START: NtmsSvc : Removable Storage
STOPPED: DEMAND_START: RasAuto : Remote Access Auto Connection Manager
STOPPED: DEMAND_START: upnphost : Universal Plug and Play Device Host
STOPPED: DEMAND_START: Wmi : Windows Management Instrumentation Driver Extensions
STOPPED: DEMAND_START: xmlprov : Network Provisioning Service
STOPPED: DISABLED: Alerter : Alerter
STOPPED: DISABLED: Messenger : Messenger
STOPPED: DISABLED: RemoteAccess : Routing and Remote Access

------ SVCHOST CURRENTLY RUNNING:

952- C:\WINDOWS\system32\svchost -k DcomLaunch
- DcomLaunch : DCOM Server Process Launcher
- TermService : Terminal Services

1028- C:\WINDOWS\system32\svchost -k rpcss
- RpcSs : Remote Procedure Call (RPC)

1068- C:\WINDOWS\System32\svchost.exe -k netsvcs
- AudioSrv : Windows Audio
- BITS : Background Intelligent Transfer Service
- Browser : Computer Browser
- CryptSvc : Cryptographic Services
- Dhcp : DHCP Client
- dmserver : Logical Disk Manager
- ERSvc : Error Reporting Service
- EventSystem : COM+ Event System
- FastUserSwitchingCompatibility : Fast User Switching Compatibility
- helpsvc : Help and Support
- HidServ : HID Input Service
- lanmanserver : Server
- lanmanworkstation : Workstation
- Netman : Network Connections
- Nla : Network Location Awareness (NLA)
- RasMan : Remote Access Connection Manager
- seclogon : Secondary Logon
- SENS : System Event Notification
- SharedAccess : Windows Firewall/Internet Connection Sharing (ICS)
- ShellHWDetection : Shell Hardware Detection
- srservice : System Restore Service
- TapiSrv : Telephony
- Themes : Themes
- TrkWks : Distributed Link Tracking Client
- W32Time : Windows Time
- winmgmt : Windows Management Instrumentation
- wscsvc : Security Center
- wuauserv : Automatic Updates
- WZCSVC : Wireless Zero Configuration

1104- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
- WudfSvc : Windows Driver Foundation - User-mode Driver Framework

1280- C:\WINDOWS\System32\svchost.exe -k NetworkService
- Dnscache : DNS Client

1316- C:\WINDOWS\system32\svchost.exe -k LocalService
- LmHosts : TCP/IP NetBIOS Helper
- RemoteRegistry : Remote Registry
- SSDPSRV : SSDP Discovery Service
- WebClient : WebClient

1708- C:\WINDOWS\System32\svchost.exe -k imgsvc
- stisvc : Windows Image Acquisition (WIA)

------ SVCHOST SUB-DEPENDENTS

upnphost = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

SSDPSRV = 2
STOPPED: upnphost: Universal Plug and Play Device Host
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

DMServer = 1
STOPPED: dmadmin: Logical Disk Manager Administrative Service

EventSystem = 1
RUNNING: SENS: System Event Notification

LanmanServer = 1
RUNNING: Browser: Computer Browser

LanmanWorkstation = 5
RUNNING: Browser: Computer Browser
STOPPED: Alerter: Alerter
STOPPED: Messenger: Messenger
STOPPED: Netlogon: Net Logon
STOPPED: RpcLocator: Remote Procedure Call (RPC) Locator

Netman = 1
RUNNING: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)

Rasman = 1
STOPPED: RasAuto: Remote Access Auto Connection Manager

Tapisrv = 2
RUNNING: RasMan: Remote Access Connection Manager
STOPPED: RasAuto: Remote Access Auto Connection Manager

winmgmt = 2
RUNNING: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
RUNNING: wscsvc: Security Center

TermService = 1
RUNNING: FastUserSwitchingCompatibility: Fast User Switching Compatibility

