with malwarebytes, now my pc is incredibly slow

[mavsnme]

Loaded malwarebytes, ran full scan, bought the pro version, set it up to run in the background and now all of my software runs MUCH slower and some of my software won't ever open. The process tab in Task Manage shows it is running but I never get a window up - the software is Family Tree Maker. Is this normal for running with malwarbytes?

Thanks for any enlightenment.

[Firefox]

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 32 bit versions Windows Vista or Windows 7:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 64 bit versions of Windows Vista or Windows 7:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Please post back and let us know how it went.

[mavsnme]

OK, I can't figure out how to exclude these files in malwarebytes...

[AdvancedSetup]

They're not excluded in Malwarebytes. They're excluded from your Anti-Virus if needed.

Here is an example for AVG Anti-Virus: http://www.malwarebytes.org/forums/index.p...&pid=167851

There are others on that page though if needed.

[mavsnme]

Yeah, I had just figured that out.

Unfortunately, I am still at a loss because I hadn't loaded the anti-virus program yet when the PC started being incredibly slow so that wouldn't have been causing the slowness. I had added malwarebytes as an exception to the firewall. I have reloaded the antivirus program although I still need to renew my subscription.

I still have the slowness problem, though.

Where do I go from here?

Thanks for the help so far!

[Firefox]

What anti-virus program did you reload?

[mavsnme]

Norton. I have tried a number of different ways to restart; disconnecting the internet; turning off malwarebytes; tried to turn off Norton but can't seem to stop that process.

It is interesting to note that the mbamservice.exe is using about 23,300 K in memory - pretty large as compared to my other processes. Machine is still very slow.

I am really bummed about this whole thing.

From a little searching I have done, it looks like the Family Tree Maker software may have some problems with anti-virus software which always concerns me. I actually uninstalled the package; reinstalled it but it behaves no differently - starts but I never get to the point where it opens the window and it is taking up 99% of my CPU. I am going to go over to the forum that they have and see if they have any ideas.

[Firefox]

@ mavsnme

Make sure you have the latest Malwarebytes version 1.44 with Database version 3545 is that latest at the moment.

Have you entered the exceptions in your Norton to explude the Malwarebytes files?

You can also tell it to exclude your Family Tree Maker software.

I use Family Tree Maker 2009, and aside from it taking a little bit to load, it does run. (I am however using McAfee Corp Edition 8.7i)

the mbamservice.exe on my computer is 44,484. that is about average.

[AdvancedSetup]

Please run the following and post back the logs.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
   
   
2. Attach.txt
   
   

• Save both reports to your desktop
  
  
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[mavsnme]

DDS (Ver_09-12-01.01) - NTFSx86

Here you go! Appreciate everyone's attempts to help! Attach.zip is attached.

DDS.txt:

Run by Michele at 18:42:02.55 on Tue 01/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.128 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe

C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/home.php?#/home.php?filter=nf

uSearch Bar = about:blank

uWindow Title = Road Runner High Speed Online

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = sas.r3.attbi.com:8000

uInternet Settings,ProxyOverride = *.r3.attbi.com;*.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll

BHO: {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No File

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll

TB: {5AA06644-BC46-4220-A460-47A6EB47C96D} - No File

TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File

EB: {12ee7a5e-0674-42f9-a76b-000000004d00} - Search

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [nwiz] nwiz.exe /install

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [AcctMgr] c:\program files\norton systemworks\password manager\AcctMgr.exe /startup

dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://www.hcscanyplace.net/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - hxxps://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/12a5b30dce039bb8dc01/netzip/RdxIE601.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120607529968

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C}

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123946056406

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab

DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michele\applic~1\mozilla\firefox\profiles\tcg7pixp.default\

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\DealioToolbarFF.dll

FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R1 AINCtl2k;AINCtl2k;c:\windows\system32\drivers\AINCtl2k.sys [2002-10-11 78492]

R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2003-5-28 5632]

R1 ntaspi32;ntaspi32;c:\windows\system32\drivers\ntaspi32.sys [2002-10-11 23304]

R1 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\savrt.sys [2003-8-6 300736]

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\Savrtpel.sys [2003-8-6 35008]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-8-14 255136]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-14 234656]

R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-3-6 81920]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-9-11 3712]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-10 236368]

R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton systemworks\norton antivirus\navapsvc.exe [2003-8-17 158376]

R2 SAVScan;SAVScan;c:\program files\norton systemworks\norton antivirus\SAVScan.exe [2003-8-9 193816]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-6-16 2368]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-1-11 585728]

R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2004-4-3 18944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-10 19160]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030814.007\NAVENG.SYS [2010-1-11 67800]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030814.007\NAVEX15.SYS [2010-1-11 531160]

S0 hqmnku;hqmnku;c:\windows\system32\drivers\hqmnku.sys [2010-1-5 0]

S2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]

S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]

S2 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~2\NPROTECT.EXE [2003-9-10 81920]

S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-8-14 87200]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]

S4 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-23 30152]

S4 WinToolsSvc;WinTools for IE service;c:\program files\common files\wintools\wtoolss.exe --> c:\program files\common files\wintools\WToolsS.exe [?]

