[InActive K] Malware Bytes found PUP.Bundelinstallers

[kcrawhorn]

This computer has become very slow and unresponsive for the last 2 to 3 weeks.  I ran a scan with Malware Bytes Anti-Malware.  The results showed 3 PUP.Bundleinstallers.  

Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
customer1 :: KEVINSPC [administrator]

6/15/2012 9:57:41 AM
mbam-log-2012-06-15 (10-16-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209399
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\customer1\My Documents\Downloads\PlayPickle_UnlockGames.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Documents and Settings\customer1\My Documents\Downloads\Tube2FileSetup(1).exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Documents and Settings\customer1\My Documents\Downloads\Tube2FileSetup.exe (PUP.BundleInstaller.IB) -> No action taken.

(end)

[kevinf80]

Follow the instructions here NEW Instructions! What Do I Do First? and post relevent logs..

Thank you,

kevinf80

[kcrawhorn]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_31
Run by customer1 at 10:33:04 on 2012-06-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1373 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Superfish: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\Superfish.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: AL2Spy Class: {dc200356-0864-4f66-8964-5d43a19300f5} - c:\windows\autolo~1\AL2DLL.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\Superfish.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160522783484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155655455656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3A17128A-31C1-494A-B8F5-0761BE95C120} : DhcpNameServer = 66.38.1.91 66.38.0.240 66.38.0.241
TCP: Interfaces\{6151B8D1-1250-49F0-A78C-282061E09E38} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8AD25AF2-6805-4F2F-B834-8F6890B2EDCB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAA11E2B-BF70-4753-AC88-0B28DAA776B1} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\customer1\application data\mozilla\firefox\profiles\gygvqas6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9b5491a7-5335-4be7-ac85-02b376fd61ba%7D&mid=394e44f4630a47d18da8d15e776005a6-87d0ec190e4c69a23e608e916e5c08d08c9e9e6c&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2011-12-22%2017%3A52%3A00&sap=ku&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-4 136176]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-4 136176]
S3 IPN2220;802.11g Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2006-10-16 140288]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 129976]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2012-06-13 18:00:30   521728   -c----w-   c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 15:15:04   --------   d-----w-   c:\documents and settings\customer1\local settings\application data\AVG Secure Search
2012-06-11 21:50:35   --------   d-----w-   c:\windows\system32\cache
2012-06-06 16:20:36   --------   d-----w-   c:\program files\common files\Symantec Shared
2012-06-06 16:20:27   --------   d-----w-   c:\documents and settings\all users\application data\Norton
2012-06-06 16:20:24   --------   d-----w-   c:\program files\NortonInstaller
2012-06-06 16:20:24   --------   d-----w-   c:\documents and settings\all users\application data\NortonInstaller
2012-06-06 14:18:11   --------   d-----w-   c:\windows\system32\Adobe
2012-06-04 11:39:42   --------   d-----w-   c:\program files\common files\xing shared
2012-06-04 11:39:10   129144   ----a-w-   c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M  ====================
.
2012-06-04 11:38:52   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-06-04 11:38:52   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-05-31 13:22:09   599040   ----a-w-   c:\windows\system32\crypt32.dll
2012-05-16 15:08:26   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-05-15 13:20:33   1863168   ----a-w-   c:\windows\system32\win32k.sys
2012-05-11 14:42:33   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02   385024   ----a-w-   c:\windows\system32\html.iec
2012-05-05 15:02:33   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:02:33   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-04 13:12:30   2192640   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19   2069120   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-01 20:28:53   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-04-01 20:28:52   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
============= FINISH: 10:33:56.76 ===============

