Inactive [InActive] Computer moving very slow

Hey guys,
So recently my computer has been moving very slow in doing everything. I use panda anti-virus. Ran the scan picked up nothing. Then ran Malwarebytes' Anti-Malware. Also picked up nothing. Then ran TuneUp Utilities 2009 and TuneUp 1-Click Maintenance but surprise surprise did nothing.

So im thinking it could be a possible virus none of these picked up. So i decided to post a hijack this log. Anything you guys see on there that shouldnt please let me know so i can try and remove it.

Thanks Backer

-------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:53:55 PM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:7 /flg:2 /ver:7.0.0
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201404758515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iifcCvst - iifcCvst.dll (file missing)
O20 - Winlogon Notify: swapdm - swapdm.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

Hey sorry about that. Here are the two logs


DDS (Ver_09-02-01.01) - NTFSx86
Run by Steve at 13:03:46.15 on Mon 03/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.56 [GMT -4:00]

AV: Panda Antivirus + Firewall 2008 *On-access scanning enabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PPFW] c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:7 /flg:2 /ver:7.0.0
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201404758515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avldr - avldr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: iifcCvst - iifcCvst.dll
Notify: swapdm - swapdm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-9-20 71736]
R1 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-9-20 13880]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-9-20 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-9-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-9-20 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-9-20 132920]
R1 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R1 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-9-20 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-9-20 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-9-20 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-9-20 24760]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus + firewall 2008\PsCtrlS.exe [2008-9-20 169264]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-9-20 83640]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus + firewall 2008\PavFnSvr.exe [2008-9-20 173360]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-9-20 178872]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-9-20 63024]
R2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda antivirus + firewall 2008\PAVSRV51.EXE [2008-9-20 148272]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-24 603904]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-9-20 142128]
S1 6a4c3151;6a4c3151;c:\windows\system32\drivers\6a4c3151.sys --> c:\windows\system32\drivers\6a4c3151.sys [?]
S1 dniezrwe;dniezrwe;c:\windows\system32\drivers\cbsu.sys [2009-1-6 0]
S1 hqyt;hqyt;c:\windows\system32\drivers\rgjdyn.sys [2009-1-8 0]
S1 qmdcjqw;qmdcjqw;c:\windows\system32\drivers\bjqkvei.sys [2008-12-27 0]
S1 swapm;DRAM Cash Driver;c:\windows\system32\swapm.sys [2008-12-20 0]
S1 wyuo;wyuo;c:\windows\system32\drivers\ysei.sys [2009-1-16 0]
S1 xdtcxpr;xdtcxpr;c:\windows\system32\drivers\cadh.sys [2009-1-12 0]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-02-26 12:47 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-26 01:27 <DIR> --d----- c:\docume~1\steve\applic~1\Red Kawa
2009-02-25 17:50 <DIR> --d----- c:\program files\Red Kawa
2009-02-24 14:10 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-02-24 14:10 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-02-24 14:10 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-02-24 14:08 <DIR> --d----- c:\docume~1\steve\applic~1\TuneUp Software
2009-02-24 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-02-24 14:07 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-02-24 14:06 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-11 04:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-09 14:31 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-09 14:31 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-02-09 14:31 303,104 a------- c:\windows\system32\ciplListBar.ocx
2009-02-09 14:31 155,648 a------- c:\windows\system32\ciplImageList.ocx
2009-02-09 14:31 208,896 a------- c:\windows\system32\ConTest.dll

==================== Find3M ====================

2009-03-09 12:41 256,820 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-03-09 12:41 256,820 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-03-09 12:41 1,224 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-03-09 12:41 1,224 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-01-17 12:53 399,360 a------- c:\windows\system32\dllcache\rpcss.dll
2009-01-16 00:06 96 a------- c:\windows\system32\drivers\wnmsav.dat
2009-01-08 00:15 1,602 a------- c:\program files\dmdhy.txt
2008-12-27 16:41 956 a------- c:\program files\dxbecmmi.txt
2008-12-25 10:46 137,216 a------- c:\windows\system32\vvlnqboo.dll
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-19 03:43 4,707 a------- c:\windows\system32\aidb.dat
2008-12-10 20:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 20:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-02-27 13:55 200,173 a------- c:\program files\INFEENUA.cab
2008-09-24 23:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 13:05:55.59 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2008 9:52:15 PM
System Uptime: 3/9/2009 11:39:47 AM (2 hours ago)

