Tech Support Forum - View Single Post - Computer Slow after startup, firefox and flash player especially

willianr1179 · 12-09-2008, 09:39 AM

ComboFix 08-12-07.04 - Nathan Williams 2008-12-09 11:02:29.3 - NTFSx86
Running from: c:\documents and settings\Nathan Williams\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nathan Williams\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Enigma Software Group

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rzzrzjbr
-------\Service_rzzrzjbr

((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-07 19:30 . 2008-09-19 16:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-12-07 19:30 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-12-07 19:30 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-12-07 19:30 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\divx.dll
2008-12-07 19:30 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-07 19:30 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-07 19:30 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-12-07 19:30 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-12-07 19:30 . 2008-09-25 03:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-12-07 19:30 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-12-07 19:30 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini
2008-12-07 19:29 . 2008-12-07 19:30 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-07 19:29 . 2008-11-24 09:32 57,344 --a------ c:\windows\system32\ff_vfw.dll
2008-12-07 19:29 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 19:22 . 2008-12-09 10:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-06 15:20 . 2008-12-06 15:20 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-06 15:19 . 2008-12-09 09:43 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-06 15:19 . 2008-12-06 15:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-04 20:09 . 2008-12-04 20:09 250 --a------ c:\windows\gmer.ini
2008-12-04 20:00 . 2008-12-04 20:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 18:00 . 2008-12-06 14:37 <DIR> d-------- c:\windows\system32\Adobe
2008-12-04 05:23 . 2008-04-13 20:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-04 05:22 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-04 05:22 . 2008-04-13 20:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2008-12-04 05:21 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2008-12-04 05:20 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2008-12-04 05:18 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2008-12-04 05:18 . 2004-08-04 05:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2008-12-04 05:17 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2008-12-04 05:17 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2008-12-04 05:16 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys
2008-12-04 05:16 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2008-12-04 05:16 . 2008-04-13 20:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2008-12-04 05:14 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys
2008-12-04 05:14 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2008-12-04 05:13 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys
2008-12-04 05:12 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys
2008-12-04 05:11 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll
2008-12-04 05:10 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-04 05:10 . 2004-08-04 05:00 41,600 --a------ c:\windows\system32\dllcache\weitekp9.dll
2008-12-04 05:10 . 2004-08-04 05:00 31,232 --a------ c:\windows\system32\dllcache\weitekp9.sys
2008-12-04 05:09 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys
2008-12-04 05:08 . 2008-04-13 14:45 31,744 --a------ c:\windows\system32\dllcache\wceusbsh.sys
2008-12-04 05:08 . 2004-08-03 22:29 23,615 --a------ c:\windows\system32\dllcache\wch7xxnt.sys
2008-12-04 05:07 . 2001-08-17 12:10 35,871 --a------ c:\windows\system32\dllcache\wbfirdma.sys
2008-12-04 05:07 . 2004-08-03 22:29 33,599 --a------ c:\windows\system32\dllcache\watv04nt.sys
2008-12-04 05:07 . 2004-08-03 22:29 19,551 --a------ c:\windows\system32\dllcache\watv02nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 29,311 --a------ c:\windows\system32\dllcache\watv01nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 12,415 --a------ c:\windows\system32\dllcache\wadv01nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 12,127 --a------ c:\windows\system32\dllcache\wadv02nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 11,775 --a------ c:\windows\system32\dllcache\wadv05nt.sys
