Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Slow computer, pop ups and all
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-28-2009, 11:03 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Slow computer, pop ups and all
Ive recently been experiencing long load times and popups whenever I get online...following the instructions in the sticky, here my DDS and the other two required attachments....any help you guys can give me would be great!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Jason Coral at 11:32:07.64 on Sat 03/28/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.157 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JASONC~1\LOCALS~1\Temp\Google Toolbar\gtbD8.tmp.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Coral\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/news
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: {179bbb32-64d6-4122-8ff8-216d3928d7b5} - c:\windows\system32\buzalevu.dll
BHO: {3964D8D6-86D0-493A-B460-A805B5401114} - No File
BHO: {437EE22F-34D3-4F17-B1A4-65C79B75D20D} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: {A8A80357-3375-46BC-BDA3-E02DD32BE8FB} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {943895fc-84f5-1bcb-4044-52c994c9780c}: {c0879c49-9c25-4404-bcb1-5f48cf598349} - c:\windows\system32\iqarcw.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [0caf330e] rundll32.exe "c:\windows\system32\wunufaku.dll",b
mRun: [CPM0f9c0092] Rundll32.exe "c:\windows\system32\pefeveli.dll",a
mRun: [lukipivuye] Rundll32.exe "c:\windows\system32\pefedamu.dll",s
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: wvu.edu\blue
Trusted Zone: wvu.edu\gold
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://games.bigfishgames.com/en_dinerdash2restaura/online/DinerDash2.1.0.0.48.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5499/mcfscan.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: iiffghh - iiffghh.dll
AppInit_DLLs: c:\windows\system32\vodawoja.dll iqarcw.dll c:\windows\system32\pefeveli.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pefeveli.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pefeveli.dll
LSA: Notification Packages = scecli c:\windows\system32\vodawoja.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-21 28544]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-26 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-26 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-26 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-26 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-26 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-26 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-26 40488]
S0 ati3pyxx;ati3pyxx;c:\windows\system32\drivers\ati3pyxx.sys --> c:\windows\system32\drivers\ati3pyxx.sys [?]
S2 0023461238110377mcinstcleanup;McAfee Application Installer Cleanup (0023461238110377);c:\docume~1\jasonc~1\locals~1\temp\002346~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\jasonc~1\locals~1\temp\002346~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 DomainService;DomainService;c:\windows\system32\ipvfjblq.exe /service --> c:\windows\system32\ipvfjblq.exe [?]
S2 gupdate1c9a2b332d85e7a;Google Update Service (gupdate1c9a2b332d85e7a);c:\program files\google\update\GoogleUpdate.exe [2009-3-11 133104]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2008-12-18 120168]
S3 tcpsr;tcpsr;\??\c:\windows\system32\drivers\tcpsr.sys --> c:\windows\system32\drivers\tcpsr.sys [?]

=============== Created Last 30 ================

2009-03-26 19:49 <DIR> --d----- c:\docume~1\jasonc~1\applic~1\McAfee
2009-03-26 19:38 7,441 a------- c:\windows\system32\Config.MPF
2009-03-26 19:37 143,360 a------- c:\windows\system32\dunzip32.dll
2009-03-26 19:33 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-26 19:33 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-26 19:33 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-26 19:33 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-26 19:33 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-26 19:33 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-26 19:31 <DIR> --d----- c:\program files\McAfee.com
2009-03-26 19:31 <DIR> --d----- c:\program files\common files\McAfee
2009-03-26 19:31 <DIR> --d----- c:\program files\McAfee
2009-03-22 19:56 140,800 a--sh--- c:\windows\system32\iqarcw.dll