Motherboard: Dell Inc. | | 0U6962
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Microprocessor | 1496/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 13.924 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP372: 2/12/2009 2:03:14 PM - System Checkpoint
RP373: 2/13/2009 2:09:06 PM - System Checkpoint
RP374: 2/14/2009 2:49:41 PM - System Checkpoint
RP375: 2/14/2009 3:19:28 PM - Removed ActiveSpeed
RP376: 2/15/2009 7:01:03 PM - System Checkpoint
RP377: 2/16/2009 8:47:38 PM - System Checkpoint
RP378: 2/17/2009 5:48:27 PM - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP379: 2/17/2009 5:59:31 PM - Installed Adobe Acrobat 9 Pro - English, Français, Deutsch.
RP380: 2/18/2009 6:08:49 PM - System Checkpoint
RP381: 2/19/2009 7:07:16 PM - System Checkpoint
RP382: 2/20/2009 7:48:36 PM - System Checkpoint
RP383: 2/21/2009 8:48:39 PM - System Checkpoint
RP384: 2/22/2009 1:03:26 PM - Removed Adobe Acrobat 9 Pro - English, Français, Deutsch.
RP385: 2/23/2009 1:15:59 PM - System Checkpoint
RP386: 2/24/2009 1:07:18 PM - Installed TuneUp Utilities 2009
RP387: 2/25/2009 1:28:13 PM - System Checkpoint
RP388: 2/25/2009 4:19:52 PM - Software Distribution Service 3.0
RP389: 2/26/2009 7:06:11 PM - System Checkpoint
RP390: 2/28/2009 1:22:50 AM - Software Distribution Service 3.0
RP391: 3/1/2009 4:58:35 PM - System Checkpoint
RP392: 3/2/2009 5:49:33 PM - System Checkpoint
RP393: 3/3/2009 6:45:19 PM - System Checkpoint
RP394: 3/4/2009 7:32:48 PM - System Checkpoint
RP395: 3/5/2009 7:48:52 PM - System Checkpoint
RP396: 3/6/2009 3:00:25 AM - Software Distribution Service 3.0
RP397: 3/7/2009 12:45:05 PM - System Checkpoint
RP398: 3/8/2009 2:08:03 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ActiveSpeed
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced DVD Player
AnyDVD
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
Azureus
BlackBerry Desktop Software 4.2
Bonjour
C-Major Audio
Choice Guard
Conexant D110 MDC V.9x Modem
Dell ResourceCD
Dell Wireless WLAN Card
Digital Fountain DF Splash Player
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Evonsoft Computer Repair 1.0
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iTunes
Java(TM) 6 Update 3
Lame ACM MP3 Codec
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB954430)
Panda Antivirus + Firewall 2008
PDF Settings
PowerISO
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Synaptics Pointing Device Driver
TuneUp Utilities 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Videora iPod Converter 4.06
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

3/2/2009 11:44:01 AM, error: Dhcp [1002] - The IP address lease 192.168.2.10 for the Network Card with network address 00123F1DFC8A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/2/2009 11:37:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: catchme sptd
3/2/2009 11:37:27 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
3/3/2009 12:04:15 PM, error: NetBT [4321] - The name "DELL :20" could not be registered on the Interface with IP address 192.168.2.10. The machine with the IP address 192.168.2.12 did not allow the name to be claimed by this machine.
3/3/2009 12:04:15 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3BA410CD-6F65-441F-93D3-98B1EB91EC62} because another computer on the network has the same name. The server could not start.
3/3/2009 10:36:33 PM, error: NetBT [4321] - The name "DELL :20" could not be registered on the Interface with IP address 192.168.2.14. The machine with the IP address 192.168.2.12 did not allow the name to be claimed by this machine.
3/4/2009 12:05:59 AM, error: NetBT [4321] - The name "DELL :20" could not be registered on the Interface with IP address 192.168.2.10. The machine with the IP address 192.168.2.10 did not allow the name to be claimed by this machine.
3/8/2009 4:02:54 PM, error: NetBT [4321] - The name "DELL :0" could not be registered on the Interface with IP address 192.168.2.13. The machine with the IP address 192.168.2.10 did not allow the name to be claimed by this machine.
3/8/2009 4:02:54 PM, error: NetBT [4321] - The name "DELL :20" could not be registered on the Interface with IP address 192.168.2.13. The machine with the IP address 192.168.2.10 did not allow the name to be claimed by this machine.
3/8/2009 4:02:54 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{722E7ADA-E5A5-475F-A87D-7AED9546AD12} because another computer on the network has the same name. The server could not start.
3/8/2009 4:14:21 PM, error: NetBT [4321] - The name "DELL :0" could not be registered on the Interface with IP address 192.168.2.12. The machine with the IP address 192.168.2.12 did not allow the name to be claimed by this machine.
3/8/2009 4:14:21 PM, error: NetBT [4321] - The name "DELL :20" could not be registered on the Interface with IP address 192.168.2.12. The machine with the IP address 192.168.2.12 did not allow the name to be claimed by this machine.
3/8/2009 8:45:23 PM, error: Dhcp [1002] - The IP address lease 192.168.2.12 for the Network Card with network address 00123F1DFC8A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/9/2009 8:12:07 AM, error: DCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
3/9/2009 10:48:00 AM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient quota to complete the requested service. .
3/9/2009 11:32:00 AM, error: Dhcp [1002] - The IP address lease 192.168.2.13 for the Network Card with network address 0014A50A1331 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/9/2009 11:33:05 AM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: A device attached to the system is not functioning. .
3/9/2009 11:39:06 AM, error: Dhcp [1002] - The IP address lease 192.168.2.15 for the Network Card with network address 0014A50A1331 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