2008-12-04 05:06 . 2004-08-04 05:00 9,216 --a------ c:\windows\system32\dllcache\wamps51.dll
2008-12-04 05:05 . 2001-08-17 12:13 16,925 --a------ c:\windows\system32\dllcache\w940nd.sys
2008-12-04 05:04 . 2001-08-17 12:13 19,016 --a------ c:\windows\system32\dllcache\w926nd.sys
2008-12-04 05:03 . 2004-08-04 05:00 73,728 --a------ c:\windows\system32\dllcache\w3ext.dll
2008-12-04 05:03 . 2001-08-17 12:13 19,528 --a------ c:\windows\system32\dllcache\w840nd.sys
2008-12-04 05:03 . 2004-08-04 05:00 5,632 --a------ c:\windows\system32\dllcache\w3svapi.dll
2008-12-04 05:02 . 2004-08-04 05:00 48,256 --a------ c:\windows\system32\dllcache\w32.dll
2008-12-04 05:02 . 2004-08-04 05:00 4,608 --a------ c:\windows\system32\dllcache\w3ctrs51.dll
2008-12-04 05:01 . 2001-08-17 13:28 64,605 --a------ c:\windows\system32\dllcache\vvoice.sys
2008-12-04 05:00 . 2001-08-17 13:28 397,502 --a------ c:\windows\system32\dllcache\vpctcom.sys
2008-12-04 04:59 . 2001-08-17 13:28 604,253 --a------ c:\windows\system32\dllcache\vmodem.sys
2008-12-04 04:58 . 2001-08-17 12:14 249,402 --a------ c:\windows\system32\dllcache\vinwm.sys
2008-12-04 04:58 . 2001-08-17 13:49 24,576 --a------ c:\windows\system32\dllcache\viairda.sys
2008-12-04 04:57 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-04 04:56 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys
2008-12-04 04:55 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys
2008-12-04 04:54 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys
2008-12-04 04:53 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys
2008-12-04 04:52 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys
2008-12-04 04:51 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2008-12-04 04:51 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys
2008-12-04 04:50 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2008-12-04 04:49 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-04 04:49 . 2008-04-13 14:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-04 04:49 . 2008-04-13 14:45 17,152 --a------ c:\windows\system32\dllcache\usbohci.sys
2008-12-04 04:48 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys
2008-12-04 04:47 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll
2008-12-04 04:46 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll
2008-12-04 04:45 . 2001-08-17 22:36 26,624 --a------ c:\windows\system32\dllcache\umaxu22.dll
2008-12-04 04:44 . 2001-08-17 22:36 69,632 --a------ c:\windows\system32\dllcache\umaxu12.dll
2008-12-04 04:44 . 2001-08-17 22:36 50,688 --a------ c:\windows\system32\dllcache\umaxscan.dll
2008-12-04 04:43 . 2001-08-17 13:58 22,912 --a------ c:\windows\system32\dllcache\umaxpcls.sys
2008-12-04 04:42 . 2001-08-17 22:36 50,176 --a------ c:\windows\system32\dllcache\umaxp60.dll
2008-12-04 04:41 . 2001-08-17 22:36 47,616 --a------ c:\windows\system32\dllcache\umaxcam.dll
2008-12-04 04:40 . 2001-08-17 22:36 211,968 --a------ c:\windows\system32\dllcache\um54scan.dll
2008-12-04 04:39 . 2001-08-17 22:36 216,064 --a------ c:\windows\system32\dllcache\um34scan.dll
2008-12-04 04:38 . 2004-08-04 05:00 14,336 --a------ c:\windows\system32\dllcache\tsprof.exe
2008-12-04 04:38 . 2001-08-17 13:48 11,520 --a------ c:\windows\system32\dllcache\twotrack.sys
2008-12-04 04:37 . 2001-08-17 12:51 166,784 --a------ c:\windows\system32\dllcache\tridxpm.sys
2008-12-04 04:36 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2008-12-04 04:35 . 2001-08-17 12:51 159,232 --a------ c:\windows\system32\dllcache\tridkbm.sys
2008-12-04 04:34 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2008-12-04 04:33 . 2001-08-17 12:51 222,336 --a------ c:\windows\system32\dllcache\trid3dm.sys
2008-12-04 04:32 . 2001-08-17 14:56 315,520 --a------ c:\windows\system32\dllcache\trid3d.dll
2008-12-04 04:31 . 2001-08-17 12:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys
2008-12-04 04:30 . 2008-04-13 20:12 82,944 --a------ c:\windows\system32\dllcache\tp4mon.exe
2008-12-04 04:30 . 2001-08-17 22:35 42,496 --a------ c:\windows\system32\dllcache\tp4res.dll
2008-12-04 04:29 . 2001-08-17 22:36 31,744 --a------ c:\windows\system32\dllcache\tp4.dll
