HELP my computer running windows is running really slow...

[Sean0514]

JavaRa 1.08 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jul 07 00:01:20 2008

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: Software\JavaSoft\Java2D\1.5.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_07

------------------------------------

Finished reporting.

[Sean0514]

ComboFix 08-07-05.1 - Owner 2008-07-07  0:18:56.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.152 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.

2008-07-06 23:43 . 2008-07-06 23:42   410,976   --a------   C:\WINDOWS\system32\deploytk.dll
2008-07-06 22:33 . 2008-07-06 22:33   <DIR>   d--------   C:\WINDOWS\LastGood
2008-07-06 22:04 . 2008-07-06 22:07   <DIR>   d--------   C:\WINDOWS\CAVTemp
2008-07-06 22:03 . 2008-07-06 22:03   <DIR>   d--------   C:\Deckard
2008-07-06 21:09 . 2008-07-06 21:09   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 21:09 . 2008-07-06 21:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-06 21:09 . 2008-07-06 21:09   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 21:09 . 2008-06-28 14:16   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-06 21:09 . 2008-06-28 14:16   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 20:30 . 2008-07-06 20:30   <DIR>   d--------   C:\Program Files\Trend Micro
2008-07-06 16:22 . 2008-07-06 16:22   <DIR>   d--------   C:\Program Files\CCleaner
2008-07-03 14:44 . 2008-07-06 14:48   65,058   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-07-03 14:44 . 2008-07-06 14:48   64   --a------   C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-07-02 21:22 . 2008-07-03 23:01   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\LimeWire
2008-07-02 21:17 . 2008-07-02 22:39   <DIR>   d--------   C:\Program Files\LimeWire
2008-07-02 19:25 . 2008-07-02 19:25   880,560   --a------   C:\WINDOWS\system32\drivers\vetefile.sys
2008-07-02 19:25 . 2008-07-02 19:25   108,368   --a------   C:\WINDOWS\system32\drivers\veteboot.sys
2008-07-02 19:22 . 2007-08-20 13:37   99,592   --a------   C:\WINDOWS\system32\isafeif.dll
2008-07-02 19:22 . 2007-08-20 13:26   79,424   --a------   C:\WINDOWS\system32\vetredir.dll
2008-07-02 19:22 . 2007-08-20 13:37   75,016   --a------   C:\WINDOWS\system32\isafprod.dll
2008-07-02 19:22 . 2007-08-20 13:38   32,264   --a------   C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-07-02 19:22 . 2007-08-20 13:38   26,376   --a------   C:\WINDOWS\system32\drivers\vet-filt.sys
2008-07-02 19:22 . 2007-08-20 13:38   21,512   --a------   C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-07-02 19:22 . 2007-08-20 13:38   21,128   --a------   C:\WINDOWS\system32\drivers\vet-rec.sys
2008-07-02 19:21 . 2008-07-02 19:21   <DIR>   d--------   C:\Program Files\Common Files\Scanner
2008-07-02 19:21 . 2008-07-02 19:39   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CA
2008-07-02 19:20 . 2008-07-02 19:21   <DIR>   d--------   C:\Program Files\CA
2008-07-02 18:25 . 2008-07-02 19:46   <DIR>   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-02 18:24 . 2008-07-02 18:24   <DIR>   d--------   C:\Program Files\Common Files\Download Manager
2008-07-02 18:24 . 2005-09-23 07:29   626,688   --a------   C:\WINDOWS\system32\msvcr80.dll
2008-07-02 15:37 . 2008-07-05 14:24   <DIR>   d--------   C:\Program Files\FrostWire
2008-07-02 15:37 . 2008-07-02 17:46   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\FrostWire
2008-07-02 15:03 . 2008-07-03 05:45   <DIR>   d--------   C:\Program Files\LabelCommand
2008-07-01 22:49 . 2008-07-01 22:49   <DIR>   d--------   C:\Program Files\ffdshow
2008-07-01 22:49 . 2007-11-29 12:52   60,273   --a------   C:\WINDOWS\system32\pthreadGC2.dll
2008-07-01 22:49 . 2007-12-24 13:47   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-07-01 22:49 . 2007-12-03 16:34   6,144   --a------   C:\WINDOWS\system32\ff_acm.acm
2008-07-01 22:49 . 2007-11-29 12:52   547   --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-01 22:46 . 2008-07-01 22:46   <DIR>   d--------   C:\Program Files\TVersity
2008-06-30 00:09 . 2008-06-30 00:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\acccore
2008-06-30 00:06 . 2008-06-30 00:09   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-30 00:06 . 2008-06-30 00:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\acccore
2008-06-30 00:05 . 2008-06-30 00:08   <DIR>   d--------   C:\Program Files\AIM6
2008-06-30 00:04 . 2008-06-30 00:24   1,230   --ah-----   C:\IPH.PH
2008-06-29 03:14 . 2008-06-29 11:39   <DIR>   d--------   C:\Program Files\Thoosje Sidebar V2.3
2008-06-29 03:06 . 2008-06-29 03:06   2,359,350   --a------   C:\WINDOWS\BricoPack Wallpaper.bmp
2008-06-29 02:59 . 2008-06-29 02:59   <DIR>   d--------   C:\WINDOWS\BricoPacks
