Inactive [InActive] Computer moving very slow

Don't worry ComboFix is having a bad day., we can do it manually.


Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click OK




C:\Qoobox <--delete this folder

c:\Combofix <--If found delete this folder

c:\Combofix\combofix.txt <--delete this file

Then empty your recycle bin, reboot the computer to complete the process.

 

Did everything except the

c:\Combofix

because couldnt find it.

 

also another thing. I use panda. I dont use the firewall because it wont allow me to connect to wireless network lots of the time so its shut off. But recently when i turn on my computer i get a little pop up saying panda fire wall is off. so i co and turn on windows. But next time the computer is shut off and i turn it back on i have to do the same thing. ie turn on windows fire wall again.

 

Panda Internet Security Suite?
I wish I knew something that would help but I'm at a loss with this software.

Panda does have a help forum
http://www.pandasoftware.co.uk/forum/viewtopic.php?f=33&t=1024&sid=cc55568de155a2773d6045dfab2f4d44

It's probable you'll have to sign up and register to submit a question.

 

Alright. I think i might have a new virus or something we missed. Because all of a sudden when i search into google and i click on something i searched for it redirects me and i cant go see what i want.

im going to combofix again and see what comes up.

 

Please do this also

Please download [color= "#FF0000"] GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

 

So the combofix seemed to fix my google problem as well as my firewall (i think)

here is the gooredfix

GooredFix v1.92 by jpshortstuff
Log created at 17:49 on 26/03/2009 running Option #1 (Steve)
Firefox version 2.0.0.20 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]
"Plugins "= "C:\PROGRA~1\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]
"Components "= "C:\PROGRA~1\Mozilla Firefox\components "

 

Since you ran it again did you save the log it created?

 

this was the combofix i just ran.

ComboFix 09-03-25.04 - Steve 2009-03-26 17:09:02.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.122 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxklvmktarrsqrxdqgoeyypuiwipjvrtrn.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxgdyuwqxmqspyloynfvroqqhhlsnsbybn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-26 16:27 . 2009-03-26 16:27 <DIR> d-------- c:\program files\myPowerHour2
2009-03-25 16:41 . 2009-03-25 16:41 <DIR> d-------- c:\program files\Pinnacle
2009-03-25 16:41 . 2009-03-25 16:41 <DIR> d-------- c:\program files\Common Files\Yahoo!
2009-03-25 16:41 . 2009-03-25 16:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2009-03-25 16:39 . 2009-03-25 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2009-03-25 16:18 . 2009-03-25 16:28 <DIR> d-------- c:\documents and settings\Steve\Application Data\Download Manager
2009-03-23 13:08 . 2009-03-23 13:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-23 12:52 . 2009-03-23 12:52 <DIR> d-------- c:\program files\AskBarDis
2009-03-23 12:51 . 2009-03-25 16:58 <DIR> d-------- c:\program files\Foxit Software
2009-03-23 12:51 . 2009-03-23 12:51 <DIR> d-------- c:\documents and settings\Steve\Application Data\Foxit
2009-03-23 12:42 . 2009-03-23 12:42 <DIR> d-------- c:\program files\iPod
2009-03-23 12:41 . 2009-03-23 12:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 14:00 . 2009-03-17 14:09 <DIR> d-------- c:\documents and settings\Steve\.SunDownloadManager
2009-02-26 12:47 . 2009-03-24 21:34 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-26 01:27 . 2009-02-26 01:27 <DIR> d-------- c:\documents and settings\Steve\Application Data\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 21:07 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-03-26 21:07 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-03-26 21:07 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-03-26 21:07 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-03-26 21:07 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-03-24 16:36 --------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-03-24 15:59 --------- d-----w c:\program files\Azureus
2009-03-23 17:06 --------- d-----w c:\program files\Common Files\Adobe
2009-03-23 16:42 --------- d-----w c:\program files\iTunes
2009-03-23 16:39 --------- d-----w c:\program files\Bonjour
2009-03-23 16:38 --------- d-----w c:\program files\QuickTime
2009-03-12 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 15:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 --------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 --------- d-----w c:\program files\mIRC
2009-02-25 21:50 --------- d-----w c:\program files\Red Kawa
2009-02-24 18:11 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-24 18:10 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-24 18:10 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-24 18:08 --------- d-----w c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 18:06 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-24 04:06 --------- d-----w c:\program files\DivX
2009-02-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 20:20 --------- d-----w c:\documents and settings\Steve\Application Data\InstallShield
2009-02-11 08:00 --------- d-----w c:\program files\MSXML 4.0
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 04:35 38,160 ----a-w c:\windows\system32\MLPagAx.dll
2009-02-06 04:35 189,712 ----a-w c:\windows\system32\RALMain.dll
2009-02-06 04:33 54,544 ----a-w c:\windows\system32\PCLEGetGuid.dll
2009-02-04 20:00 --------- d-----w c:\documents and settings\Steve\Application Data\The Ringtone Maker Plus
2009-01-30 16:31 --------- d-----w c:\documents and settings\Steve\Application Data\MSN6
2009-01-17 16:53 399,360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-01-10 19:03 208,896 ----a-w c:\windows\system32\ConTest.dll
2009-01-08 04:15 1,602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-02-27 17:55 200,173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.ffds "= ffdshow.ax
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm
"vidc.mjpg "= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 17:59 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 18:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-05-14 10:35 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-05-13 20:23 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe "=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe "=