2008-12-04 04:28 . 2001-08-17 14:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys
2008-12-04 04:27 . 2001-08-17 14:01 241,664 --a------ c:\windows\system32\dllcache\tosdvd02.sys
2008-12-04 04:26 . 2001-08-17 12:10 28,232 --a------ c:\windows\system32\dllcache\tos4mo.sys
2008-12-04 04:25 . 2004-08-04 05:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll
2008-12-04 04:25 . 2001-08-17 12:14 123,995 --a------ c:\windows\system32\dllcache\tjisdn.sys
2008-12-04 04:24 . 2001-08-17 12:51 138,528 --a------ c:\windows\system32\dllcache\tgiulnt5.sys
2008-12-04 04:23 . 2008-04-13 14:40 149,376 --a------ c:\windows\system32\dllcache\tffsport.sys
2008-12-04 04:23 . 2001-08-17 14:56 81,408 --a------ c:\windows\system32\dllcache\tgiul50.dll
2008-12-04 04:23 . 2004-08-04 05:00 19,464 --a------ c:\windows\system32\dllcache\tdspx.sys
2008-12-04 04:22 . 2001-08-17 12:13 17,129 --a------ c:\windows\system32\dllcache\tdkcd31.sys
2008-12-04 04:21 . 2001-08-17 12:13 37,961 --a------ c:\windows\system32\dllcache\tdk100b.sys
2008-12-04 04:21 . 2004-08-04 05:00 21,896 --a------ c:\windows\system32\dllcache\tdipx.sys
2008-12-04 04:21 . 2004-08-04 05:00 13,192 --a------ c:\windows\system32\dllcache\tdasync.sys
2008-12-04 04:20 . 2001-08-17 13:49 30,464 --a------ c:\windows\system32\dllcache\tbatm155.sys
2008-12-04 04:20 . 2001-08-17 13:52 7,040 --a------ c:\windows\system32\dllcache\tandqic.sys
2008-12-04 04:19 . 2001-08-17 12:50 36,640 --a------ c:\windows\system32\dllcache\t2r4mini.sys
2008-12-04 04:18 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2008-12-04 04:17 . 2001-08-17 22:36 94,293 --a------ c:\windows\system32\dllcache\sxports.dll
2008-12-04 04:16 . 2001-08-17 13:50 103,936 --a------ c:\windows\system32\dllcache\sx.sys
2008-12-04 04:15 . 2001-08-17 14:02 3,968 --a------ c:\windows\system32\dllcache\swusbflt.sys
2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpidflt.dll
2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpdflt2.dll
2008-12-04 04:13 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\sw_wheel.dll
2008-12-04 04:12 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll
2008-12-04 04:12 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys
2008-12-04 04:11 . 2001-08-17 22:36 155,648 --a------ c:\windows\system32\dllcache\stlnprop.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 01:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 19:39 --------- d-----w c:\program files\Apple Software Update
2008-12-03 02:50 --------- d-----w c:\program files\Java
2008-11-28 03:50 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Aim
2008-11-27 16:46 --------- d-----w c:\program files\Viewpoint
2008-11-27 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-27 16:14 --------- d-----w c:\program files\InterActual
2008-11-24 00:35 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 05:24 --------- d-----w c:\program files\Kl
2008-11-13 20:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 06:30 --------- d-----w c:\program files\Common Files\Apple
2008-11-06 18:18 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Malwarebytes
2008-11-06 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-06 17:27 14,336 ----a-w c:\windows\system32\svchost.exe
2008-11-06 17:27 14,336 ----a-w c:\windows\system32\dllcache\svchost.exe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-10 20:02 --------- d-----w c:\program files\iTunes
2008-10-10 20:02 --------- d-----w c:\program files\iPod
2008-10-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 20:00 --------- d-----w c:\program files\QuickTime
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2006-09-15 00:28 168 -csh--r c:\windows\system32\C37EF2E345.sys
2006-09-15 00:28 6,580 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_20.49.55.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-03 21:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-05-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2004-11-10 11:54 598016 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-10-14 13:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
--a--c--- 2004-12-09 13:58 86016 c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9029:TCP"= 9029:TCP:BitComet 9029 TCP
"9029:UDP"= 9029:UDP:BitComet 9029 UDP
"9557:TCP"= 9557:TCP:BitComet 9557 TCP
"9557:UDP"= 9557:UDP:BitComet 9557 UDP

.