==================== Find3M ====================

2009-03-26 19:26 12,922,144 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-26 19:26 375,072 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-26 19:26 162,620 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-26 19:26 32,708 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-26 18:05 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-03-26 17:31 512 a------- C:\ScanSectorLog.dat
2009-03-22 19:56 101,376 a--sh--- c:\windows\system32\wunufaku.dll
2009-03-22 19:56 140,800 a--sh--- c:\windows\system32\kidamore.dll
2009-03-22 19:56 107,520 a--sh--- c:\windows\system32\pefeveli.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-04 14:12 410,984 a------- c:\windows\system32\deploytk.dll
2008-05-09 17:30 1,960 a------- c:\program files\scores.cfg
2008-05-09 17:30 396 a------- c:\program files\thotd.cfg
2008-05-09 17:30 364 a------- c:\program files\cstats.cfg
1998-06-10 22:24 85,280 a------- c:\program files\devs.cfg
1998-06-10 22:23 26 a------- c:\program files\thot3d.bat
1998-04-15 16:28 33,078 a------- c:\program files\wait.bmp
1998-02-04 11:47 65,536 a------- c:\program files\grey.tbl
1998-02-04 11:47 45,056 a------- c:\program files\slate32.dll
1998-02-04 11:47 1,024 a------- c:\program files\grey.pal
1998-01-20 14:34 65,536 a------- c:\program files\hotd.tbl
1997-12-29 08:54 1,024 a------- c:\program files\hotd.pal
1997-07-14 17:00 127,488 a------- c:\program files\dsetup.dll
1997-07-14 17:00 63,056 a------- c:\program files\dsetup16.dll
1997-07-14 17:00 41,984 a------- c:\program files\dsetup32.dll
1995-10-02 12:26 129,536 a------- c:\program files\isdbgn.dll
1995-05-01 11:01 3 a------- c:\program files\disk1.id
2007-08-06 20:18 1,729,716 a--sh--- c:\windows\system32\dcbeg.bak1
2007-08-08 12:21 1,729,758 a--sh--- c:\windows\system32\dcbeg.bak2
2007-08-08 19:11 1,731,455 a--sh--- c:\windows\system32\dcbeg.ini2
2007-08-03 18:20 2,173 a--sh--- c:\windows\system32\hhkmp.ini2
2007-10-03 00:51 1,535,415 ---sh--- c:\windows\system32\llkkj.bak1
2007-10-01 20:05 2,112,305 ---sh--- c:\windows\system32\llkkj.bak2
2007-10-03 22:59 1,545,818 ---sh--- c:\windows\system32\llkkj.ini2

============= FINISH: 11:36:47.76 ===============
Attached Files
File Type: zip ark.zip (1.5 KB, 1 views)
File Type: zip Attach.zip (2.6 KB, 1 views)
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-29-2009, 10:11 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

I see that Norton was once installed on this machine. There seems to be some remnants.

Please use the instructions on this page to completely uninstall your Norton Products.

---------------------------------------------------------------------------------------------
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    McAfee:

    Double-click the taskbar icon to open the Security Center
    Click Advanced Menu (lower left)
    Click Configure (left)
    Click Computer & Files (upper left)
    VirusScan can be disabled on the right.

  • Double click on combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 10:55 AM   #3 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
You've got it man. Ive dont the Norton uninstall bit, and now ima download the ComboFix, and get to that. Il give you a heads up when Im ready for your next set of instructions
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 11:28 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Ok, good. Will be looking for the log from ComboFix.

