0

My laptop has been running extremely slow. It takes a long time to open and close programs, and to perform routine tasks including internet browsing. It's almost unbearable to use.

Your analysis and recommendations will be greatly appreciated!!!

The laptop is a Dell Inspiron E1705 running Windows XP Media Center Edition 2002, Service Pack 3.

I've run through all the initial cleaning process steps as instructed:
1) Malicious Software Removal Tool: "No malicious software was detected"
2) ATF Cleaner:
- selected all files to delete
- ATF CLEANER has freed 208.055 MBs
3) GMER Rootkit Scanner:
- quick scan saved as GMER One.log
- full scan saved as GMER TWo.log
4) Malwarebytes'Anti-Malware:
- full scan found: Files Infected: C:Documents and SettingsCherieApplication DataAdobekernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
5) DDS Scanlog:
- saved DDS.txt and Attach.txt

----
HERE ARE THE REQUESTED SCANLOGS.......

[U]MalwareBytes’ Anti-Malware log[/U] 

Malwarebytes' Anti-Malware 1.46
[url]www.malwarebytes.org[/url]

Database version: 5190

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/26/2010 12:13:54 AM
mbam-log-2010-11-26 (00-13-54).txt

Scan type: Full scan (C:|)
Objects scanned: 277917
Time elapsed: 1 hour(s), 45 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:Documents and SettingsCherieApplication DataAdobekernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-------

[U]GMER One.log[/U]

GMER 1.0.15.15530 - [url]http://www.gmer.net[/url]
Rootkit quick scan 2010-11-25 10:06:28
Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS022D
Running: nsis2g7c.exe; Driver: C:DOCUME~1CherieLOCALS~1Tempkwliqkob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  DriverTcpip DeviceTcp                Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  DriverKbdclass DeviceKeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  DriverKbdclass DeviceKeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

-------

[U]GMER Two.log[/U]


GMER 1.0.15.15530 - [url]http://www.gmer.net[/url]
Rootkit scan 2010-11-25 18:08:15
Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS022D
Running: nsis2g7c.exe; Driver: C:DOCUME~1CherieLOCALS~1Tempkwliqkob.sys


---- System - GMER 1.0.15 ----

SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                   ZwCreateKey [0xF84C487E]
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                   ZwSetValueKey [0xF84C4BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice  DriverKbdclass DeviceKeyboardClass0             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  DriverKbdclass DeviceKeyboardClass1             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  DriverTcpip DeviceTcp                           Lbd.sys (Boot Driver/Lavasoft AB)

Device          FileSystemFastfat Fat                            A8297D20

AttachedDevice  FileSystemFastfat Fat                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          FileSystemFs_Rec FileSystemUdfsCdRomRecognizer  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          FileSystemFs_Rec FileSystemFatCdRomRecognizer   tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          FileSystemFs_Rec FileSystemCdfsRecognizer       tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          FileSystemFs_Rec FileSystemFatDiskRecognizer    tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          FileSystemFs_Rec FileSystemUdfsDiskRecognizer   tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          FileSystemCdfs Cdfs                              tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


-----

[U]DDS.txt[/U]