Contents of the 'Scheduled Tasks' folder

2008-12-08 c:\windows\Tasks\Auto-scheduled task of Free Registry Fix.job
- c:\program files\Free Registry Fix\regfixf.exe [2005-11-10 06:45]

2008-12-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2008-12-06 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FireFox -: Profile - c:\documents and settings\Nathan Williams\Application Data\Mozilla\Firefox\Profiles\xudloa12.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 11:25:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-09 11:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-09 16:34:09
ComboFix2.txt 2008-12-09 01:50:58

Pre-Run: 33,935,089,664 bytes free
Post-Run: 33,931,702,272 bytes free

295 --- E O F --- 2008-12-09 08:16:25

12-09-2008, 09:39 AM	#6 (permalink)
willianr1179 Registered User Join Date: Dec 2008 Posts: 7 OS: Windows XP	Re: Computer Slow after startup, firefox and flash player especially ComboFix 08-12-07.04 - Nathan Williams 2008-12-09 11:02:29.3 - NTFSx86 Running from: c:\documents and settings\Nathan Williams\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Nathan Williams\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Enigma Software Group . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_rzzrzjbr -------\Service_rzzrzjbr ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 ))))))))))))))))))))))))))))))) . 2008-12-07 19:30 . 2008-09-19 16:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2008-12-07 19:30 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm 2008-12-07 19:30 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2008-12-07 19:30 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\divx.dll 2008-12-07 19:30 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2008-12-07 19:30 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll 2008-12-07 19:30 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2008-12-07 19:30 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2008-12-07 19:30 . 2008-09-25 03:03 81,920 --a------ c:\windows\system32\dpl100.dll 2008-12-07 19:30 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml 2008-12-07 19:30 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini 2008-12-07 19:29 . 2008-12-07 19:30 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-07 19:29 . 2008-11-24 09:32 57,344 --a------ c:\windows\system32\ff_vfw.dll 2008-12-07 19:29 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2008-12-06 19:22 . 2008-12-09 10:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-06 15:20 . 2008-12-06 15:20 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-06 15:19 . 2008-12-09 09:43 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-06 15:19 . 2008-12-06 15:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-04 20:09 . 2008-12-04 20:09 250 --a------ c:\windows\gmer.ini 2008-12-04 20:00 . 2008-12-04 20:00 <DIR> d-------- c:\program files\Trend Micro 2008-12-04 18:00 . 2008-12-06 14:37 <DIR> d-------- c:\windows\system32\Adobe 2008-12-04 05:23 . 2008-04-13 20:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll 2008-12-04 05:22 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll 2008-12-04 05:22 . 2008-04-13 20:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll 2008-12-04 05:21 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe 2008-12-04 05:20 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe 2008-12-04 05:18 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe 2008-12-04 05:18 . 2004-08-04 05:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls 2008-12-04 05:17 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys 2008-12-04 05:17 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys 2008-12-04 05:16 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys 2008-12-04 05:16 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys 2008-12-04 05:16 . 