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-09-20 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-09-20 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-09-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-09-20 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-09-20 20:41:55 132920]
R1 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R1 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-09-20 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-09-20 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-09-20 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-09-20 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-09-20 178872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-24 603904]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-09-20 13880]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-09-20 142128]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMFILTR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 16:36]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 17:22:20
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:e2,63,26,f1,3f,c8,ff,68,07,fe,c5,77,4c,
06,61,41,e2,63,26,f1,3f,c8,ff,68,97,9b,17,0e,ca,5f,1d,15,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:6a,9c,d6,61,af,45,84,18,b9,60,ae,76,32,
cb,40,af,6a,9c,d6,61,af,45,84,18,72,74,9c,95,84,ad,e4,21,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,bc,8a,82,aa,25,
78,02,88,ff,7c,85,e0,43,d4,0e,fe,0f,5a,a7,3c,8f,be,fd,d7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:6b,65,49,6a,7e,99,74,f7,04,84,96,f9,bc,
6b,f2,06,86,8c,21,01,be,91,eb,e7,30,bc,31,3d,43,1b,4b,e4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:cd,44,cd,b9,a6,33,6c,cd,7e,ae,70,e7,7a,
6d,54,c1,f5,1d,4d,73,a8,13,5c,05,2d,9f,ae,1c,ab,fe,9a,0b,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:df,20,58,62,78,6b,cf,c8,77,ca,10,f4,8d,
0c,a8,e6,df,20,58,62,78,6b,cf,c8,1f,68,34,e5,74,2e,21,00,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:fb,a7,78,e6,12,2f,9a,ea,07,77,e5,f7,f2,
d4,48,f9,fb,a7,78,e6,12,2f,9a,ea,e6,f8,36,8d,c4,cd,83,bd,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:01,3a,48,fc,e8,04,4a,f1,e6,2e,71,8e,86,
f0,89,d5,01,3a,48,fc,e8,04,4a,f1,89,f2,be,b5,94,d3,a3,cb,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,84,d3,47,de,bc,
c1,28,4f,f6,0f,4e,58,98,5b,89,c9,c3,0f,46,0a,8a,ad,a7,ef,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:b1,cd,45,5a,a8,c4,f8,b9,13,0b,6a,e3,37,
e2,f0,2e,3d,ce,ea,26,2d,45,aa,78,2c,94,e4,0c,f3,25,89,5b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,21,77,91,c3,3a,
8b,36,7d,2a,b7,cc,b5,b9,7f,41,e7,49,d2,3a,1b,28,54,0f,8e,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:05,73,21,dd,54,d8,4a,c5,1e,99,47,0a,75,
85,f2,9b,6c,43,2d,1e,aa,22,2f,9c,fc,f4,98,b6,b1,e3,48,79,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1560)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-26 17:27:02
ComboFix-quarantined-files.txt 2009-03-26 21:26:56

Pre-Run: 18,521,821,184 bytes free
Post-Run: 18,630,455,296 bytes free

283 --- E O F --- 2009-03-18 07:01:48

 

Is your Panda security up to date?

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



Please post the Combofix log, and how is the computer now?