DDS (Ver_10-11-10.01) - NTFSx86  
Run by Cherie at 20:57:03.37 on Wed 12/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.502.146 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)   {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe -k hpdevmgmt
C:WINDOWSsystem32svchost.exe -k HPService
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:Program FilesGoogleUpdate1.2.183.39GoogleCrashHandler.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSehomeehtray.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32WLTRAY.exe
C:WINDOWSstsystra.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesNetWaitingnetWaiting.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:Program FilesHPDigital Imagingbinhpqgalry.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHPDigital Imagingbinhpqbam08.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Documents and SettingsCherieDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ModemOnHold] c:program filesnetwaitingnetWaiting.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [DellSupport] "c:program filesdellsupportDSAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:program filescyberlinkpowerdvdDVDLauncher.exe"
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [HP Component Manager] "c:program fileshphpcoretechhpcmpmgr.exe"
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [MSKDetectorExe] c:program filesmcafeespamkillerMSKDetct.exe /uninstall
mRun: [ISUSPM Startup] "c:program filescommon filesinstallshieldupdateserviceisuspm.exe" -startup
mRun: [LogitechQuickCamRibbon] "c:program fileslogitechlogitech webcam softwareLWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
StartupFolder: c:docume~1cheriestartm~1programsstartupfrostw~1.lnk - c:program filesfrostwireFrostWire.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpimag~1.lnk - c:program fileshpdigital imagingbinhpqthb08.exe
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1micros~4office11EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office11REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.comonline
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.photoworks.com/pixami/BPImageEditor.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/49.12/uploader2.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.evite.com/html/imageUpload/ImageUploader5.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.twango.com/tools/uploader/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vralimusalpdc15.connectge.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2010-11-20 64288]
S2 USBHSB;GeneLink File Transfer Driver;c:windowssystem32driversusbhsb.sys [2006-5-31 18690]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program fileslavasoftad-awarekernexplorer.sys [2010-9-23 15264]

=============== Created Last 30 ================

2010-11-28 21:32:38 --------    d-----w-    c:program filesiPod
2010-11-28 21:32:02 --------    d-----w-    c:program filesiTunes
2010-11-26 03:09:51 38224   ----a-w-    c:windowssystem32driversmbamswissarmy.sys
2010-11-26 03:09:48 20952   ----a-w-    c:windowssystem32driversmbam.sys
2010-11-26 03:09:47 --------    d-----w-    c:program filesMalwarebytes' Anti-Malware
2010-11-21 16:37:50 --------    d-----w-    c:docume~1cherieapplic~1Malwarebytes
2010-11-21 16:37:29 --------    d-----w-    c:docume~1alluse~1applic~1Malwarebytes
2010-11-21 16:26:22 --------    d-sh--w-    c:documents and settingscherieIECompatCache
2010-11-21 16:25:45 --------    d-----w-    c:program filesCCleaner
2010-11-21 16:22:41 --------    d-sh--w-    c:documents and settingscheriePrivacIE
2010-11-21 16:19:16 --------    d-sh--w-    c:documents and settingscherieIETldCache
2010-11-21 15:32:36 --------    d-----w-    c:windowsie8updates
2010-11-21 15:10:06 --------    dc-h--w-    c:windowsie8
2010-11-21 15:02:03 13312   ------w-    c:windowssystem32dllcacheiecompat.dll
2010-11-21 15:01:55 12800   ------w-    c:windowssystem32dllcachexpshims.dll
2010-11-21 15:01:53 743424  ------w-    c:windowssystem32dllcacheiedvtool.dll
2010-11-21 15:01:53 247808  ------w-    c:windowssystem32dllcacheieproxy.dll
2010-11-21 03:18:54 15880   ----a-w-    c:windowssystem32lsdelete.exe
2010-11-20 22:47:55 64288   ----a-w-    c:windowssystem32driversLbd.sys
2010-11-20 22:47:12 98392   ----a-w-    c:windowssystem32driversSBREDrv.sys
2010-11-20 22:41:10 --------    d-----w-    c:docume~1cherielocals~1applic~1Sunbelt Software
2010-11-20 21:51:58 --------    dc-h--w-    c:docume~1alluse~1applic~1{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-20 21:50:29 --------    d-----w-    c:program filesLavasoft