RpcSs = 46
RUNNING: AudioSrv: Windows Audio
RUNNING: avg8emc: AVG Free8 E-mail Scanner
RUNNING: BITS: Background Intelligent Transfer Service
RUNNING: CryptSvc: Cryptographic Services
RUNNING: dmserver: Logical Disk Manager
RUNNING: ERSvc: Error Reporting Service
RUNNING: EventSystem: COM+ Event System
RUNNING: FastUserSwitchingCompatibility: Fast User Switching Compatibility
RUNNING: helpsvc: Help and Support
RUNNING: HidServ: HID Input Service
RUNNING: Netman: Network Connections
RUNNING: PolicyAgent: IPSEC Services
RUNNING: ProtectedStorage: Protected Storage
RUNNING: RasMan: Remote Access Connection Manager
RUNNING: RemoteRegistry: Remote Registry
RUNNING: SamSs: Security Accounts Manager
RUNNING: SENS: System Event Notification
RUNNING: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
RUNNING: ShellHWDetection: Shell Hardware Detection
RUNNING: Spooler: Print Spooler
RUNNING: srservice: System Restore Service
RUNNING: stisvc: Windows Image Acquisition (WIA)
RUNNING: TapiSrv: Telephony
RUNNING: TermService: Terminal Services
RUNNING: TrkWks: Distributed Link Tracking Client
RUNNING: winmgmt: Windows Management Instrumentation
RUNNING: wscsvc: Security Center
RUNNING: WZCSVC: Wireless Zero Configuration
STOPPED: CiSvc: Indexing Service
STOPPED: COMSysApp: COM+ System Application
STOPPED: dmadmin: Logical Disk Manager Administrative Service
STOPPED: Messenger: Messenger
STOPPED: MSDTC: Distributed Transaction Coordinator
STOPPED: MSIServer: Windows Installer
STOPPED: NtmsSvc: Removable Storage
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: RDSessMgr: Remote Desktop Help Session Manager
STOPPED: RemoteAccess: Routing and Remote Access
STOPPED: RSVP: QoS RSVP
STOPPED: Schedule: Task Scheduler
STOPPED: SwPrv: MS Software Shadow Copy Provider
STOPPED: TlntSvr: Telnet
STOPPED: uploadmgr: Upload Manager
STOPPED: VSS: Volume Shadow Copy
STOPPED: WmiApSrv: WMI Performance Adapter
STOPPED: xmlprov: Network Provisioning Service

TermService = 1
RUNNING: FastUserSwitchingCompatibility: Fast User Switching Compatibility

HTTPFilter = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

TermService = 1
RUNNING: FastUserSwitchingCompatibility: Fast User Switching Compatibility

[Angelfire777]

Hi,

Did you do a system restore after running combofix? If not, please re-run combofix and post the log.

[seal123]

Many Thanks
I did as asked in last post, however I did not do a system restore before running combofix today, as the post did not say to do this, and I am pretty sure my computer automatically makes a new one every day anyway.
Combofix would not prepare a report. I left it running at the command that says 'Comofix is preparing a log' and 'Do not run any programs until combofix has finished' for at least 20 minutes, but nothing happened.
It did however, report on that same screen that lots of areas were denied
access, but it did not move beyond this screen and did not present a log for me to post. I went into the control panel to make sure the user I logged on with had administrator priviledges and it did. I ran the scan again and got
the same result, except there were more entries with permission or access
denied on the screen.
Thank you again.
Deb

[Angelfire777]

Hi,

Quote:

I did as asked in last post, however I did not do a system restore before running combofix today, as the post did not say to do this, and I am pretty sure my computer automatically makes a new one every day anyway.

Your computer does make one everyday but I asked if you used system restore after running combofix.


Can you delete your copy of combofix and download a new copy.

Go to safe mode then re-run combofix from there. Let me know what happens.

To enter Safe Mode, Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

[seal123]

Thanks again AngelFire,
Sorry! My bad about ther system restore before/after misunderstanding.
I did as requested, got a log, did system restore. Not sure if this is normal
or relevant, but Spybot S&D Resident pops back into the tray next to the clock each time Combofix gives me the log.