 

ComboFix 09-03-29.02 - Steve 2009-03-29 18:28:04.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.162 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-26 16:27 . 2009-03-26 16:27 <DIR> d-------- c:\program files\myPowerHour2
2009-03-25 16:41 . 2009-03-28 09:43 <DIR> d-------- c:\program files\Pinnacle
2009-03-25 16:39 . 2009-03-25 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2009-03-25 16:18 . 2009-03-25 16:28 <DIR> d-------- c:\documents and settings\Steve\Application Data\Download Manager
2009-03-23 13:08 . 2009-03-23 13:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-23 12:51 . 2009-03-25 16:58 <DIR> d-------- c:\program files\Foxit Software
2009-03-23 12:51 . 2009-03-23 12:51 <DIR> d-------- c:\documents and settings\Steve\Application Data\Foxit
2009-03-23 12:42 . 2009-03-23 12:42 <DIR> d-------- c:\program files\iPod
2009-03-23 12:41 . 2009-03-23 12:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 14:00 . 2009-03-17 14:09 <DIR> d-------- c:\documents and settings\Steve\.SunDownloadManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 22:13 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-03-29 22:13 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-03-29 22:12 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-03-29 22:12 256,820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-03-29 22:12 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-03-28 15:39 --------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-03-28 13:48 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-24 15:59 --------- d-----w c:\program files\Azureus
2009-03-23 17:06 --------- d-----w c:\program files\Common Files\Adobe
2009-03-23 16:42 --------- d-----w c:\program files\iTunes
2009-03-23 16:39 --------- d-----w c:\program files\Bonjour
2009-03-23 16:38 --------- d-----w c:\program files\QuickTime
2009-03-12 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 15:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 --------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 --------- d-----w c:\program files\mIRC
2009-02-26 05:27 --------- d-----w c:\documents and settings\Steve\Application Data\Red Kawa
2009-02-25 21:50 --------- d-----w c:\program files\Red Kawa
2009-02-24 18:08 --------- d-----w c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 18:06 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-24 04:06 --------- d-----w c:\program files\DivX
2009-02-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 20:20 --------- d-----w c:\documents and settings\Steve\Application Data\InstallShield
2009-02-11 08:00 --------- d-----w c:\program files\MSXML 4.0
2009-02-04 20:00 --------- d-----w c:\documents and settings\Steve\Application Data\The Ringtone Maker Plus
2009-01-30 16:31 --------- d-----w c:\documents and settings\Steve\Application Data\MSN6
2009-01-08 04:15 1,602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-02-27 17:55 200,173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-26_17.24.45.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-25 21:44:03 1,560,216 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-29 22:11:18 1,551,144 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.ffds "= ffdshow.ax
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 17:59 126976 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 18:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-05-14 10:35 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-05-13 20:23 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-09-20 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-09-20 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-09-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-09-20 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-09-20 20:41:55 132920]
R1 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R1 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-09-20 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-09-20 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-09-20 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-09-20 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-09-20 178872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-24 603904]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-09-20 142128]

--- Other Services/Drivers In Memory ---

*Deregistered* - ComFiltr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 16:36]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 18:33:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1632)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-29 18:38:27
ComboFix-quarantined-files.txt 2009-03-29 22:38:14
ComboFix2.txt 2009-03-26 21:27:06

Pre-Run: 18,749,128,704 bytes free
Post-Run: 18,789,351,424 bytes free

183 --- E O F --- 2009-03-18 07:01:48


Computer is running bit better. But still slow. And now since i did that last scan im having issues with firefox. Such as cannot load my facebook page. But it would load on internet explorer

 

Thats odd, we didn't do anything that would have an effect on Firefox.


Logs are looking better.

Is your Panda security out of date?

Please do one more quick scan for me.



Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  
  
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

 

Hey sorry been out of town for the past two weeks so couldnt reply.