anything boys?

 

Hi and welcome

Sorry for the delayed reply, help forums are under a high demand right now.

If you have not received help from another forum please continue with the instructions below.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Juliet, here is the log i got after doing what you listed.

ComboFix 09-03-15.01 - Steve 2009-03-16 18:40:58.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.250 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\windows\system32\biihppym.ini
c:\windows\system32\hxqhmkyl.ini
c:\windows\system32\ofpgjucm.ini
c:\windows\system32\swapm.sys
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_swapm


((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-02-26 12:47 . 2009-03-13 22:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-26 01:27 . 2009-02-26 01:27 <DIR> d-------- c:\documents and settings\Steve\Application Data\Red Kawa
2009-02-25 17:50 . 2009-02-25 17:50 <DIR> d-------- c:\program files\Red Kawa
2009-02-24 14:10 . 2009-02-24 14:10 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-24 14:10 . 2009-02-24 14:10 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-24 14:10 . 2008-12-11 08:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-24 14:08 . 2009-02-24 14:08 <DIR> d-------- c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 14:07 . 2009-02-24 14:11 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-24 14:07 . 2009-02-24 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 14:06 . 2009-02-24 14:06 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 19:40 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-03-16 19:40 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-03-16 19:40 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-03-16 19:40 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-03-16 19:40 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-03-13 15:58 --------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-03-12 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 15:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 --------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 --------- d-----w c:\program files\mIRC
2009-02-24 04:06 --------- d-----w c:\program files\DivX
2009-02-22 18:13 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 20:20 --------- d-----w c:\documents and settings\Steve\Application Data\InstallShield
2009-02-11 08:00 --------- d-----w c:\program files\MSXML 4.0
2009-02-09 19:33 --------- d-----w c:\program files\iTunes
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-04 20:00 --------- d-----w c:\documents and settings\Steve\Application Data\The Ringtone Maker Plus
2009-01-30 16:31 --------- d-----w c:\documents and settings\Steve\Application Data\MSN6
2009-01-24 17:49 --------- d-----w c:\program files\Windows Live
2009-01-24 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-23 06:37 --------- d-----w c:\program files\Microsoft
2009-01-23 06:36 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-23 06:32 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-23 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2009-01-19 03:12 --------- d-----w c:\program files\Evonsoft Computer Repair
2009-01-19 03:12 --------- d-----w c:\documents and settings\Steve\Application Data\IObit
2009-01-17 16:53 399,360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-01-16 04:06 96 ----a-w c:\windows\system32\drivers\wnmsav.dat
2009-01-10 19:03 208,896 ----a-w c:\windows\system32\ConTest.dll
2009-01-08 04:15 1,602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-12-25 14:46 137,216 ----a-w c:\windows\system32\VVLNQBOO_DLL.vir
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-02-27 17:55 200,173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.ffds "= ffdshow.ax
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 17:59 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 18:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-05-14 10:35 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-05-13 20:23 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-09-20 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-09-20 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-09-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-09-20 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-09-20 20:41:55 132920]
R1 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R1 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-09-20 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-09-20 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-09-20 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-09-20 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-09-20 178872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-24 603904]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-09-20 142128]
S1 6a4c3151;6a4c3151;c:\windows\system32\drivers\6a4c3151.sys --> c:\windows\system32\drivers\6a4c3151.sys [?]
S1 dniezrwe;dniezrwe;c:\windows\system32\drivers\cbsu.sys [2009-01-06 0]
S1 hqyt;hqyt;c:\windows\system32\drivers\rgjdyn.sys [2009-01-08 0]
S1 qmdcjqw;qmdcjqw;c:\windows\system32\drivers\bjqkvei.sys [2008-12-27 0]
S1 wyuo;wyuo;c:\windows\system32\drivers\ysei.sys [2009-01-16 0]
S1 xdtcxpr;xdtcxpr;c:\windows\system32\drivers\cadh.sys [2009-01-12 0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 16:36]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-iifcCvst - iifcCvst.dll
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 18:45:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1580)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-16 18:49:20
ComboFix-quarantined-files.txt 2009-03-16 22:49:04
ComboFix2.txt 2008-02-19 01:12:40
ComboFix3.txt 2008-02-17 17:26:48
ComboFix4.txt 2008-02-17 17:14:06