2008-06-28 21:44 . 2008-06-28 21:44   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 20:01 . 2008-06-28 20:01   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-06-28 20:01 . 2008-06-28 20:01   <DIR>   d--------   C:\WINDOWS\system32\en
2008-06-28 20:01 . 2008-06-28 20:01   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-06-28 19:19 . 2008-04-13 20:12   1,306,624   ---------   C:\WINDOWS\system32\msxml6.dll
2008-06-28 19:18 . 2008-04-13 20:11   650,752   ---------   C:\WINDOWS\system32\dot3ui.dll
2008-06-28 14:35 . 2008-04-23 00:16   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 14:35 . 2007-04-17 05:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 14:35 . 2007-03-08 01:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 14:35 . 2008-04-23 00:16   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 14:35 . 2008-04-23 00:16   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 14:35 . 2008-06-13 07:05   272,128   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-28 14:35 . 2008-04-23 00:16   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 14:35 . 2008-05-08 10:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-28 14:35 . 2008-04-23 00:16   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 14:35 . 2008-04-23 00:16   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 14:35 . 2008-04-22 03:39   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-28 14:11 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-06-28 13:59 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-06-28 13:59 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-28 13:59 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-06-28 13:59 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-28 13:44 . 2008-07-06 23:42   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-19 12:13 . 2008-06-19 12:13   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-19 12:13 . 2008-06-19 12:13   1,409   --a------   C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 04:07   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-07-07 03:56   ---------   d-----w   C:\Program Files\Java
2008-07-05 18:35   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-06-30 04:07   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-30 04:07   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-30 04:06   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-06-29 15:57   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-06-29 15:39   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-06-13 11:05   272,128   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 14:02   203,136   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12   1,288,192   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42   11,264   ------w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27   2,188,928   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44   17,664   ----a-w   C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31   7,424   ----a-w   C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31   2,065,792   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30   61,440   ----a-w   C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14   76,800   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39   438,784   ------w   C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39   2,897,920   ------w   C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39   187,392   ------w   C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37   208,384   ----a-w   C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37   138,752   ----a-w   C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27   79,872   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26   94,208   ----a-w   C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26   12,288   ----a-w   C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26   12,288   ----a-w   C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24   20,480   ----a-w   C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21   733,696   ----a-w   C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09   4,096   ------w   C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03   63,488   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03   549,376   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48   1,647,616   ------w   C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45   216,064   ----a-w   C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23   48,128   ----a-w   C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22   48,128   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39   884,736   ----a-w   C:\WINDOWS\system32\msimsg.dll
.