=============== Created Last 30 ================

2010-01-12 05:44:43 0 d-----w- C:\_OTM

2010-01-11 06:43:54 0 d-----w- c:\program files\PerformanceTest

2010-01-11 06:31:02 0 d-----w- c:\windows\system32\System

2010-01-11 06:23:46 0 d-----w- c:\program files\Norton SystemWorks

2010-01-11 06:23:36 2397 ----a-w- c:\windows\system32\drivers\symlcbrd.sys

2010-01-11 06:23:30 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-01-11 06:23:30 82136 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-01-11 06:22:59 0 d-----w- c:\program files\Symantec

2010-01-11 03:59:36 0 d-----w- C:\_OTL

2010-01-10 19:51:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-10 19:51:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-10 19:51:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-10 18:23:41 0 d-----w- c:\windows\system32\wbem\Repository

2010-01-07 05:30:43 0 ----a-w- c:\windows\system32\28145.exe

2010-01-07 05:10:43 0 ----a-w- c:\windows\system32\5705.exe

2010-01-07 04:50:42 0 ----a-w- c:\windows\system32\24464.exe

2010-01-07 04:30:37 0 ----a-w- c:\windows\system32\26962.exe

2010-01-07 04:10:37 0 ----a-w- c:\windows\system32\29358.exe

2010-01-07 03:50:37 0 ----a-w- c:\windows\system32\11478.exe

2010-01-07 03:30:37 0 ----a-w- c:\windows\system32\15724.exe

2010-01-07 03:10:37 0 ----a-w- c:\windows\system32\19169.exe

2010-01-07 02:50:36 0 ----a-w- c:\windows\system32\26500.exe

2010-01-07 02:30:35 0 ----a-w- c:\windows\system32\6334.exe

2010-01-07 01:53:58 193 ----a-w- C:\delunins.bat

2010-01-06 21:30:58 0 ----a-w- c:\windows\system32\18467.exe

2010-01-06 20:22:39 0 d-----w- c:\program files\Trend Micro

2010-01-05 20:54:08 0 d-----w- c:\program files\RogueRemover FREE

2010-01-05 07:36:25 0 ----a-w- c:\windows\system32\drivers\hqmnku.sys

2010-01-05 07:33:43 0 d-sh--w- c:\docume~1\michele\applic~1\SystemProc

2010-01-02 03:05:43 0 d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2010-01-11 08:17:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2004-11-09 14:34:58 21778872 ----a-w- c:\program files\iTunesSetup.exe

2004-07-31 19:50:36 5862994 ----a-w- c:\program files\ts2_client_rc2_2032.exe

2002-09-11 14:26:52 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf

2004-02-14 17:04:18 0 --sha-w- c:\windows\CMH.exe

2003-12-27 17:25:54 0 --sha-w- c:\windows\GQD.exe

2003-06-27 12:13:14 0 --sha-w- c:\windows\JWEO.exe

2004-02-19 02:38:38 0 --sha-w- c:\windows\NWTSKAV.exe

2004-01-23 00:03:34 0 --sha-w- c:\windows\SYFLSY.exe

2009-05-31 16:54:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009053120090601\index.dat

============= FINISH: 18:44:47.36 ===============

Attach.zip

[AdvancedSetup]

You have WAY TOO many things going on with your system to work on this in the General forum.

You really need to visit the HJT forum and have someone assist you in ensuring you're not infected and removing some of those programs that are probably conflicting with each other.

Please follow the directions below and someone will assist you as soon as they can.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

[mavsnme]

I must admit I did laugh when I read your reply about WAY too many things going on!

So, since I am the only one using this particular machine now (the kids have their own laptops) I started uninstalling all of the stuff I don't use...took me a while. Then I used the one button checkup that Symantec makes available...all the while malwarebytes was still doing it's thing.

I finally got enough software removed that I can run all of my software now. Still is a little slower than before but could be the price I have to pay to keep the machine clean.

What an ordeal!

Thanks for all the help...