2008-04-13 20:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll 2008-12-04 05:14 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys 2008-12-04 05:14 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys 2008-12-04 05:13 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys 2008-12-04 05:12 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys 2008-12-04 05:11 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll 2008-12-04 05:10 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll 2008-12-04 05:10 . 2004-08-04 05:00 41,600 --a------ c:\windows\system32\dllcache\weitekp9.dll 2008-12-04 05:10 . 2004-08-04 05:00 31,232 --a------ c:\windows\system32\dllcache\weitekp9.sys 2008-12-04 05:09 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys 2008-12-04 05:08 . 2008-04-13 14:45 31,744 --a------ c:\windows\system32\dllcache\wceusbsh.sys 2008-12-04 05:08 . 2004-08-03 22:29 23,615 --a------ c:\windows\system32\dllcache\wch7xxnt.sys 2008-12-04 05:07 . 2001-08-17 12:10 35,871 --a------ c:\windows\system32\dllcache\wbfirdma.sys 2008-12-04 05:07 . 2004-08-03 22:29 33,599 --a------ c:\windows\system32\dllcache\watv04nt.sys 2008-12-04 05:07 . 2004-08-03 22:29 19,551 --a------ c:\windows\system32\dllcache\watv02nt.sys 2008-12-04 05:06 . 2004-08-03 22:29 29,311 --a------ c:\windows\system32\dllcache\watv01nt.sys 2008-12-04 05:06 . 2004-08-03 22:29 12,415 --a------ c:\windows\system32\dllcache\wadv01nt.sys 2008-12-04 05:06 . 2004-08-03 22:29 12,127 --a------ c:\windows\system32\dllcache\wadv02nt.sys 2008-12-04 05:06 . 2004-08-03 22:29 11,775 --a------ c:\windows\system32\dllcache\wadv05nt.sys 2008-12-04 05:06 . 2004-08-04 05:00 9,216 --a------ c:\windows\system32\dllcache\wamps51.dll 2008-12-04 05:05 . 2001-08-17 12:13 16,925 --a------ c:\windows\system32\dllcache\w940nd.sys 2008-12-04 05:04 . 2001-08-17 12:13 19,016 --a------ c:\windows\system32\dllcache\w926nd.sys 2008-12-04 05:03 . 2004-08-04 05:00 73,728 --a------ c:\windows\system32\dllcache\w3ext.dll 2008-12-04 05:03 . 2001-08-17 12:13 19,528 --a------ c:\windows\system32\dllcache\w840nd.sys 2008-12-04 05:03 . 2004-08-04 05:00 5,632 --a------ c:\windows\system32\dllcache\w3svapi.dll 2008-12-04 05:02 . 2004-08-04 05:00 48,256 --a------ c:\windows\system32\dllcache\w32.dll 2008-12-04 05:02 . 2004-08-04 05:00 4,608 --a------ c:\windows\system32\dllcache\w3ctrs51.dll 2008-12-04 05:01 . 2001-08-17 13:28 64,605 --a------ c:\windows\system32\dllcache\vvoice.sys 2008-12-04 05:00 . 2001-08-17 13:28 397,502 --a------ c:\windows\system32\dllcache\vpctcom.sys 2008-12-04 04:59 . 2001-08-17 13:28 604,253 --a------ c:\windows\system32\dllcache\vmodem.sys 2008-12-04 04:58 . 2001-08-17 12:14 249,402 --a------ c:\windows\system32\dllcache\vinwm.sys 2008-12-04 04:58 . 2001-08-17 13:49 24,576 --a------ c:\windows\system32\dllcache\viairda.sys 2008-12-04 04:57 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll 2008-12-04 04:56 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys 2008-12-04 04:55 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys 2008-12-04 04:54 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys 2008-12-04 04:53 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys 2008-12-04 04:52 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys 2008-12-04 04:51 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys 2008-12-04 04:51 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys 2008-12-04 04:50 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys 2008-12-04 04:49 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys 2008-12-04 04:49 . 2008-04-13 14:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys 2008-12-04 04:49 . 