[Sean0514]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-07-06 23:42   34816   --a------   C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-07-06 23:43   73728   --a------   C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LxrAutorun"="C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2006-11-09 12:00 24576]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 13:51 50528]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 19:39 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-10 19:57 155648]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:19 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-02 19:22 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-02 19:25 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-02 19:25 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-02 19:25 259336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-07-06 23:42 136600]
"nwiz"="nwiz.exe" [2002-05-03 20:06 364544 C:\WINDOWS\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-10 19:57 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-22 23:00 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-07-06 23:42]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-12-14 10:37]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2007-05-18 13:30]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 21:10]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcacce8-c22c-11dc-9cf9-00402b3edfbd}]
\Shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 00:29:35 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 5 00 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
WebBrowser-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Windows Media Connect 2 - C:\Program Files\Windows Media Connect 2\WMCCFG.exe
HKLM-Run-NWEReboot - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-AOL Fast Start - C:\Program Files\America Online 9.0\AOL.EXE
MSConfigStartUp-AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1158980299\ee\AOLSoftware.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 00:26:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07  0:35:01
ComboFix-quarantined-files.txt  2008-07-07 04:34:46

Pre-Run: 2,576,900,096 bytes free
Post-Run: 2,639,933,440 bytes free

276   --- E O F ---   2008-07-02 01:52:02

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\Program Files\Thoosje Sidebar V2.3
C:\WINDOWS\BricoPacks

File::
C:\WINDOWS\BricoPack Wallpaper.bmp
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Next:

Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click:Delete Files
When prompted, check:Delete all offline content
You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
Click OK

Then, go to Start > Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:

• Temporary Files
  
• Temporary Internet Files
  
• RecycleBin

Agree to the prompt to perform the action...
.
----------

How is everything now?

[Sean0514]

how long should comgbo fix run for i let it run for an hour and it still wasnt finished

[evilfantasy]

It should take under 20 minutes.

Go to C:\combofix.txt and see if there is a log there.

[Sean0514]

again i waited an 45 min and combofix still did not finish...there is no log anywhere...do i have to shut off my anti-virus, firewall.etc....is there any other way we can do this

[evilfantasy]

Delete the copy of combofix from the desktop and download then rename the new version as described below.

Download and rename Combofix by sUBs from one of the below links.
(Try all three if necessary)

Link #1
Link #2

Combofix MUST be saved to the desktop.

STOP all of your antivirus, antispyware, and other protection monitoring programs
Click this link to see a list of security programs that should be disabled and how to disable them.

Close all other browser windows.

Now right click on the combofix.exe icon on your Desktop and select Rename. Rename it to cf.exe This may help Combofix to run where certain malware attempts to block the original file name from running.

Now click Start, select Run.. and Copy and Paste the below exactly as written into the Run box.

"%userprofile%\desktop\cf.exe" /killall

Example:

Click the OK button and Combofix will begin to run and do the following.

- It will terminate some running processes.
- It will set your clock to a 24 hour setting (will be restored to normal when finished running properly)
- It will disconnect your PC from the internet. The connection is automatically restored before Combofix completes its run. If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
- If malware is found, Combofix will reboot your PC automatically when finished with the scan. When your PC restarts and after you log back in, Combofix will finish running and create a log. Do not interrupt this process.

- Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.

- Do not attempt to use the internet or run anything else while it is running as you will most likely interfere with what it needs to do.

When finished, it will produce a log (C:\combofix.txt) for you.

When finished, it will produce a log file located at C:\ComboFix.txt
 
Post the contents of that log in your next reply.

[Sean0514]

hey lets start over from the begining...combo fix was <edit> up my computer.  so i did a system restore so lets start from ther very beging my computer is still slow so what check to see if any thing is wrong with my computer

[evilfantasy]

Watch the language this is a family site.

Go HERE run the scans and post the logs when complete.

[paudashlake]

from what i noticed on your hjt log a while back, you seem to have viewpoint.  GO to ad/remove programs and uninstall anything that says viewpoint.  Viewpoint is malware that basically tells servers to send spam and pop-ups to your computer(i think)

[drmsucks]

from what i noticed on your hjt log a while back, you seem to have viewpoint.  GO to ad/remove programs and uninstall anything that says viewpoint.  Viewpoint is malware that basically tells servers to send spam and pop-ups to your computer(i think)

Please stay out of malware threads while the malware specialist is working with the OP.

Advice offered at the wrong time (even well intentioned advice) could seriously harm someone's computer, undo lots of hard work or cause additional work. Rest assured that if you see something, the malware specialist will also.

[evilfantasy]

paudashlake Viewpoint is NOT malware.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More importantly if you had read the log correctly then you would notice the user is an AOL user. Removing Viewpoint will do no good as it will just come right back. Therefore I never had them remove it to start with.

[Sean0514]

sorry about the swearing....here are those scan logs

[recovering disk space -- attachment deleted by admin]

[Sean0514]

here are the ccleaner and javara logs......the first ccleaner is from the very begining and the last ccleaner is from after java ra

[recovering disk space -- attachment deleted by admin]