Thanks again. Deb


ComboFix 08-11-13.02 - Deb 2008-11-16 10:54:31.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.795 [GMT 10:00]
Running from: c:\documents and settings\Deb\Desktop\Malware detection\ComboFix.exe
Command switches used :: c:\documents and settings\Deb\Desktop\Malware detection\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-09 13:11 . 2008-11-16 10:27 <DIR> d-------- c:\documents and settings\Deb\Application Data\Free Download Manager
2008-11-09 13:11 . 2008-11-09 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-09 13:10 . 2008-11-09 13:11 <DIR> d-------- c:\program files\Free Download Manager
2008-11-07 11:50 . 2008-11-15 20:54 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-07 11:50 . 2008-11-07 11:50 1,409 --a------ c:\windows\QTFont.for
2008-10-29 11:24 . 2008-10-29 11:26 <DIR> d-------- c:\program files\SEO Elite 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 03:22 --------- d-----w c:\program files\Reply Email Automator Setup
2008-11-13 03:22 --------- d-----w c:\program files\Real Link Finder
2008-11-13 03:22 --------- d-----w c:\program files\PopCap Games
2008-11-13 03:00 --------- d-----w c:\program files\LimeWire
2008-11-12 08:56 --------- d-----w c:\program files\Keyword Elite
2008-11-12 00:56 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-12 00:56 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-12 00:55 143,096 ----a-w c:\windows\system32\guard32.dll
2008-11-10 12:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-09 02:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 00:20 --------- d-----w c:\program files\SpywareGuard
2008-10-21 04:42 --------- d-----w c:\program files\Java
2008-10-10 23:06 --------- d-----w c:\program files\FreeRIP3
2008-10-10 23:05 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP
2008-10-05 22:02 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-05 11:22 --------- d-----w c:\documents and settings\Deb\Application Data\DataCast
2008-10-05 11:21 --------- d-----w c:\documents and settings\Deb\Application Data\InstallShield
2008-10-05 05:14 65,024 ----a-w c:\windows\IFinst26.exe
2008-10-05 05:14 --------- d-----w c:\program files\Lame MP3 Codec
2008-10-05 05:13 --------- d-----w c:\program files\XviD
2008-10-05 05:12 --------- d-----w c:\program files\Samsung
2008-10-05 05:12 --------- d-----w c:\program files\MarkAny
2008-10-03 02:31 4 ----a-w C:\results.bin
2008-10-02 03:12 --------- d-----w c:\documents and settings\Deb\Application Data\Lavasoft
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\win32k.sys
2008-08-30 20:31 91,712 ----a-w c:\documents and settings\Deb\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-11 04:11 48,367,896 ----a-w c:\program files\avg_free_stf_en_8_138a1332.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-06 1797880]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

c:\documents and settings\Deb\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^Deb^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2007-12-31 23:05 2449455 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Keyword Elite\\Keyword Elite.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-11 97928]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-07-10 99856]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-07-10 31504]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-11 76040]
S2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS [2008-09-02 16288]
S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys []
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S4 mswmf32;mswmf32; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\AB6923F99122D6D1.job
- c:\docume~1\deb\applic~1\byteho~1\data skip license.exe []

2008-11-15 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-Aware.exe []

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-15 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2008-01-28 11:43]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 -: Trusted Zone: www.linkshare.com

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
c:\windows\Downloaded Program Files\ewidoOnlineScan.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 10:57:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
Completion time: 2008-11-16 10:59:03
ComboFix-quarantined-files.txt 2008-11-16 00:58:41
ComboFix2.txt 2008-11-14 07:20:39

Pre-Run: 96,888,868,864 bytes free
Post-Run: 96,963,239,936 bytes free

146 --- E O F --- 2008-11-13 00:12:52

[Angelfire777]

Hi,

Quote:

I did as requested, got a log, did system restore

Do you mean you did a system restore? because you shouldn't have..

Do you have limewire installed?


*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

Browser Optimizer Dcads
Browser Optimizer Superiorads
CiD Help


*Click start > run > copy and paste:

sc delete mswmf32

press enter.


*delete this file using windows explorer:

c:\windows\Tasks\AB6923F99122D6D1.job
________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

• Click Start > Control Panel
• Click Add/Remove Programs
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u10, and install it to your computer.

• Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

________

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a

• Fresh dds log.
• kaspersky scan log

[seal123]

Thanks Angelfire
I am half way through this fix and just wanted to have something clarified before I go on. In regards to the Java- I have done as requested and
removed two instances of Java with JRE or J2SE in the name. There is however 4 more instances of Java:

Java (TM) 6 Update 2
Java (TM) 6 Update 3
Java (TM) 6 Update 5
Java (TM) 6 Update 7

They are large files of around 110 mb each
I have not removed them as they do not contain JRE or J2SE in the name.
Should I leave them on my computer?
Thank you

[Angelfire777]

Nope, they are old versions of Java too. Please remove them.

[seal123]

Thanks again Angelfire
Limewire was on this machine previous, but I told my teenage sons to get it off and not to use it again. I have not seen it since, on the desktop or in the programs list. I have just gone to Control Panel and cannot find it. I will interrogate them again, but I cannot see it.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 08:37:04
Records in database: 1389451
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 69438
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:41:53


File name / Threat name / Threats count
C:\Documents and Settings\Deb\Desktop\Ria's MP3 Player\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1
C:\Documents and Settings\Deb\Shared\programs\calorie king nutrition manager ShareAccelerator.zip Infected: not-a-virus:AdWare.Win32.Shopper.am 1
C:\Documents and Settings\Deb\Shared\programs\LimeWire Pro 4.9.7 With LimeWire Download Accelerator Pro - By -kbssa-.zip Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Deb\Shared\programsbrett\LimeWire Download Accelerator Pro - By -kbssa-.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

The selected area was scanned.





DDS (Version 1.0) - NTFSx86
Run by Deb at 16:55:40.02 on Tue 18/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.553 [GMT 10:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\Desktop\Malware detection\dds.scr

============== Psuedo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TrustedZone: www.linkshare.com
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent -Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS
S3 firewall;firewall;\??\c:\program files\foxie suite\firewall.sys
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

=============== Created Last 30 ================

2008-11-17 14:53 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-17 14:53 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-16 11:32 <DIR> --d----- c:\program files\Lavasoft
2008-11-14 21:20 <DIR> a-dshr-- C:\cmdcons
2008-11-14 16:57 161,792 a------- c:\windows\SWREG.exe
2008-11-14 16:57 98,816 a------- c:\windows\sed.exe
2008-11-09 13:11 <DIR> --d----- c:\docume~1\deb\applic~1\Free Download Manager
2008-11-09 13:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2008-11-09 13:10 <DIR> --d----- c:\program files\Free Download Manager
2008-11-07 11:50 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-07 11:50 1,409 a------- c:\windows\QTFont.for
2008-10-29 11:24 <DIR> --d----- c:\program files\SEO Elite 4