Pre-Run: 16,527,142,912 bytes free
Post-Run: 16,513,449,984 bytes free

210 --- E O F --- 2009-03-12 07:07:53

 

ComboFix 09-03-15.01 - Steve 2009-03-16 18:40:58.6

Have you run ComboFix in the past or ran it 6 times since my post?


We have suspicious files that need to be scanned.

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\6a4c3151.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

Also please have the next files scanned.

c:\windows\system32\drivers\cbsu.sys
c:\windows\system32\drivers\rgjdyn.sys
c:\windows\system32\drivers\bjqkvei.sys
c:\windows\system32\drivers\ysei.sys
c:\windows\system32\drivers\cadh.sys



Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
Files requested scanned
Kaspersky log
New DDS log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.

 

I have ran it in the past but had to run it two times since you asked me too. Reason why is because it froze my computer when it did its restart the first time.

Trouble now. When i get to the VirusTotal. i type in c:\windows\system32\drivers\6a4c3151.sys in the browse. Then click open it has me in the drivers folder then i get this message '6a4c3151.sys file not found..." when i hit open. (And yes i have done all the folder things you asked) so then if i just try and hit up l load it wont go since there is no file and i get this message "0 bytes size received / Se ha recibido un archivo vacio "

 

OK
Not a problem.

Can you run the Kaspersky scan now?

How's the computer?

 

Here is the kaspersky report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 17, 2009 18:51:50
Records in database: 1922734
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 93639
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:25:09


File name / Threat name / Threats count
C:\Documents and Settings\Steve\Desktop\Music\Donavon Frankenreiter\Pass It Around\03. Come With Me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.i 1
C:\Documents and Settings\Steve\My Documents\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\WINDOWS\system32\VVLNQBOO_DLL.vir Infected: Packed.Win32.****.f 1

The selected area was scanned.

 

Don't worry over Kaspersky finding Mirc
Unless you didn't download it.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\windows\system32\drivers\6a4c3151.sys
c:\windows\system32\drivers\cbsu.sys 
c:\windows\system32\drivers\rgjdyn.sys
c:\windows\system32\drivers\bjqkvei.sys 
c:\windows\system32\drivers\ysei.sys 
c:\windows\system32\drivers\cadh.sys
C:\Documents and Settings\Steve\Desktop\Music\Donavon Frankenreiter\Pass It Around\03. Come With Me.mp3
C:\WINDOWS\system32\VVLNQBOO_DLL

Driver::
6a4c3151
dniezrwe
hqyt
qmdcjqw
wyuo
xdtcxpr

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
ComboFix.txt
New HJT log


how's the computer now?

 

ComboFix 09-03-15.01 - Steve 2009-03-18 16:22:05.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.134 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*

FILE ::
c:\documents and settings\Steve\Desktop\Music\Donavon Frankenreiter\Pass It Around\03. Come With Me.mp3
c:\windows\system32\drivers\6a4c3151.sys
c:\windows\system32\drivers\bjqkvei.sys
c:\windows\system32\drivers\cadh.sys
c:\windows\system32\drivers\cbsu.sys
c:\windows\system32\drivers\rgjdyn.sys
c:\windows\system32\drivers\ysei.sys
c:\windows\system32\VVLNQBOO_DLL
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steve\Desktop\Music\Donavon Frankenreiter\Pass It Around\03. Come With Me.mp3
c:\windows\system32\drivers\bjqkvei.sys
c:\windows\system32\drivers\cadh.sys
c:\windows\system32\drivers\cbsu.sys
c:\windows\system32\drivers\rgjdyn.sys
c:\windows\system32\drivers\ysei.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_6a4c3151
-------\Service_dniezrwe
-------\Service_hqyt
-------\Service_qmdcjqw
-------\Service_wyuo
-------\Service_xdtcxpr