Quote:
When finished, it shall produce a log for you. Post that log in your next reply
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 12:35 PM   #5 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
ComboFix 09-03-28.06 - Jason Coral 2009-03-29 1309.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.368 [GMT -4:00]
Running from: c:\documents and settings\Jason Coral\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cookies.ini
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\system32\aapbsvph.ini
c:\windows\system32\afjgbqut.ini
c:\windows\system32\asrqknyl.ini
c:\windows\system32\bjtrcvep.ini
c:\windows\system32\bveuaxwp.ini
c:\windows\system32\ckcbxuks.ini
c:\windows\system32\cnhtghph.ini
c:\windows\system32\dbonuddx.ini
c:\windows\system32\dcbeg.bak1
c:\windows\system32\dcbeg.bak2
c:\windows\system32\dcbeg.ini
c:\windows\system32\dcbeg.ini2
c:\windows\system32\dcbeg.tmp
c:\windows\system32\dxmoabss.ini
c:\windows\system32\erxytjmp.ini
c:\windows\system32\exec1.exe
c:\windows\system32\feohmnse.ini
c:\windows\system32\ffrhpida.ini
c:\windows\system32\fyetwrly.ini
c:\windows\system32\gdwygawp.ini
c:\windows\system32\gvxncodx.ini
c:\windows\system32\hhkmp.ini
c:\windows\system32\hhkmp.ini2
c:\windows\system32\hhkmp.tmp
c:\windows\system32\hicnsrhf.ini
c:\windows\system32\hxgabtjr.ini
c:\windows\system32\iqarcw.dll
c:\windows\system32\jpljtsvp.ini
c:\windows\system32\kidamore.dll
c:\windows\system32\ksysopfw.ini
c:\windows\system32\lausbkfe.ini
c:\windows\system32\llkkj.bak1
c:\windows\system32\llkkj.bak2
c:\windows\system32\llkkj.ini
c:\windows\system32\llkkj.ini2
c:\windows\system32\mcjbqudd.ini
c:\windows\system32\mixbguti.ini
c:\windows\system32\ocwvdhka.ini
c:\windows\system32\osoquevj.ini
c:\windows\system32\pefeveli.dll
c:\windows\system32\prpsehsr.ini
c:\windows\system32\qfcmgfla.ini
c:\windows\system32\qhwbqwwd.ini
c:\windows\system32\qtowoldi.ini
c:\windows\system32\sdcbopvx.ini
c:\windows\system32\tlsflydr.ini
c:\windows\system32\ttrfiahg.ini
c:\windows\system32\twlmlmxw.ini
c:\windows\system32\ucenrqab.ini
c:\windows\system32\ulxqhbdf.ini
c:\windows\system32\vjfcivcs.ini
c:\windows\system32\wmrpcsbb.ini
c:\windows\system32\wunufaku.dll
c:\windows\system32\wxraynix.ini
c:\windows\system32\xfggydnl.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 12:26 . 2009-03-29 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-26 19:49 . 2009-03-26 19:49 <DIR> d-------- c:\documents and settings\Jason Coral\Application Data\McAfee
2009-03-26 19:38 . 2009-03-29 13:15 8,859 --a------ c:\windows\system32\Config.MPF
2009-03-26 19:37 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-03-26 19:33 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-26 19:33 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-03-26 19:33 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-26 19:33 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-03-26 19:33 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-26 19:33 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-03-26 19:31 . 2009-03-26 19:32 <DIR> d-------- c:\program files\McAfee.com
2009-03-26 19:31 . 2009-03-26 19:38 <DIR> d-------- c:\program files\McAfee
2009-03-26 19:31 . 2009-03-26 19:33 <DIR> d-------- c:\program files\Common Files\McAfee
2009-03-26 19:10 . 2009-03-26 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 17:12 --------- d-----w c:\program files\Google
2009-03-29 17:01 --------- d-----w c:\documents and settings\Jason Coral\Application Data\StumbleUpon
2009-03-29 16:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-28 15:23 --------- d-----w c:\program files\Azureus
2009-03-26 23:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 23:26 375,072 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-26 23:26 32,708 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-26 23:26 162,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-26 23:26 12,922,144 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-26 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 21:31 512 ----a-w C:\ScanSectorLog.dat
2009-03-26 21:21 --------- d-----w c:\documents and settings\Jason Coral\Application Data\ZoomBrowser EX
2009-03-26 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-06 05:48 --------- d-----w c:\documents and settings\Jason Coral\Application Data\uTorrent
2009-02-19 03:40 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-19 03:31 --------- d-----w c:\program files\Lavasoft
2009-02-19 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-05 01:02 --------- d-----w c:\program files\Apple Software Update
2009-02-05 00:54 --------- d-----w c:\program files\iTunes
2009-02-05 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-05 00:53 --------- d-----w c:\program files\iPod
2009-02-05 00:53 --------- d-----w c:\program files\Common Files\Apple
2009-02-05 00:52 --------- d-----w c:\program files\Bonjour
2009-02-05 00:51 --------- d-----w c:\program files\QuickTime
2008-05-09 21:30 396 ----a-w c:\program files\thotd.cfg
2008-05-09 21:30 364 ----a-w c:\program files\cstats.cfg
2008-05-09 21:30 1,960 ----a-w c:\program files\scores.cfg
1998-06-11 02:24 85,280 ----a-w c:\program files\devs.cfg
1998-06-11 02:23 26 ----a-w c:\program files\thot3d.bat
1998-04-15 20:28 33,078 ----a-w c:\program files\wait.bmp
1998-02-04 15:47 65,536 ----a-w c:\program files\grey.tbl
1998-02-04 15:47 45,056 ----a-w c:\program files\slate32.dll
1998-02-04 15:47 1,024 ----a-w c:\program files\grey.pal
1998-01-20 18:34 65,536 ----a-w c:\program files\hotd.tbl
1997-12-29 12:54 1,024 ----a-w c:\program files\hotd.pal
1997-07-14 21:00 63,056 ----a-w c:\program files\dsetup16.dll
1997-07-14 21:00 41,984 ----a-w c:\program files\dsetup32.dll
1997-07-14 21:00 127,488 ----a-w c:\program files\dsetup.dll
1995-10-02 16:26 129,536 ----a-w c:\program files\isdbgn.dll
1995-05-01 15:01 3 ----a-w c:\program files\disk1.id
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E425EB4-ADBD-4816-B1E8-49BB9DECF034}]
2009-03-07 12:20 304624 --a------ c:\program files\Google\Advertising Cookie Opt-out\opt_out.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1015808]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3pyxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\WordBiz\\WordBiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Videora\\Videora.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7504:TCP"= 7504:TCP:Bittorrent