==================== Find3M  ====================

2010-09-28 20:44:52 4184352 ----a-w-    c:windowssystem32usbaaplrc.dll
2010-09-20 15:56:30 60  ----a-w-    c:windowswpd99.drv
2010-09-18 16:23:26 974848  ----a-w-    c:windowssystem32mfc42u.dll
2010-09-18 06:53:25 974848  ----a-w-    c:windowssystem32mfc42.dll
2010-09-18 06:53:25 954368  ----a-w-    c:windowssystem32mfc40.dll
2010-09-18 06:53:25 953856  ----a-w-    c:windowssystem32mfc40u.dll
2010-09-10 05:58:08 916480  ----a-w-    c:windowssystem32wininet.dll
2010-09-10 05:58:06 43520   ------w-    c:windowssystem32licmgr10.dll
2010-09-10 05:58:06 1469440 ------w-    c:windowssystem32inetcpl.cpl
2010-09-08 15:17:46 94208   ----a-w-    c:windowssystem32QuickTimeVR.qtx
2010-09-08 15:17:46 69632   ----a-w-    c:windowssystem32QuickTime.qts

============= FINISH: 20:59:48.94 ===============


------

[U]Attach.txt[/U]



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume2
Install Date: 5/17/2006 10:21:31 PM
System Uptime: 12/1/2010 8:20:27 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0FF049
Processor: Genuine Intel(R) CPU           T1300  @ 1.66GHz | Microprocessor | 981/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 30.063 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8000 A809
Device ID: ROOTMULTIFUNCTION�000
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOTMULTIFUNCTION�000
Service: 

==== System Restore Points ===================

RP1231: 9/2/2010 7:35:10 AM - System Checkpoint
RP1232: 9/3/2010 8:35:13 AM - System Checkpoint
RP1233: 9/4/2010 9:35:13 AM - System Checkpoint
RP1234: 9/5/2010 9:56:16 AM - System Checkpoint
RP1235: 9/6/2010 10:41:28 AM - System Checkpoint
RP1236: 9/7/2010 11:41:27 AM - System Checkpoint
RP1237: 9/8/2010 3:00:23 AM - Software Distribution Service 3.0
RP1238: 9/9/2010 3:04:01 AM - System Checkpoint
RP1239: 9/10/2010 4:04:03 AM - System Checkpoint
RP1240: 9/11/2010 5:03:49 AM - System Checkpoint
RP1241: 9/12/2010 6:03:52 AM - System Checkpoint
RP1242: 9/13/2010 7:03:21 AM - System Checkpoint
RP1243: 9/14/2010 10:01:50 AM - System Checkpoint
RP1244: 9/15/2010 10:05:53 AM - System Checkpoint
RP1245: 9/15/2010 11:16:57 AM - Software Distribution Service 3.0
RP1246: 9/16/2010 11:34:08 AM - System Checkpoint
RP1247: 9/17/2010 12:33:56 PM - System Checkpoint
RP1248: 9/18/2010 1:33:46 PM - System Checkpoint
RP1249: 9/19/2010 2:33:52 PM - System Checkpoint
RP1250: 9/20/2010 3:33:50 PM - System Checkpoint
RP1251: 9/21/2010 9:31:24 PM - System Checkpoint
RP1252: 9/22/2010 9:44:31 PM - System Checkpoint
RP1253: 9/23/2010 10:25:20 PM - System Checkpoint
RP1254: 9/24/2010 10:40:43 PM - System Checkpoint
RP1255: 9/25/2010 11:40:41 PM - System Checkpoint
RP1256: 9/27/2010 12:40:42 AM - System Checkpoint
RP1257: 9/28/2010 1:40:43 AM - System Checkpoint
RP1258: 9/29/2010 2:40:42 AM - System Checkpoint
RP1259: 9/29/2010 3:00:18 AM - Software Distribution Service 3.0
RP1260: 9/30/2010 3:40:43 AM - System Checkpoint
RP1261: 10/21/2010 8:02:40 PM - System Checkpoint
RP1262: 10/21/2010 9:07:44 PM - Software Distribution Service 3.0
RP1263: 10/22/2010 10:06:22 PM - System Checkpoint
RP1264: 10/23/2010 11:02:23 PM - System Checkpoint
RP1265: 11/6/2010 12:00:12 AM - System Checkpoint
RP1266: 11/6/2010 11:02:03 PM - System Checkpoint
RP1267: 11/8/2010 12:59:21 AM - System Checkpoint
RP1268: 11/11/2010 2:02:25 PM - System Checkpoint
RP1269: 11/11/2010 10:58:28 PM - Software Distribution Service 3.0
RP1270: 11/16/2010 5:30:13 PM - System Checkpoint
RP1271: 11/17/2010 6:25:04 PM - System Checkpoint
RP1272: 11/18/2010 7:25:04 PM - System Checkpoint
RP1273: 11/20/2010 12:29:24 PM - System Checkpoint
RP1274: 11/21/2010 10:13:05 AM - Installed Windows Internet Explorer 8.
RP1275: 11/21/2010 10:19:13 AM - Software Distribution Service 3.0
RP1276: 11/22/2010 10:57:44 AM - System Checkpoint
RP1277: 11/23/2010 10:01:12 AM - Software Distribution Service 3.0
RP1278: 11/24/2010 10:36:08 AM - System Checkpoint
RP1279: 11/25/2010 2:07:36 PM - System Checkpoint
RP1280: 11/28/2010 12:29:54 PM - System Checkpoint
RP1281: 11/29/2010 12:37:25 PM - System Checkpoint
RP1282: 11/30/2010 1:07:53 PM - System Checkpoint