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 14:00 . 2009-03-17 14:09 <DIR> d-------- c:\documents and settings\Steve\.SunDownloadManager
2009-02-26 12:47 . 2009-03-13 22:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-26 01:27 . 2009-02-26 01:27 <DIR> d-------- c:\documents and settings\Steve\Application Data\Red Kawa
2009-02-25 17:50 . 2009-02-25 17:50 <DIR> d-------- c:\program files\Red Kawa
2009-02-24 14:10 . 2009-02-24 14:10 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-24 14:10 . 2009-02-24 14:10 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-24 14:10 . 2008-12-11 08:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-24 14:08 . 2009-02-24 14:08 <DIR> d-------- c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 14:07 . 2009-02-24 14:11 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-24 14:07 . 2009-02-24 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 14:06 . 2009-02-24 14:06 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 20:35 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-03-18 20:35 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-03-18 20:35 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-03-18 20:35 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-03-18 20:35 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-03-13 15:58 --------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-03-12 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 15:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 --------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 --------- d-----w c:\program files\mIRC
2009-02-24 04:06 --------- d-----w c:\program files\DivX
2009-02-22 18:13 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 20:20 --------- d-----w c:\documents and settings\Steve\Application Data\InstallShield
2009-02-11 08:00 --------- d-----w c:\program files\MSXML 4.0
2009-02-09 19:33 --------- d-----w c:\program files\iTunes
2009-02-04 20:00 --------- d-----w c:\documents and settings\Steve\Application Data\The Ringtone Maker Plus
2009-01-30 16:31 --------- d-----w c:\documents and settings\Steve\Application Data\MSN6
2009-01-24 17:49 --------- d-----w c:\program files\Windows Live
2009-01-24 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-23 06:37 --------- d-----w c:\program files\Microsoft
2009-01-23 06:36 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-23 06:32 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-23 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2009-01-19 03:12 --------- d-----w c:\program files\Evonsoft Computer Repair
2009-01-19 03:12 --------- d-----w c:\documents and settings\Steve\Application Data\IObit
2009-01-08 04:15 1,602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-02-27 17:55 200,173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.ffds "= ffdshow.ax
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 17:59 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 18:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-05-14 10:35 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-05-13 20:23 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-09-20 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-09-20 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-09-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-09-20 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-09-20 20:41:55 132920]
R1 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R1 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-09-20 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-09-20 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-09-20 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-09-20 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-09-20 178872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-24 603904]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-09-20 142128]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 16:36]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 16:39:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-18 16:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 20:44:57
ComboFix2.txt 2009-03-16 22:49:22
ComboFix3.txt 2008-02-19 01:12:40
ComboFix4.txt 2008-02-17 17:26:48
ComboFix5.txt 2009-03-18 20:20:27

Pre-Run: 16,467,705,856 bytes free
Post-Run: 16,568,414,208 bytes free

225 --- E O F --- 2009-03-18 07:01:48

 

Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php

• Please go to this link Adobe Acrobat Reader Download Link
• Cllick Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Adobe Flash Player v10.<--current version
Please go to the below links to update Adobe Acrobat Reader and Adobe Flash Player.

http://get.adobe.com/flashplayer/
Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87..
http://www.adobe.com/go/getflash -or- http://get.adobe.com/flashplayer/otherversions/
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link**...
** http://www.adobe.com/go/kb406791




How's the computer?

 

Hey sorry been very busy the past week and haven't had a chance to hop on here. So have done everything you said yet computer still moving very slow. To day i got a message about "Virtual memory to low" if that helps?

 

another thing i noticed is when i had my windows task manager open i saw there are lots of things going on when i only have two things i am using. Somethings i know they are running even though im not using them. But could stuff thats running that doesnt can it be slowing down my ram? or something along those lines?

 

i think it could just be a ram problem ie to much being used up when it doesn't need to be

 

One thing it's pointing to is the ram on your computer is low.
Buying more might make it work better.

Read over these links for suggestions.

http://support.microsoft.com/kb/826513
Windows XP

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the Advanced tab.
3. In the Performance pane, click Settings.
4. In the Performance Options dialog box, click the Advanced tab.
5. In the Virtual memory pane, click Change.
6. Change the Initial size value and the Maximum size value to a higher value, click Set, and then click OK.

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t20491.html



Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below

 

Typed in just how you/pic showed.

i get this

"windows cannot find 'Combofix ". Make sure you typed the name correctly... "

Yes all my logs and stuff are still on my desktop.