[kcrawhorn]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/16/2009 11:13:35 AM
System Uptime: 6/14/2012 3:21:22 AM (31 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | A8S-X
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 126.09 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP13: 4/7/2012 1:20:36 PM - System Checkpoint
RP14: 4/8/2012 2:18:01 PM - System Checkpoint
RP15: 4/9/2012 3:23:09 PM - System Checkpoint
RP16: 4/10/2012 4:09:56 PM - System Checkpoint
RP17: 4/11/2012 3:00:30 AM - Software Distribution Service 3.0
RP18: 4/12/2012 3:26:21 AM - System Checkpoint
RP19: 4/13/2012 4:26:21 AM - System Checkpoint
RP20: 4/14/2012 4:38:59 AM - System Checkpoint
RP21: 4/15/2012 5:59:37 AM - System Checkpoint
RP22: 4/16/2012 6:26:15 AM - System Checkpoint
RP23: 4/17/2012 10:45:17 AM - System Checkpoint
RP24: 4/18/2012 11:26:14 AM - System Checkpoint
RP25: 4/19/2012 3:13:41 PM - System Checkpoint
RP26: 4/20/2012 4:16:11 PM - System Checkpoint
RP27: 4/21/2012 4:37:02 PM - System Checkpoint
RP28: 4/22/2012 5:37:20 PM - System Checkpoint
RP29: 4/23/2012 5:51:14 PM - System Checkpoint
RP30: 4/24/2012 6:09:18 PM - System Checkpoint
RP31: 4/25/2012 6:51:16 PM - System Checkpoint
RP32: 4/26/2012 7:31:03 PM - System Checkpoint
RP33: 4/27/2012 8:31:03 PM - System Checkpoint
RP34: 4/28/2012 8:36:40 PM - System Checkpoint
RP35: 4/29/2012 10:06:18 PM - System Checkpoint
RP36: 4/30/2012 10:30:55 PM - System Checkpoint
RP37: 5/1/2012 11:11:01 PM - System Checkpoint
RP38: 5/2/2012 11:47:58 PM - System Checkpoint
RP39: 5/3/2012 11:49:39 PM - System Checkpoint
RP40: 5/5/2012 12:47:59 AM - System Checkpoint
RP41: 5/6/2012 1:18:25 AM - System Checkpoint
RP42: 5/7/2012 2:18:24 AM - System Checkpoint
RP43: 5/8/2012 3:18:24 AM - System Checkpoint
RP44: 5/9/2012 4:18:15 AM - System Checkpoint
RP45: 5/10/2012 5:18:16 AM - System Checkpoint
RP46: 5/11/2012 3:00:31 AM - Software Distribution Service 3.0
RP47: 5/12/2012 3:27:57 AM - System Checkpoint
RP48: 5/13/2012 4:27:56 AM - System Checkpoint
RP49: 5/14/2012 5:04:32 AM - System Checkpoint
RP50: 5/15/2012 6:05:53 AM - System Checkpoint
RP51: 5/16/2012 7:36:12 AM - System Checkpoint
RP52: 5/17/2012 8:04:26 AM - System Checkpoint
RP53: 5/18/2012 10:58:07 AM - System Checkpoint
RP54: 5/19/2012 11:05:31 AM - System Checkpoint
RP55: 5/20/2012 11:33:09 AM - System Checkpoint
RP56: 5/21/2012 12:23:09 PM - System Checkpoint
RP57: 5/22/2012 1:10:04 PM - System Checkpoint
RP58: 5/23/2012 2:10:04 PM - System Checkpoint
RP59: 5/24/2012 2:56:22 PM - System Checkpoint
RP60: 5/25/2012 3:56:10 PM - System Checkpoint
RP61: 5/26/2012 4:48:32 PM - System Checkpoint
RP62: 5/27/2012 4:59:44 PM - System Checkpoint
RP63: 5/28/2012 5:18:22 PM - System Checkpoint
RP64: 5/29/2012 5:59:43 PM - System Checkpoint
RP65: 5/30/2012 6:32:05 PM - System Checkpoint
RP66: 5/31/2012 6:50:28 PM - System Checkpoint
RP67: 6/1/2012 7:37:08 PM - System Checkpoint
RP68: 6/2/2012 7:37:22 PM - System Checkpoint
RP69: 6/3/2012 10:28:29 PM - System Checkpoint
RP70: 6/4/2012 3:00:17 AM - Software Distribution Service 3.0
RP71: 6/5/2012 3:56:41 AM - System Checkpoint
RP72: 6/6/2012 4:52:24 AM - System Checkpoint
RP73: 6/7/2012 5:17:14 AM - System Checkpoint
RP74: 6/8/2012 5:52:24 AM - System Checkpoint
RP75: 6/9/2012 6:02:59 AM - System Checkpoint
RP76: 6/10/2012 8:13:12 AM - System Checkpoint
RP77: 6/11/2012 8:53:23 AM - System Checkpoint
RP78: 6/12/2012 11:07:56 AM - System Checkpoint
RP79: 6/13/2012 11:18:28 AM - System Checkpoint
RP80: 6/14/2012 3:00:17 AM - Software Distribution Service 3.0
RP81: 6/15/2012 3:26:00 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.6
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
AVG 2012
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Dell PC Fax
Dell Photo AIO Printer 924
Dell Photo AIO Printer 926
ESET Online Scanner v3
Google Update Helper
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Managed DirectX (1126)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Image Uploader
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
NVIDIA Drivers
PowerDVD
Quicken 2007
QuickTime
RCA Video Converter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
SCRABBLE PLUS
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923789)
Skype™ 5.5
SoundMAX
swMSM
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB2718704)
WebFldrs XP
Winamp
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WindowShopper
.
==== Event Viewer Messages From Past Week ========
.
6/12/2012 4:30:20 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.5 for the Network Card with network address 00173184EC55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/12/2012 10:15:13 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sfsync02
6/12/2012 10:14:16 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.4 for the Network Card with network address 00173184EC55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

[kevinf80]

Hello kcrawhorn,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

I do not see a great deal wrong with the DDSlogs. The 3 entries flagged by Malwarebytes are in your Downloads folder, that would suggest you downloaded them yourself, is that correct?

This one C:\Documents and Settings\customer1\My Documents\Downloads\PlayPickle_UnlockGames.exe definitely need to go, re-run Malwarebytes and allow it to remove it from your system.

The other two are related to some type of online file sharing as far as i`m aware, with that in mind i`d let Malwarebytes deal with those two also.

C:\Documents and Settings\customer1\My Documents\Downloads\Tube2FileSetup(1).exe
C:\Documents and Settings\customer1\My Documents\Downloads\Tube2FileSetup.exe

Next,

Please visit
Virustotal

• Click the Browse... button
  
• Navigate to the file c:\windows\AutoLogin\AL2DLL.dll or just copy/paste it in.
  
• Click the Scan it tab
  
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.

Let me see the log from VirusTotal in next reply. I also see references to Norton, did you have Norton security installed previously? Is sluggishness the only issue, no erratic behavior or redirects etc...?

Kevin..

[kevinf80]

Are you still with us kcrawhorn?

[kevinf80]

Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!