==== Installed Programs ======================


2600
2600_Help
2600Trb
32 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AiO_Scan
AiOSoftware
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avant Media Player
Bonjour
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
BufferChm
Canon MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Copy
Coupon Printer for Windows
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Dell Digital Jukebox Driver
Dell Game Console
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Destinations
DeviceDiscovery
Digital Content Portal
Digital Line Detect
DocProc
Documentation & Support Launcher
DocumentViewer
ELIcon
Fax
FrostWire 4.21.1
GdiplusUpgrade
GemMaster Mystic
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Imaging Device Functions 12.0
HP Officejet Pro 8000 A809 Series
HP PSC & OfficeJet 4.2
HP Software Update
HP Update
HPODiscovery
HPSystemDiagnostics
InfraRecorder
InstantShare
Intel(R) Graphics Media Accelerator Driver
InterActual Player
Internal Network Card Power Management
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Juniper Networks Host Checker
Learn2 Player (Uninstall Only)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
Network
New York Times - Times Reader
Norton 360
Otto
overland
Pdf995
PhotoGallery
PhotoStreamer 2
Picasa 3
PowerDVD 5.7
PrintScreen
ProductContext
QFolder
QuickProjects
QuickSet
QuickTime
Readme
RealPlayer Basic
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Skype™ 4.1
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wgaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB File Transfer 1.11A
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WexTech AnswerWorks
Winamp (remove only)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/1/2010 8:21:13 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.7 for the Network Card with network address 001422F76803 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/28/2010 5:31:02 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/28/2010 12:13:44 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 001422F76803 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/26/2010 1:56:22 AM, error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/26/2010 1:56:22 AM, error: Service Control Manager [7000]  - The GeneLink File Transfer Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/25/2010 10:10:55 AM, error: atapi [9]  - The device, DeviceIdeIdePort0, did not respond within the timeout period.

==== End Of File ===========================

Edited by mike_2000_17: Fixed formatting

2
Contributors
7
Replies
10
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Hello rodrigan, welcome to daniweb. Thank you for following our Read Me sticky and posting the logs.
One thing I point out from our Read Me first sticky is this, 1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. I see that you have FrostWire 4.21.1 installed on your computer. Since this is the most current version I have to assume that you DO use this and while you did follow directions to disable it, it IS listed in your auto starting programs so I presume that you use it often. Based on the fact that you have an 80gb hard drive and only 30gb free space remaining I would presume that you have a lot of music and/or videos on the computer and likely many of them were obtained via Frostwire. Just using P2P as PhilliePhan states in the Read Me sticky; P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt. Besides the risk of severe infection via P2P, downloading copyrighted material without paying for it is illegal. Individuals are and have been prosecuted for this here in the US and have been found guilty. Others have had their internet connections canceled by their ISP's also because downloads CAN be traced right to your computer.