==================== Find3M ====================

2008-11-16 17:55 <DIR> --d----- c:\program files\Reply Email Automator Setup
2008-11-13 13:22 <DIR> --d----- c:\program files\PopCap Games
2008-11-13 13:22 <DIR> --d----- c:\program files\Real Link Finder
2008-11-13 13:00 <DIR> --d----- c:\program files\LimeWire
2008-11-12 18:56 <DIR> --d----- c:\program files\Keyword Elite
2008-11-12 10:55 143,096 a------- c:\windows\system32\guard32.dll
2008-11-05 10:20 <DIR> --d----- c:\program files\SpywareGuard
2008-10-11 09:06 <DIR> --d----- c:\program files\FreeRIP3
2008-10-11 09:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeRIP
2008-10-06 08:02 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-10-05 21:22 <DIR> --d----- c:\docume~1\deb\applic~1\DataCast
2008-10-05 15:14 <DIR> --d----- c:\program files\Lame MP3 Codec
2008-10-05 15:14 65,024 a------- c:\windows\IFinst26.exe
2008-10-05 15:13 <DIR> --d----- c:\program files\XviD
2008-10-05 15:12 <DIR> --d----- c:\program files\MarkAny
2008-10-05 15:12 <DIR> --d----- c:\program files\Samsung
2008-10-02 21:35 <DIR> --d----- c:\program files\Windows NT
2008-10-02 21:34 <DIR> --d----- c:\program files\Messenger
2008-09-15 21:57 1,846,016 -------- c:\windows\system32\win32k.sys
2008-08-26 17:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-14 10:05 <DIR> --d----- c:\docume~1\deb\applic~1\eBookPro6
2008-07-11 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-07-10 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2008-07-10 13:15 <DIR> --d----- c:\docume~1\deb\applic~1\Comodo
2008-06-18 12:00 <DIR> --d----- c:\docume~1\deb\applic~1\iolo
2008-06-18 12:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2008-05-21 11:42 <DIR> --d----- c:\docume~1\deb\applic~1\Sony
2008-05-18 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony
2008-05-16 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-03-30 07:25 <DIR> --d----- c:\docume~1\deb\applic~1\rsvme
2008-01-08 18:32 <DIR> --d----- c:\docume~1\deb\applic~1\Bytescout SWF To Video Scout
2007-12-29 07:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2007-12-24 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2007-12-17 17:43 <DIR> --d----- c:\docume~1\deb\applic~1\Good Keywords v2
2007-11-23 10:28 <DIR> --d----- c:\docume~1\deb\applic~1\Dcads Advanced Toolbar
2007-04-21 06:53 <DIR> --d----- c:\docume~1\deb\applic~1\SPAMfighter
2007-02-14 15:19 <DIR> --d--r-- c:\docume~1\deb\applic~1\Brother
2007-02-10 22:20 <DIR> --d----- c:\docume~1\deb\applic~1\SWEC_-_Stock_Wrap_Express
2006-11-18 07:49 <DIR> --d----- c:\docume~1\deb\applic~1\Secretmaker
2006-04-06 18:57 <DIR> --d----- c:\docume~1\deb\applic~1\funkitron
2006-02-25 18:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead
2006-02-17 08:45 <DIR> --d----- c:\docume~1\deb\applic~1\Publish Providers
2006-02-17 08:45 <DIR> --d----- c:\docume~1\deb\applic~1\NetMedia Providers
2006-02-16 16:01 <DIR> --d----- c:\docume~1\deb\applic~1\MSN6
2006-02-16 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6

============= FINISH: 16:56:00.65 ===============

[Angelfire777]

Hi,

Quote:

Limewire was on this machine previous, but I told my teenage sons to get it off and not to use it again. I have not seen it since, on the desktop or in the programs list. I have just gone to Control Panel and cannot find it. I will interrogate them again, but I cannot see it.

That's okay, no need to interrogate your teenagers. What I'm seeing is probably leftover folders.

delete these files using windows explorer:

C:\Documents and Settings\Deb\Shared\programsbrett\LimeWire Download Accelerator Pro - By -kbssa-.exe
C:\Documents and Settings\Deb\Shared\programs\LimeWire Pro 4.9.7 With LimeWire Download Accelerator Pro - By -kbssa-.zip
C:\Documents and Settings\Deb\Shared\programs\calorie king nutrition manager ShareAccelerator.zip
c:\program files\LimeWire << leftover limewire folder
c:\documents and settings\deb\application data\Dcads Advanced Toolbar <<folder


How is your computer running?

[seal123]

Have completed steps in your last post. It is definitely better with the
disconnects from dial up, and the programs not responding, but it is still slow
to respond to clicks. E.g if I click open a folder on the desktop top it can take 10 -15 seconds to open, it used to be instant almost. Could this be a ram problem? Maybe Ihave too many programs installed? I am not sure how all this works

[Angelfire777]

I doubt that it is a RAM problem. 1G is enough for an XP machine.

Please try uninstalling Comodo and see if that fixes the slow issue.

[seal123]

Thanks again Angelfire
I spent 10 minutes clicking around the desktop. It is only the one folder that is now taking a lot of time to open, I have called it Security Programs (the folder), and I don't know why now, but there are a lot of security program .exe's in there. Spamfighter .exe, Spybot S&D .exe, removeitpro .exe.,the java download I did yesterday, plus around 20 more,
all to do with computer security. I turned off Comodo and it did not make a difference. Is it possible I have too many programs in the same folder, or I have them in the wrong place?
Thanks.
Deb

[Angelfire777]

I think it is normal for that to happen if you do have more than 20+ executables sitting in the folder. I assume AVG is scanning all of them when you open the folder, thus the delay.

[seal123]

Ok Thank you,
My comp is definitely running much better now. Thank you for all of your
help.
Regards
Deb

[seal123]

Ok, Thank you,
My comp is running much better. Thank you for all of your help.
Regards
Deb