Here is that log you asked for

ComboFix 09-04-21.06 - Steve 04/20/2009 19:54.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.169 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-16 19:58 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:58 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 19:58 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:58 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:58 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:58 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:58 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 19:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 19:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-31 00:06 . 2009-03-31 00:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-25 20:39 . 2009-03-25 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-03-25 20:36 . 2009-03-25 20:36 -------- d-----w c:\documents and settings\Steve\Local Settings\Application Data\Downloaded Installations
2009-03-25 20:18 . 2009-03-25 20:28 -------- d-----w c:\documents and settings\Steve\Application Data\Download Manager
2009-03-23 16:51 . 2009-03-23 16:51 -------- d-----w c:\documents and settings\Steve\Application Data\Foxit
2009-03-23 16:41 . 2009-03-23 16:42 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-23 16:33 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-23 16:33 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 22:29 . 2008-01-30 01:34 -------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-04-19 22:07 . 2008-09-21 00:48 1224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-19 22:07 . 2008-09-21 00:42 1224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-04-19 22:06 . 2008-09-21 00:48 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-19 22:06 . 2008-09-21 00:48 256820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-19 22:06 . 2008-09-21 00:42 256820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-17 07:05 . 2008-01-28 00:06 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 03:44 . 2009-04-15 03:44 416 ----a-w C:\vguvdep.txt
2009-04-05 21:22 . 2008-12-27 20:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 17:27 . 2008-10-20 17:52 -------- d-----w c:\program files\AviSynth 2.5
2009-03-31 00:05 . 2008-01-28 19:17 -------- d-----w c:\program files\Java
2009-03-29 01:40 . 2008-02-07 01:35 69264 ----a-w c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 13:48 . 2009-02-24 18:07 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-28 13:43 . 2009-03-25 20:41 -------- d-----w c:\program files\Pinnacle
2009-03-26 20:49 . 2008-12-27 20:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 . 2008-12-27 20:17 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 20:58 . 2009-03-23 16:51 -------- d-----w c:\program files\Foxit Software
2009-03-25 18:50 . 2009-03-25 18:50 27 ----a-w C:\dscript.log
2009-03-24 15:59 . 2008-01-28 19:34 -------- d-----w c:\program files\Azureus
2009-03-24 05:13 . 2008-01-31 05:43 1897 ----a-w c:\windows\mozver.dat
2009-03-23 17:08 . 2009-03-23 17:08 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-23 17:06 . 2008-01-28 00:22 -------- d-----w c:\program files\Common Files\Adobe
2009-03-23 16:42 . 2008-01-27 23:42 -------- d-----w c:\program files\iTunes
2009-03-23 16:42 . 2009-03-23 16:42 -------- d-----w c:\program files\iPod
2009-03-23 16:39 . 2008-01-27 23:41 -------- d-----w c:\program files\Bonjour
2009-03-23 16:38 . 2008-01-27 23:41 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 15:15 . 2008-06-16 19:42 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 . 2008-01-28 19:04 -------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 . 2008-01-28 19:04 -------- d-----w c:\program files\mIRC
2009-02-24 18:10 . 2009-02-24 18:10 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-24 18:10 . 2009-02-24 18:10 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-24 18:08 . 2009-02-24 18:08 -------- d-----w c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 18:07 . 2009-02-24 18:07 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 18:06 . 2009-02-24 18:06 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-24 04:06 . 2008-01-28 19:13 -------- d-----w c:\program files\DivX
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-08 04:15 . 2009-01-08 04:15 1602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 . 2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-02-27 17:55 . 2008-02-27 17:55 200173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:2008-01-27 21:38 39:57 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 . 2008-09-25 03:58 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 00:02 50736 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R0 nanfz;nanfz; [x]
R0 wucfebdt;wucfebdt; [x]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 13:33 132920]
S1 PavSRK.sys;PavSRK.sys; [x]
S1 PavTPK.sys;PavTPK.sys; [x]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
S1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
S2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-08 24760]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-24 603904]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-04-24 142128]


--- Other Services/Drivers In Memory ---

*Deregistered* - ComFiltr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1924)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(14608)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-21 20:05
ComboFix-quarantined-files.txt 2009-04-21 00:05
ComboFix2.txt 2009-04-01 21:11
ComboFix3.txt 2009-03-29 22:38
ComboFix4.txt 2009-03-26 21:27

Pre-Run: 13,775,880,192 bytes free
Post-Run: 13,810,491,392 bytes free

190 --- E O F --- 2009-04-17 07:10

 

Welcome back

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEXT**
Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  
  
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

In your next reply post:
ComboFix.txt
RegQuery log



How's your computer now?

 

Hey thanks for still helping me out.