I also see that you have parts of two anti-virus/security suites running on the computer, Lavasoft Ad-Watch Live! Anti-Virus and Norton 360, which is a full security suite and a fairly large program besides. You must remove one of these entirely. Having two anti-virus programs lessens the protection AND will make the computer run slower. If the Norton program is current, paid for and has not expired then Uninstall the Ad-Aware program.

I find it ironic that the one program I see that is truly up to date IS the Frostwire program, many others you have installed are way out of date:
Your Java is very far behind. I see Java 2 Runtime Environment, SE v1.4.2_03,
Java(TM) 6 Update 11,Java(TM) 6 Update 7. The current, most up to date version is Version 6 Update 22. Out of date Java can certainly slow internet browsing.
Go to this page; http://www.java.com/en/download/manual.jsp and download the Offline Install file, save it to your desktop for easy access. Then close ALL browsers and Uninstall All the old version of Java using Add/Remove. Once you have uninstalled all those old versions then double click that install file on your desktop to install the newest version. Watch the install VERY closely as it often contains extra toolbars like the yahoo toolbar, you certainly don't want those. You ARE given the option to NOT install by removing a check mark next to them, take that check mark out and continue with the install. Once it is installed then go back to the download page and click Verify Now to check that the isntall went as planned.

You also have SpyBot Search & Destroy installed, a very good security scanner, however, you show these two, Spybot - Search & Destroy,
Spybot - Search & Destroy 1.5.2.20. The most current version is 1.6.2 so your two are out of date also. Your MBA-M program is now out of date, though it was not at the time of your scan which was four days ago. The newest version, 1.50 was released on Nov. 29th.
You show an out of date version of HiJackThis installed, 2,0.2 current version is 2.0.4
You also have the Coupon Printer for Windows installed which is considered malware.

You need to correct all of the above and I would advise that you also remove some of the downloaded music that you have stored on there.

Because a Trojan was found by MBA-M you need to update the program to the latest version and latest database which as of this moment is database 5230. When you update the program version you will also receive at least a partial database update but once the newest version is installed you should run the Update once more and then do another Full Scan with it. Of course have it Remove anything found and Reboot the computer.
Then do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Again then Reboot the computer. Post back here with both of those logs along with a system scan log done with the Newest version of HiJackThis which you can download from here:

http://free.antivirus.com/hijackthis/

Do all of that and we can take a look at those logs and see if anything else should be done in the way of cleaning and see if we can get this computer running fast again.

0

Thanks so much for your thorough analysis! I'll work on your recommendations and report back within the next day or two.

One thing that was surprising to me is that Norton 360 is showing up. I uninstalled the program quite a while back after my subscription expired, and I do not see any trace of it....it doesn't appear in Start -> Programs, and I don't see it in Control Panel -> Add or Remove Programs. I also don't see a folder for it in Program Files.

Any suggestions on how to remove whatever might be left of the program?

0

You need to work on this quicker than every day or two. If there IS infection on there it can continue to get bigger the longer you take and will be harder to remove.
As for the Norton showing, it is likely there are small remainders on there. We can take care of that AFTER you finish all the other steps.

0

Sorry for the delay. Here are the actions I have taken... Thanks again!

1) P2P Programs:
- Uninstalled FrostWire 4.21.1

2) Two anti-virus suites running on the computer:
- I uninstalled Norton 360 quite a while back after my subscription expired
- Does not appear in Start -> Programs
- Does not appear as a folder in Program Files
- Does not appear in Control Panel -> Add or Remove Programs
- However, I found "Symantec Technical Support Web Controls" which I uninstalled successfully

3) Java versions:
- Uninstalled Java 2 Runtime Environment, SE v1.4.2_03,Java(TM) 6 Update 11,and Java(TM) 6 Update 7
- Installed Java(TM) Version 6 Update 22
- Versified Java version with results: "Congratulations! You have the recommended Java installed (Version 6 Update 22)."