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-21 28544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S0 ati3pyxx;ati3pyxx;c:\windows\system32\Drivers\ati3pyxx.sys --> c:\windows\system32\Drivers\ati3pyxx.sys [?]
S2 0023461238110377mcinstcleanup;McAfee Application Installer Cleanup (0023461238110377);c:\docume~1\JASONC~1\LOCALS~1\Temp\002346~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\JASONC~1\LOCALS~1\Temp\002346~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a2b332d85e7a;Google Update Service (gupdate1c9a2b332d85e7a);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2008-12-18 120168]
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 21:37]

2009-03-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{179bbb32-64d6-4122-8ff8-216d3928d7b5} - c:\windows\system32\buzalevu.dll
BHO-{437EE22F-34D3-4F17-B1A4-65C79B75D20D} - (no file)
BHO-{A8A80357-3375-46BC-BDA3-E02DD32BE8FB} - (no file)
BHO-{c0879c49-9c25-4404-bcb1-5f48cf598349} - c:\windows\system32\iqarcw.dll
HKLM-Run-lukipivuye - c:\windows\system32\pefedamu.dll
Notify-gebcd - (no file)
Notify-iiffghh - iiffghh.dll
Notify-jkkll - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/news
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: wvu.edu\blue
Trusted Zone: wvu.edu\gold
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 13:15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?4?7?0??????? ???B?????????????hLC? ??????
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-03-29 13:20:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 17:20:04

Pre-Run: 2,342,973,440 bytes free
Post-Run: 2,420,854,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

643 --- E O F --- 2009-03-28 19:00:16
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 12:51 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Looks much better, still more work to do.

---------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


This round will take more time....

---------------------------------------------------------------------------------------------

  1. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

    Viewpoint Media Player
    Viewpoint Manager    <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

    Additional info: http://vil.nai.com/vil/content/v_137262.htm

    ---------------------------------------------------------------------------------------------
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/360888-slow-computer-pop-ups-all.html#post2050537

    Driver::
    ati3pyxx

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"="wdmaud.drv"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000000
    HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3pyxx.sys]
    Collect::
    c:\windows\system32\Drivers\ati3pyxx.sys
    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe


  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed.. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK. Follow the prompts.
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


  7. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
    • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
    • Click the "Download" button to the right.
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

    ---------------------------------------------------------------------------------------------
  8. Please perform this online scan to help look for remnants

    Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on Settings. Uncheck Mail databases.
    • Next, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    ---------------------------------------------------------------------------------------------

    How is the machine behaving, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 12:59 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
Before I do any of the newly posted step, the computer is still loading a bit sluggish on webpages and all, but there are now no more popups, and the computer has gotten remarkably quieter. Normally when Im on it, there is always a whirring noise from in it, sounds like there are alot less internal processes running now? Il have those logs posted as soon as I have the steps completed
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 01:02 PM   #8 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
cancle on that bit about the whirring noise, it is still doing that
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 05:22 PM   #9 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
Ok, so a bit of good news, the Kaspersky scan found no malware, no threats, no viruses, nothing, came up completely clean, so I dont think I have a report to generate for that, regardless, I attached a copy of whatever the "Save Report As..." option in the Scan Report gave me. Here is that report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 29, 2009 22:40:23
Records in database: 1985370
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 75568
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:18:05

No malware has been detected. The scan area is clean.

The selected area was scanned.


ALong with, here is the second log that ComboFix generated

ComboFix 09-03-28.06 - Jason Coral 2009-03-29 15:11:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.474 [GMT -4:00]
Running from: c:\documents and settings\Jason Coral\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason Coral\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ati3pyxx