ComboFix 09-04-22.02 - Steve 04/21/2009 17:03.12 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.210 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated)
FW: Panda Antivirus 2008 Personal Firewall *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-16 19:58 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:58 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 19:58 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:58 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:58 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:58 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:58 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 19:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 19:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-31 00:06 . 2009-03-31 00:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-25 20:39 . 2009-03-25 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-03-25 20:36 . 2009-03-25 20:36 -------- d-----w c:\documents and settings\Steve\Local Settings\Application Data\Downloaded Installations
2009-03-25 20:18 . 2009-03-25 20:28 -------- d-----w c:\documents and settings\Steve\Application Data\Download Manager
2009-03-23 16:51 . 2009-03-23 16:51 -------- d-----w c:\documents and settings\Steve\Application Data\Foxit
2009-03-23 16:41 . 2009-03-23 16:42 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-23 16:33 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-23 16:33 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 20:58 . 2008-01-30 01:34 -------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-04-21 16:06 . 2008-09-21 00:48 1224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-21 16:06 . 2008-09-21 00:42 1224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-04-21 16:05 . 2008-09-21 00:48 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-21 16:05 . 2008-09-21 00:48 256820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-21 16:05 . 2008-09-21 00:42 256820 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-17 07:05 . 2008-01-28 00:06 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 03:44 . 2009-04-15 03:44 416 ----a-w C:\vguvdep.txt
2009-04-05 21:22 . 2008-12-27 20:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 17:27 . 2008-10-20 17:52 -------- d-----w c:\program files\AviSynth 2.5
2009-03-31 00:05 . 2008-01-28 19:17 -------- d-----w c:\program files\Java
2009-03-29 01:40 . 2008-02-07 01:35 69264 ----a-w c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 13:48 . 2009-02-24 18:07 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-28 13:43 . 2009-03-25 20:41 -------- d-----w c:\program files\Pinnacle
2009-03-26 20:49 . 2008-12-27 20:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 . 2008-12-27 20:17 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 20:58 . 2009-03-23 16:51 -------- d-----w c:\program files\Foxit Software
2009-03-25 18:50 . 2009-03-25 18:50 27 ----a-w C:\dscript.log
2009-03-24 15:59 . 2008-01-28 19:34 -------- d-----w c:\program files\Azureus
2009-03-24 05:13 . 2008-01-31 05:43 1897 ----a-w c:\windows\mozver.dat
2009-03-23 17:08 . 2009-03-23 17:08 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-23 17:06 . 2008-01-28 00:22 -------- d-----w c:\program files\Common Files\Adobe
2009-03-23 16:42 . 2008-01-27 23:42 -------- d-----w c:\program files\iTunes
2009-03-23 16:42 . 2009-03-23 16:42 -------- d-----w c:\program files\iPod
2009-03-23 16:39 . 2008-01-27 23:41 -------- d-----w c:\program files\Bonjour
2009-03-23 16:38 . 2008-01-27 23:41 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 15:15 . 2008-06-16 19:42 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:42 . 2008-01-28 19:04 -------- d-----w c:\documents and settings\Steve\Application Data\mIRC
2009-02-26 23:38 . 2008-01-28 19:04 -------- d-----w c:\program files\mIRC
2009-02-24 18:10 . 2009-02-24 18:10 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-24 18:10 . 2009-02-24 18:10 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-24 18:08 . 2009-02-24 18:08 -------- d-----w c:\documents and settings\Steve\Application Data\TuneUp Software
2009-02-24 18:07 . 2009-02-24 18:07 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-24 18:06 . 2009-02-24 18:06 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-24 04:06 . 2008-01-28 19:13 -------- d-----w c:\program files\DivX
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-08 04:15 . 2009-01-08 04:15 1602 ----a-w c:\program files\dmdhy.txt
2008-12-27 20:41 . 2008-12-27 20:41 956 ----a-w c:\program files\dxbecmmi.txt
2008-02-27 17:55 . 2008-02-27 17:55 200173 ----a-w c:\program files\INFEENUA.cab
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:2008-01-27 21:38 39:56 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:2008-01-27 21:38 39:57 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-25 03:58 . 2008-09-25 03:58 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_00.01.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 16:04 . 2009-04-21 16:04 16384 c:\windows\temp\Perflib_Perfdata_bc.dat
+ 2004-08-04 12:00 . 2009-04-21 16:09 59842 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-04-19 22:09 59842 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-04-21 16:09 395768 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-04-19 22:09 395768 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"PPFW "= "c:\program files\panda software\panda antivirus + firewall 2007\firewall\PPFW.EXE" [2007-07-09 165168]
"APVXDWIN "= "c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 00:02 50736 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R0 nanfz;nanfz; [x]
R0 wucfebdt;wucfebdt; [x]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 13:33 132920]
S1 PavSRK.sys;PavSRK.sys; [x]
S1 PavTPK.sys;PavTPK.sys; [x]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
S1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
S2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-08 24760]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-24 603904]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-04-24 142128]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMFILTR
*Deregistered* - ComFiltr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\lc581z8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1576)
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(10084)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-21 17:08
ComboFix-quarantined-files.txt 2009-04-21 21:07
ComboFix2.txt 2009-04-21 00:05
ComboFix3.txt 2009-04-01 21:11
ComboFix4.txt 2009-03-29 22:38
ComboFix5.txt 2009-04-21 21:02

