unknown issue

We have been experiencing pop ups in yahoo programs, along with memory line issues. I did take all pictures and music off and put on an external hard drive. To free up enough memory to defragment. Thats the other issue. I suddenly didnt have any space on my disk. I had not downloaded any new programs other than my husband doing the yahoo draft for football. So I have cleaned, wiped and defragmented and ran anti virius issues...to no avail I am stumped. I did run these three scans while in safe mode. I am currently in safe mood. I can get in regular mode but was unsure what to do.





# AdwCleaner v3.001 - Report created 01/09/2013 at 09:09:24
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - MONSTERPUTER
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\LocalService\IECompatCache
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\SanctionedMedia
Folder Found C:\Documents and Settings\Owner\IECompatCache
Folder Found C:\Program Files\OApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2266 octets] - [01/09/2013 09:07:43]
AdwCleaner[R1].txt - [2186 octets] - [01/09/2013 09:09:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2246 octets] ##########

Last edited by shushon on 1st September 2013, 6:16 pm; edited 1 time in total

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: MONSTERPUTER [administrator]

9/1/2013 9:18:20 AM
mbam-log-2013-09-01 (09-18-20).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327947
Time elapsed: 32 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Results of screen317's Security Check version 0.99.73
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Avira Free Antivirus
PC Tools Firewall Plus 6.0
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
SlimCleaner
Java(TM) 6 Update 20
Java 7 Update 17
Java(TM) 6 Update 4
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

********************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
********************************************
Please tell me the size of the harddrive and how much free space you have.

Click Start> Computer> right click the C Drive and choose Properties>

# AdwCleaner v3.002 - Report created 03/09/2013 at 06:37:17
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - MONSTERPUTER
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Documents and Settings\LocalService\IECompatCache
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SanctionedMedia
Folder Deleted : C:\Documents and Settings\Owner\IECompatCache

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2266 octets] - [01/09/2013 09:07:43]
AdwCleaner[R1].txt - [2326 octets] - [01/09/2013 09:09:24]
AdwCleaner[R2].txt - [2550 octets] - [03/09/2013 06:33:39]
AdwCleaner[S0].txt - [2515 octets] - [03/09/2013 06:37:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2575 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 09/04/2013 at 17:58:06.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2D2B905-B23C-4A91-899C-4E60F3E535EE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/04/2013 at 18:01:59.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


22.5 gb in free space

22.5 gb in free space.

What is the size of the harddrive?

143 gb

Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please defrag your hard drive soon. If you need help, please let me know. (SSD means Solid State Drive)

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 13-09-04.04 - Owner 09/05/2013 19:18:26.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2415 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1363045757.bdinstall.bin
c:\documents and settings\All Users\Application Data\1363083825.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\EventSystem.log
c:\windows\system32\1A.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\SET31C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2013-08-05 to 2013-09-05 )))))))))))))))))))))))))))))))
.
.
2013-09-05 22:05 . 2013-09-05 22:05 -------- d-----w- c:\windows\LastGood.Tmp
2013-09-04 21:58 . 2013-09-04 21:58 -------- d-----w- c:\windows\ERUNT
2013-09-04 21:51 . 2013-09-04 21:51 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2013-09-04 20:35 . 2013-09-04 20:35 -------- d-sh--w- c:\documents and settings\Administrator.MONSTERPUTER\IECompatCache
2013-09-04 10:46 . 2013-09-04 10:46 -------- d-----w- c:\documents and settings\Administrator.MONSTERPUTER\Application Data\Windows Search
2013-09-01 13:07 . 2013-09-04 10:37 -------- d-----w- C:\AdwCleaner
2013-08-23 10:30 . 2013-08-23 10:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 10:32 . 2013-03-12 10:53 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 10:52 . 2013-03-12 10:53 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-21 23:56 . 2012-11-17 15:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 23:56 . 2011-06-19 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTAzNTY5MzQ5LVU5MCsxLUZQOSs2LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrMi1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVVArNC1TUDFTNCsxLUREVCs0Nzg4OS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisxLVRCVlVQRysxMi1GMTBNMTJGVCsxLVRCTisx&prod=90&ver=10.0.1416 [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/12/2013 6:53 AM 37352]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/8/2010 6:19 PM 233136]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/12/2013 6:53 AM 84024]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [7/8/2010 6:19 PM 88040]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/4/2011 6:32 PM 47360]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/8/2010 6:18 PM 58816]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 1:44 AM 69692]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/8/2010 6:18 PM 70664]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/8/2010 6:18 PM 115216]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [1/4/2011 6:25 PM 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [1/4/2011 6:25 PM 16640]
S3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\Drivers\SPIXNEW.SYS --> c:\windows\system32\Drivers\SPIXNEW.SYS [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 6:46 PM 158248]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [10/16/2008 11:05 PM 98984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
AddRemove-PC Tools Firewall Plus - c:\program files\PC Tools Firewall Plus\unins000.exe
AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-05 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\ModPS2Key.exe
c:\windows\zHotkey.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Completion time: 2013-09-05 19:34:44 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-05 23:34
ComboFix2.txt 2013-03-11 22:48
.
Pre-Run: 24,308,408,320 bytes free
Post-Run: 24,178,630,656 bytes free
.
- - End Of File - - 02C24CA2D0C9D91A167BE29784E574E3
11D5405A8DDC283035C60676D2A472E8