2008-04-13 14:45 17,152 --a------ c:\windows\system32\dllcache\usbohci.sys 2008-12-04 04:48 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys 2008-12-04 04:47 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll 2008-12-04 04:46 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll 2008-12-04 04:45 . 2001-08-17 22:36 26,624 --a------ c:\windows\system32\dllcache\umaxu22.dll 2008-12-04 04:44 . 2001-08-17 22:36 69,632 --a------ c:\windows\system32\dllcache\umaxu12.dll 2008-12-04 04:44 . 2001-08-17 22:36 50,688 --a------ c:\windows\system32\dllcache\umaxscan.dll 2008-12-04 04:43 . 2001-08-17 13:58 22,912 --a------ c:\windows\system32\dllcache\umaxpcls.sys 2008-12-04 04:42 . 2001-08-17 22:36 50,176 --a------ c:\windows\system32\dllcache\umaxp60.dll 2008-12-04 04:41 . 2001-08-17 22:36 47,616 --a------ c:\windows\system32\dllcache\umaxcam.dll 2008-12-04 04:40 . 2001-08-17 22:36 211,968 --a------ c:\windows\system32\dllcache\um54scan.dll 2008-12-04 04:39 . 2001-08-17 22:36 216,064 --a------ c:\windows\system32\dllcache\um34scan.dll 2008-12-04 04:38 . 2004-08-04 05:00 14,336 --a------ c:\windows\system32\dllcache\tsprof.exe 2008-12-04 04:38 . 2001-08-17 13:48 11,520 --a------ c:\windows\system32\dllcache\twotrack.sys 2008-12-04 04:37 . 2001-08-17 12:51 166,784 --a------ c:\windows\system32\dllcache\tridxpm.sys 2008-12-04 04:36 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll 2008-12-04 04:35 . 2001-08-17 12:51 159,232 --a------ c:\windows\system32\dllcache\tridkbm.sys 2008-12-04 04:34 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll 2008-12-04 04:33 . 2001-08-17 12:51 222,336 --a------ c:\windows\system32\dllcache\trid3dm.sys 2008-12-04 04:32 . 2001-08-17 14:56 315,520 --a------ c:\windows\system32\dllcache\trid3d.dll 2008-12-04 04:31 . 2001-08-17 12:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys 2008-12-04 04:30 . 2008-04-13 20:12 82,944 --a------ c:\windows\system32\dllcache\tp4mon.exe 2008-12-04 04:30 . 2001-08-17 22:35 42,496 --a------ c:\windows\system32\dllcache\tp4res.dll 2008-12-04 04:29 . 2001-08-17 22:36 31,744 --a------ c:\windows\system32\dllcache\tp4.dll 2008-12-04 04:28 . 2001-08-17 14:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys 2008-12-04 04:27 . 2001-08-17 14:01 241,664 --a------ c:\windows\system32\dllcache\tosdvd02.sys 2008-12-04 04:26 . 2001-08-17 12:10 28,232 --a------ c:\windows\system32\dllcache\tos4mo.sys 2008-12-04 04:25 . 2004-08-04 05:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll 2008-12-04 04:25 . 2001-08-17 12:14 123,995 --a------ c:\windows\system32\dllcache\tjisdn.sys 2008-12-04 04:24 . 2001-08-17 12:51 138,528 --a------ c:\windows\system32\dllcache\tgiulnt5.sys 2008-12-04 04:23 . 2008-04-13 14:40 149,376 --a------ c:\windows\system32\dllcache\tffsport.sys 2008-12-04 04:23 . 2001-08-17 14:56 81,408 --a------ c:\windows\system32\dllcache\tgiul50.dll 2008-12-04 04:23 . 2004-08-04 05:00 19,464 --a------ c:\windows\system32\dllcache\tdspx.sys 2008-12-04 04:22 . 2001-08-17 12:13 17,129 --a------ c:\windows\system32\dllcache\tdkcd31.sys 2008-12-04 04:21 . 2001-08-17 12:13 37,961 --a------ c:\windows\system32\dllcache\tdk100b.sys 2008-12-04 04:21 . 2004-08-04 05:00 21,896 --a------ c:\windows\system32\dllcache\tdipx.sys 2008-12-04 04:21 . 2004-08-04 05:00 13,192 --a------ c:\windows\system32\dllcache\tdasync.sys 2008-12-04 04:20 . 2001-08-17 13:49 30,464 --a------ c:\windows\system32\dllcache\tbatm155.sys 2008-12-04 04:20 . 2001-08-17 13:52 7,040 --a------ c:\windows\system32\dllcache\tandqic.sys 2008-12-04 04:19 . 2001-08-17 12:50 36,640 --a------ c:\windows\system32\dllcache\t2r4mini.sys 2008-12-04 04:18 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll 2008-12-04 04:17 . 2001-08-17 22:36 94,293 --a------ c:\windows\system32\dllcache\sxports.dll 2008-12-04 04:16 . 2001-08-17 13:50 103,936 --a------ c:\windows\system32\dllcache\sx.sys 2008-12-04 04:15 . 