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 12:26 . 2009-03-29 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-26 19:49 . 2009-03-26 19:49 <DIR> d-------- c:\documents and settings\Jason Coral\Application Data\McAfee
2009-03-26 19:38 . 2009-03-29 15:17 9,253 --a------ c:\windows\system32\Config.MPF
2009-03-26 19:37 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-03-26 19:33 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-26 19:33 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-03-26 19:33 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-26 19:33 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-03-26 19:33 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-26 19:33 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-03-26 19:31 . 2009-03-26 19:32 <DIR> d-------- c:\program files\McAfee.com
2009-03-26 19:31 . 2009-03-26 19:38 <DIR> d-------- c:\program files\McAfee
2009-03-26 19:31 . 2009-03-26 19:33 <DIR> d-------- c:\program files\Common Files\McAfee
2009-03-26 19:10 . 2009-03-26 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 19:07 --------- d-----w c:\documents and settings\Jason Coral\Application Data\StumbleUpon
2009-03-29 19:05 --------- d-----w c:\program files\Viewpoint
2009-03-29 19:05 --------- d-----w c:\documents and settings\Jason Coral\Application Data\Viewpoint
2009-03-29 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-29 17:12 --------- d-----w c:\program files\Google
2009-03-29 16:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-28 15:23 --------- d-----w c:\program files\Azureus
2009-03-26 23:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 23:26 375,072 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-26 23:26 32,708 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-26 23:26 162,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-26 23:26 12,922,144 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-26 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 21:31 512 ----a-w C:\ScanSectorLog.dat
2009-03-26 21:21 --------- d-----w c:\documents and settings\Jason Coral\Application Data\ZoomBrowser EX
2009-03-26 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-06 05:48 --------- d-----w c:\documents and settings\Jason Coral\Application Data\uTorrent
2009-02-19 03:40 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-19 03:31 --------- d-----w c:\program files\Lavasoft
2009-02-19 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-05 01:02 --------- d-----w c:\program files\Apple Software Update
2009-02-05 00:54 --------- d-----w c:\program files\iTunes
2009-02-05 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-05 00:53 --------- d-----w c:\program files\iPod
2009-02-05 00:53 --------- d-----w c:\program files\Common Files\Apple
2009-02-05 00:52 --------- d-----w c:\program files\Bonjour
2009-02-05 00:51 --------- d-----w c:\program files\QuickTime
2008-05-09 21:30 396 ----a-w c:\program files\thotd.cfg
2008-05-09 21:30 364 ----a-w c:\program files\cstats.cfg
2008-05-09 21:30 1,960 ----a-w c:\program files\scores.cfg
1998-06-11 02:24 85,280 ----a-w c:\program files\devs.cfg
1998-06-11 02:23 26 ----a-w c:\program files\thot3d.bat
1998-04-15 20:28 33,078 ----a-w c:\program files\wait.bmp
1998-02-04 15:47 65,536 ----a-w c:\program files\grey.tbl
1998-02-04 15:47 45,056 ----a-w c:\program files\slate32.dll
1998-02-04 15:47 1,024 ----a-w c:\program files\grey.pal
1998-01-20 18:34 65,536 ----a-w c:\program files\hotd.tbl
1997-12-29 12:54 1,024 ----a-w c:\program files\hotd.pal
1997-07-14 21:00 63,056 ----a-w c:\program files\dsetup16.dll
1997-07-14 21:00 41,984 ----a-w c:\program files\dsetup32.dll
1997-07-14 21:00 127,488 ----a-w c:\program files\dsetup.dll
1995-10-02 16:26 129,536 ----a-w c:\program files\isdbgn.dll
1995-05-01 15:01 3 ----a-w c:\program files\disk1.id
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_13.18.43.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2009-03-29 19:16:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E425EB4-ADBD-4816-B1E8-49BB9DECF034}]
2009-03-07 12:20 304624 --a------ c:\program files\Google\Advertising Cookie Opt-out\opt_out.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1015808]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\WordBiz\\WordBiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Videora\\Videora.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7504:TCP"= 7504:TCP:Bittorrent

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-21 28544]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S2 0023461238110377mcinstcleanup;McAfee Application Installer Cleanup (0023461238110377);c:\docume~1\JASONC~1\LOCALS~1\Temp\002346~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\JASONC~1\LOCALS~1\Temp\002346~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a2b332d85e7a;Google Update Service (gupdate1c9a2b332d85e7a);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2008-12-18 120168]
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 21:37]

2009-03-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/news
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: wvu.edu\blue
Trusted Zone: wvu.edu\gold
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 15:18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?4?7?0??p???? ???B?????????????hLC? ??????
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\ati2evxx.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-03-29 15:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 19:23:18
ComboFix2.txt 2009-03-29 17:20:36

Pre-Run: 2,348,605,440 bytes free
Post-Run: 2,348,380,160 bytes free

243 --- E O F --- 2009-03-29 19:03:26

Still no popups, but the comp is still on the sluggish side...
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 06:44 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Sometimes a computer never regains it's original performance after an infection. Or, sometimes it's concurrent issues, and malware has only brought those other issues to the fore. Sluggish, how? Can you be more specific? McAfee is something of a demanding application from a resource usage perspective. Is this a sudden downturn in performance, or has it been ongoing?

