Also while everything appears to be running normally now. The comp is sluggish and was hoping to get some feedback on poss solutions from one of you people who know wth they're doing vs. myself. Which evidently don't know nearly as much as was giving myself credit for.
Please help a guy out with an ongoing 3dy technightmare ... thanks in advance for any help.
I ran a program called combofix, ran one called GMER, done online scanners for dys. Used the XP recovery console included with combofix to do fixboot and fixmbr. Updated java, updated adobe, updated to a tougher firewall, update firefox to latest, installed microsoft security essentials.
This is the txt file combofix produced, if it helps.
ComboFix 11-03-25.01 - Angela 03/26/2011 8:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.122 [GMT -5:00]
Running from: c:\documents and settings\Angela\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Angela\Local Settings\Application Data\{C8A83DDD-9A7B-4EFD-823C-C9678D9348BC}
c:\documents and settings\Angela\Local Settings\Application Data\{C8A83DDD-9A7B-4EFD-823C-C9678D9348BC}\chrome.manifest
c:\documents and settings\Angela\Local Settings\Application Data\{C8A83DDD-9A7B-4EFD-823C-C9678D9348BC}\chrome\content\_cfg.js
c:\documents and settings\Angela\Local Settings\Application Data\{C8A83DDD-9A7B-4EFD-823C-C9678D9348BC}\chrome\content\overlay.xul
c:\documents and settings\Angela\Local Settings\Application Data\{C8A83DDD-9A7B-4EFD-823C-C9678D9348BC}\install.rdf
c:\program files\Dynamic Toolbar
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble16.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\celebs.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\gotb.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\highlight.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuff.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuffsm.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\movies.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\music.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\news.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\ngames.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\radio.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\REALBARTB0115.cfg
c:\program files\Dynamic Toolbar\REALBAR\Cache\sports.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\Thumbs.db
c:\program files\filesubmit
c:\program files\MyWay
c:\program files\MyWay\bar\History\search
c:\program files\MyWay\bar\Settings\settings.dat
c:\program files\MyWay\bar\Settings\settings.dat.bak
c:\program files\MyWay\bar\Settings\settings.htm
c:\program files\MyWay\bar\Settings\settings.htm.bak
c:\program files\MyWay\myBar\History\search
c:\program files\MyWay\myBar\Settings\prevcfg.htm
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\atsvc4sv.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.6.inf
c:\windows\system32\Temp
c:\windows\urovifukifuriz.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 13:11 . 2011-03-26 13:11 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D9C5B65-0AD6-48EE-B9B3-66F7ACF35D44}\MpKslf5962023.sys
2011-03-26 13:10 . 2011-03-15 02:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D9C5B65-0AD6-48EE-B9B3-66F7ACF35D44}\mpengine.dll
2011-03-26 08:32 . 2011-03-26 08:32 -------- d-----w- c:\program files\Common Files\Java
2011-03-26 03:18 . 2011-01-13 06:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-26 03:14 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-26 03:03 . 2011-03-26 03:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-26 00:15 . 2011-03-26 02:07 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-25 09:43 . 2011-03-25 09:43 -------- d-----w- c:\program files\Quick Web Player
2011-03-24 23:46 . 2011-03-25 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-24 23:46 . 2011-03-24 23:46 -------- d-----w- c:\program files\AVAST Software
2011-03-23 23:55 . 2011-03-23 23:55 -------- d-----w- c:\program files\COMODO
2011-03-23 23:54 . 2011-03-23 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-03-23 19:49 . 2011-03-25 05:01 0 ----a-w- c:\windows\Rciqozujitif.bin
2011-03-02 23:19 . 2011-03-02 23:20 -------- d-----w- c:\program files\OpenWith.org Desktop Tool
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 21:46 . 2010-05-07 18:32 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-02-03 02:40 . 2010-08-18 05:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19 . 2010-08-18 05:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-06 22:37 . 2011-01-06 22:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 22:37 . 2011-01-06 22:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 22:37 . 2011-01-06 22:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 22:37 . 2011-01-06 22:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\system32\guard32.dll
2011-03-18 17:53 . 2011-03-26 07:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"nwiz"="nwiz.exe" [2003-07-16 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files\Quicken\billmind.exe [N/A]
MediaFACE 4.01 Calibration Wizard.lnk - c:\program files\Fellowes\MediaFACE 4.0\MFPCalib.exe [N/A]
MediaFACE 4.01 Design Wizard.lnk - c:\program files\Fellowes\MediaFACE 4.0\MfRunWiz.exe [N/A]
MediaFACE 4.01 Help.lnk - c:\program files\Fellowes\MediaFACE 4.0\MediaFACE4.chm [N/A]
MediaFACE 4.01.lnk - c:\program files\Fellowes\MediaFACE 4.0\MediaFace.exe [N/A]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [N/A]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
R1 MpKslf5962023;MpKslf5962023;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D9C5B65-0AD6-48EE-B9B3-66F7ACF35D44}\MpKslf5962023.sys [3/26/2011 8:11 AM 28752]
S1 qzhjugee;qzhjugee;\??\c:\windows\system32\drivers\qzhjugee.sys --> c:\windows\system32\drivers\qzhjugee.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [7/27/2010 5:45 PM 229376]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF5962023
*Deregistered* - pxtdapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-03-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://www.mchsi.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Angela\Application Data\Mozilla\Firefox\Profiles\7mghta0l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 08:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\guard32.dll
.
Completion time: 2011-03-26 08:50:20
ComboFix-quarantined-files.txt 2011-03-26 13:50
.
Pre-Run: 1,175,896,064 bytes free
Post-Run: 1,155,878,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D8DD7047237BCF46DE6E346B4DAA0375
If someone has some time on their hands and wants some good karma pts. Would definitely appreciate the chance to be advised by someone who deals with this routinely.
Thanks much,