4) Spybot:
- Uninstalled Spybot - Search & Destroy
- Uninstalled Spybot - Search & Destroy 1.5.2.20

5) HiJackThis:
- Uninstalled 2.0.2
- Installed 2.0.4

6) Coupon Printer for Windows:
- Uninstalled

7) MBA-M:
- Updated to version 1.50, database 5248
- Ran full scan
- Files Infected:
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP1279\A0159796.dll (Trojan.Agent) -> Quarantined and deleted successfully.
- Selected item was removed successfully
- Rebooted computer

8) ESET:
- Ran ESET Online Scanner
- Scan results: "No threats found"
- Rebooted compuer

9) HiJackThis:
- Ran newest version
- Created system scan log


LOGS BELOW......

MBA-M:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2010 12:39:14 PM
mbam-log-2010-12-05 (12-39-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 282305
Time elapsed: 1 hour(s), 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP1279\A0159796.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-----

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c21860506b060041a27c3ae5130d4c95
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-05 07:27:06
# local_time=2010-12-05 02:27:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 26431667 26431667 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120519
# found=0
# cleaned=0
# scan_time=4362


-----

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:33 PM, on 12/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.twango.com/tools/uploader/ImageUploader4.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vralimusalpdc15.connectge.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10623 bytes

0

Your scan logs look good. The 1 item found by MBA-M was in your system restore.
One reason for the slowness of the computer is too many programs running at start up and then many continue to run all the time in the back ground, even if you aren't using them. Here's a list of items to turn off which aren't needed to run the computer OR needed to run the programs themselves and they can be run manually when needed.
To turn these items off you can use this small program to stop them. It is called Mike Lin's Startup Control Panel and can be found at this link;

http://www.mlin.net/StartupCPL.shtml

You can either install it or choose the Standalone version which isn't installed. If you install it then it will be found in the Control Panel with a little computer icon labeled Startups. Standalone version just sits where ever you choose to download it. Either one works the same.
Double click the icon and when the program opens you will see a number of Tabs. Go through each tab and look for the following listings, when you see one of them, take the check mark OUT of the box next to the name. Continue through the list until you have found each and removed its check mark. Once you are finished, close the program and reboot the computer and see if the speed has improved.

Here is the list and an explanation of each item:

ehTray>>This startup loads a system tray icon that allows you to control various aspects of Media Center
DVDLauncher>>A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process
ISUSScheduler>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software. Not needed, search manually for updates.
HP Component Manager>>Another auto updater. Not needed, do it manually
HP Software Update>>Another auto updater. Not needed, do it manually
MSKDetectorExe>>Part of McAfee Spamkiller. This is up to you. It's a paid program so if you paid for it leave it running. If you didn't pay for it then it isn't working anymore and you should uninstall it.
ISUSPM Startup>>Another auto updater. Not needed, do it manually
LogitechQuickCamRibbon>>automatically installed with all Logitech QuickCam devices but not needed.
Adobe Reader Speed Launcher>>exactly what it says it is. Purports to speed time of opening of the Adobe Reader, maybe by a few seconds at most.
QuickTime Task>>System Tray access to Apple's "Quick Time" viewer
SunJavaUpdateSched>>java auto update notifier. Not worth it, do it manually.
ModemOnHold>>NetWaiting Modem-on-Hold Application. Unless you are on dial-up this wouldn't be needed.
MSMSGS>>Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. This isn't an IM program but the one with the annoying messages from your system,
DellSupport>>Dell's support tool bundled on their computers. Can be run manually as necessary.

0

I disabled these, and it made all the difference...the computer is running noticeably faster now!

Thanks so much. I really appreciate it.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.