894.474

These numbers represent total physical memory/total free memory so...as you can see, ~50% is in use. More memory (RAM) might help.

Please see this sticky topic:

Is your PC running slow...?

After running through some of the procedures there, let me know if there's an improvement. I'll have some final housekeeping instructions from our cleanup work, and protection information to take forward.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 08:03 PM   #11 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
Well, I really just installed McAfee a few days ago. I was using AVG and Avast, but then switched to McAfee after I started to get the popup issue. The McAfee Im using is the one provided by Comcast, its free as Im a subscriber to Comcast. I also used Spybot: S&D, and while it was effective, there were always a few things that the program could never completely delete, I always got an error message saying that [the errrors] were being used by another program and couldnt be deleted. Id try to see if that was still going on, but when I DL'd the McAfee, it said that AVG, Avast and Spybot were not compatible with McAfee, so I got rid of them, hoping for an improvment...The work that you and I have done in the past two days has really had a dramatic effect on my computer however, its shown a really remarkable improvment from three days ago. Im going to try some of the suggestions in the Sticky you mentioned (Is you PC....) and Il get back to you, most likely tomorrow. Thanks for all the help so far Tet, its been great
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 08:22 PM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Hi jcor629 -

If you've just added McAfee and the machine is sluggish still after the trying some of the things in the sticky link I showed you, you may want to reconsider.

Avira is a very good and free AntiVirus product, you may want to give it a try. I like it best of the free AVs.

Avira AntiVir Personal

If you do decide to uninstall McAfee, please also run the McAfee Removal Tool.

Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

Don't run more than one AntiVirus at a time on the machine.

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

Let me know how things are going, as there are a couple post-cleaning instructions to take care of still.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 03:06 PM   #13 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
Ok, so I went down the list of things to try in the Sticky note, and cleared some general stuff out. My internet browser is still slow to load, but since Im using IE 7.0, according to the text I've read, its got that built in phishing filter. If I download and use Firefox, will tend to speed up load times? Also, as for the McAfee, it doesnt run like the free downloads from other companies, where I only have access to a limited part of the software, its the whole package, as long as Im subscribed to Comcast, but Il need Avira come May, when I got home from school and cancel my Comcast. Does Avira cover everthing, Virus Scan, Malware, etc?

Also, I did notice, when I defragged my harddrive, that out of the 100 gigs I had, I was using about 90....I cut that down to just below 75, but Im guessing that that attributes to a bit of slow down...Il keep clearing that out as I run across music and stuff I dont listen too...thats whats taking up a big chunk, music and movies...perhaps a external HD would be in order....

Other than that, youve been a huge help, and I really mean it when I say thank you.
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 05:09 PM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
In some ways, Firefox is slower to initially load, because of how it handles addons. If you run it without addons, it's pretty quick to load. Once it's open after first load, Firefox is quick to respond. Give it a try, or try Opera, another alternative browser. I like both Firefox and Opera, and use them most of the time. IE7 phishing can be turned off, but I don't recommend that as a solution.

Avira Free is just an AV, not a total package. They also have complete suites. You can piece together a nice protection package using freeware, but some folks like the ease of all-in-one protection. For most folks, if you're behind a router with a built-in hardware firewall, a third party software firewall is not necessary. The combination of a router's hardware firewall and Windows' native firewall is usually adequate. Firewalls are part of these suites, which add to system resource overhead.

Increasing the amount of free drive space should help with hdd read/write time, but I'm not sure how well that would translate to browser function.

Hope all that helps, and if you have other questions about how to optimize your machine, or to help troubleshoot the slow loading IE, please ask in either the Windows XP or Internet Explorer section of the forums.

Some final housekeeping instructions, and protection information...

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 07:46 PM   #15 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 9
OS: Windows XP


Re: Slow computer, pop ups and all
Great, i will absolutely take a look at this information, and implement as it seems fit. Thanks a bunch TetonBob, you've been a great help.
jcor629 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 08:18 PM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,646
OS: 2000 Pro; XP Pro; XP Home


Re: Slow computer, pop ups and all
Cheers, Jcor, glad to help.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:43 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85