Pre-Run: 13,611,343,872 bytes free
Post-Run: 13,640,052,736 bytes free

201 --- E O F --- 2009-04-17 07:10

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper "= "midimap.dll "
"msacm.imaadpcm "= "imaadp32.acm "
"msacm.msadpcm "= "msadp32.acm "
"msacm.msg711 "= "msg711.acm "
"msacm.msgsm610 "= "msgsm32.acm "
"msacm.trspch "= "tssoft32.acm "
"vidc.cvid "= "iccvid.dll "
"vidc.I420 "= "msh263.drv "
"vidc.iv31 "= "ir32_32.dll "
"vidc.iv32 "= "ir32_32.dll "
"vidc.iv41 "= "ir41_32.ax "
"vidc.iyuv "= "iyuv_32.dll "
"vidc.mrle "= "msrle32.dll "
"vidc.msvc "= "msvidc32.dll "
"vidc.uyvy "= "msyuv.dll "
"vidc.yuy2 "= "msyuv.dll "
"vidc.yvu9 "= "tsbyuv.dll "
"vidc.yvyu "= "msyuv.dll "
"wavemapper "= "msacm32.drv "
"msacm.msg723 "= "msg723.acm "
"vidc.M263 "= "msh263.drv "
"vidc.M261 "= "msh261.drv "
"msacm.msaudio1 "= "msaud32.acm "
"msacm.sl_anet "= "sl_anet.acm "
"msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
"vidc.iv50 "= "ir50_32.dll "
"msacm.l3acm "= "l3codeca.acm "
"wave "= "wdmaud.drv "
"midi "= "wdmaud.drv "
"mixer "= "wdmaud.drv "
"msacm.ac3filter "= "ac3filter.acm "
"vidc.xvid "= "xvidvfw.dll "
"vidc.ffds "= "ffdshow.ax "
"vidc.vp60 "= "vp6vfw.dll "
"vidc.vp61 "= "vp6vfw.dll "
"vidc.vp62 "= "vp6vfw.dll "
"vidc.hfyu "= "huffyuv.dll "
"msacm.at3 "= "atrac3.acm "
"msacm.divxa32 "= "DivXa32.acm "
"msacm.l3codec "= "l3codecp.acm "
"msacm.voxacm160 "= "vct3216.acm "
"msacm.scg726 "= "scg726.acm "
"msacm.alf2cd "= "alf2cd.acm "
"msacm.ac3acm "= "AC3ACM.acm "
"vidc.dvsd "= "mcdvd_32.dll "
"vidc.mpg4 "= "mpg4c32.dll "
"vidc.mp42 "= "mpg4c32.dll "
"vidc.mp43 "= "mpg4c32.dll "
"msacm.siren "= "sirenacm.dll "
"vidc.DIVX "= "DivX.dll "
"vidc.yv12 "= "DivX.dll "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave "= "rdpsnd.dll "
"mixer "= "rdpsnd.dll "
"MaxBandwidth "=dword:000056b9
"wavemapper "= "msacm32.drv "
"EnableMP3Codec "=dword:00000001
"midimapper "= "midimap.dll "

 

How's the computer now?

 

Shes still running slow.

 

I'm running out of ideas...
Let's see if this online scan can find anything.


Please run a free online scan with the [color= "blue"]ESET Online Scanner[/color]
Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the ActiveX control to install
4. Click Start
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
6. Click Scan
   Wait for the scan to finish
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
8. Copy and paste that log as a reply to this topic

 

so i do all of this:
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the ActiveX control to install

when i do number 3 i get this:

Warning that says:
Internet expolore - security warning

Windows has blocked this software because it can't verify the publisher

Name: OnlineScanner.cab
Publisher: Unknown Publisher

then i hit ok. and then nothing happens. I get a box with a red X in it.