2001-08-17 14:02 3,968 --a------ c:\windows\system32\dllcache\swusbflt.sys 2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpidflt.dll 2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpdflt2.dll 2008-12-04 04:13 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\sw_wheel.dll 2008-12-04 04:12 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll 2008-12-04 04:12 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys 2008-12-04 04:11 . 2001-08-17 22:36 155,648 --a------ c:\windows\system32\dllcache\stlnprop.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-08 01:04 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-06 19:39 --------- d-----w c:\program files\Apple Software Update 2008-12-03 02:50 --------- d-----w c:\program files\Java 2008-11-28 03:50 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Aim 2008-11-27 16:46 --------- d-----w c:\program files\Viewpoint 2008-11-27 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-27 16:14 --------- d-----w c:\program files\InterActual 2008-11-24 00:35 --------- d-----w c:\program files\Common Files\Adobe 2008-11-23 05:24 --------- d-----w c:\program files\Kl 2008-11-13 20:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-08 06:30 --------- d-----w c:\program files\Common Files\Apple 2008-11-06 18:18 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Malwarebytes 2008-11-06 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-06 17:27 14,336 ----a-w c:\windows\system32\svchost.exe 2008-11-06 17:27 14,336 ----a-w c:\windows\system32\dllcache\svchost.exe 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll 2008-10-10 20:02 --------- d-----w c:\program files\iTunes 2008-10-10 20:02 --------- d-----w c:\program files\iPod 2008-10-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 20:00 --------- d-----w c:\program files\QuickTime 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2006-09-15 00:28 168 -csh--r c:\windows\system32\C37EF2E345.sys 2006-09-15 00:28 6,580 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-08_20.49.55.29 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-03 21:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-05-18 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a--c--- 2004-11-10 11:54 598016 c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a--c--- 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] -----c--- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a--c--- 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2005-10-14 13:46 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired] --a--c--- 2004-12-09 13:58 86016 c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9029:TCP"= 9029:TCP:BitComet 9029 TCP "9029:UDP"= 9029:UDP:BitComet 9029 UDP "9557:TCP"= 9557:TCP:BitComet 9557 TCP "9557:UDP"= 9557:UDP:BitComet 9557 UDP . Contents of the 'Scheduled Tasks' folder 2008-12-08 c:\windows\Tasks\Auto-scheduled task of Free Registry Fix.job - c:\program files\Free Registry Fix\regfixf.exe [2005-11-10 06:45] 2008-12-08 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2008-04-13 19:12] 2008-12-06 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FireFox -: Profile - c:\documents and settings\Nathan Williams\Application Data\Mozilla\Firefox\Profiles\xudloa12.default\ . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-09 11:25:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\windows\system32\igfxsrvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\dllhost.exe c:\windows\system32\imapi.exe . ************************************************************************ . Completion time: 2008-12-09 11:34:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-09 16:34:09 ComboFix2.txt 2008-12-09 01:50:58 Pre-Run: 33,935,089,664 bytes free Post-Run: 33,931,702,272 bytes free 295 --- E O F --- 2008-12-09 08:16:25