I did defragment before we started the clean up.I also removed tons of pics and music so that it would allow me to defrag. Two months ago I had 62 gb free, now it seems it disappeared quite quickly. My husband plays the yahoo fantasy football, this seems to be when the problem began to occur.

RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2013 21:21:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ModPS2Key.exe -- C:\WINDOWS\ModPS2Key.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805B1EA4 -> HOOKED (Unknown @ 0xBA70306C)
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0xBA703026)
[Address] SSDT[50] : NtCreateSection @ 0x805A092C -> HOOKED (Unknown @ 0xBA703076)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0xBA70301C)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0xBA70302B)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0xBA703035)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0xBA703067)
[Address] SSDT[98] : NtLoadKey @ 0x8061D1B0 -> HOOKED (Unknown @ 0xBA70303A)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0xBA703008)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0xBA70300D)
[Address] SSDT[177] : NtQueryValueKey @ 0x806191B0 -> HOOKED (Unknown @ 0xBA70308F)
[Address] SSDT[193] : NtReplaceKey @ 0x8061D060 -> HOOKED (Unknown @ 0xBA703044)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805982D0 -> HOOKED (Unknown @ 0xBA703080)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0xBA70303F)
[Address] SSDT[213] : NtSetContextThread @ 0x805C90E6 -> HOOKED (Unknown @ 0xBA70307B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805B622A -> HOOKED (Unknown @ 0xBA703085)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0xBA703030)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8060EED6 -> HOOKED (Unknown @ 0xBA70308A)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0xBA703017)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA70309E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA7030A3)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤



I did not select anything to be deleted. Also I am at the same disk space I was at earlier. And I defragmented before running roguekiller.

Please run RogueKiller again and delete those items. No need to post the log.
Sorry about asking about the size of the harddrive. I deal with so many clients that I sometimes lose track.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=85a04d26570b23409500d65355b73771
# engine=15031
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-06 01:19:11
# local_time=2013-09-06 09:19:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=771 16777214 16 1 15346770 15346770 0 0
# compatibility_mode=1799 16775165 100 97 0 148205256 0 0
# scanned=78295
# found=1
# cleaned=1
# scan_time=5781
sh=BBC99ADBAD4144CD67BD5D4AA819A0F23CB92377 ft=1 fh=b9aaa4c3971a1350 vn="a variant of MSIL/Adware.iBryte.B application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP174\A0014350.exe"

[version]
signature="$CHICAGO$"
AdvancedINF=2.0

[Setup Hooks]
hookRegOcx=hookRegOcx

[hookRegOcx]
run=%EXTRACT_DIR%\ESETSmartInstaller.exe -i #version=1.0.0.6920

How's your computer running now? Any other issues before we clean up?

no other issues. Microsoft updates updated 15 files. One would not download. Other than that and my space is now at 21 gb free, we are good to go. Any suggestions you have will be gladly received/ Thank you for taking your time to help me.

Windows requires at least 15% of your harddrive to operate efficiently. In your case that would 15Gb or so. Just be sure to not let it drop too low.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!