Also could someone point me in direction of topic about 'computer running slow'
ComboFix 08-08-13.05 - JAY 2008-08-14 20:31:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT 1:00]
Running from: C:\Documents and Settings\JAY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JAY\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\#SharedObjects\HQHBKH62\interclick.com
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\#SharedObjects\HQHBKH62\interclick.com\ud.sol
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\JAY\Application Data\rhct9wj0e137
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Favorites\Online Security Test.url
C:\Program Files\rhct9wj0e137
C:\Program Files\video activex object
C:\Program Files\video activex object\ot.ico
C:\Program Files\video activex object\ts.ico
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\blphcp9wj0e137.scr
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\kdioc.exe
C:\WINDOWS\system32\lphcp9wj0e137.exe
C:\WINDOWS\system32\phcp9wj0e137.bmp
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
2008-08-14 19:16 . 2008-08-14 19:16 0 --a------ C:\WINDOWS\system32\3D.tmp
2008-08-12 23:17 . 2008-08-14 20:46 <DIR> d-------- C:\Documents and Settings\JAY\Application Data\BitTorrent
2008-08-12 23:15 . 2008-08-12 23:15 <DIR> d-------- C:\Program Files\DNA
2008-08-12 23:15 . 2008-08-12 23:15 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-12 23:15 . 2008-08-14 20:46 <DIR> d-------- C:\Documents and Settings\JAY\Application Data\DNA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 18:10 --------- d-----w C:\Program Files\McAfee
2008-08-12 20:55 --------- d-----w C:\Program Files\LimeWire
2008-08-12 20:46 --------- d-----w C:\Documents and Settings\JAY\Application Data\LimeWire
2008-08-12 13:01 --------- d-----w C:\Documents and Settings\JAY\Application Data\SiteAdvisor
2008-08-07 16:41 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-07 16:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-02 20:40 --------- d-----w C:\Documents and Settings\JAY\Application Data\Image Zone Express
2008-07-17 19:07 --------- d-----w C:\Program Files\Nokia
2008-07-17 19:03 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-05-09 12:39 40960]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-12 23:15 341824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LidPolicy"="c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe" [2004-04-27 12:58 24576]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-03 11:01 169984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 18:30 185896]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 05:37 36904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 14:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 15:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"RemHelp"="remhelp.exe" [2002-12-12 17:21 24576 C:\WINDOWS\system32\remhelp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 17:48:22 565309]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-12-06 22:27:00 278528]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 03:57:40 176128]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\JAY\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\PeerCast\\PeerCast.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36705:TCP"= 36705:TCP:ppLive
"40883:UDP"= 40883:UDP:ppLive
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-C:\WINDOWS\system32\kdioc.exe - C:\WINDOWS\system32\kdioc.exe
HKLM-Run-AntiVerminser - C:\Program Files\AntiVerminser\AntiVerminser.exe
HKLM-Run-lphcp9wj0e137 - C:\WINDOWS\system32\lphcp9wj0e137.exe
HKLM-Run-SMrhct9wj0e137 - C:\Program Files\rhct9wj0e137\rhct9wj0e137.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JAY\Application Data\Mozilla\Firefox\Profiles\jxnhnjat.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:49:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdioc.exe"="C:\\WINDOWS\\system32\\kdioc.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-14 21:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 20:02:10
Pre-Run: 3,236,270,080 bytes free
Post-Run: 3,140,599,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
213 --- E O F --- 2008-07-09 14:58:35
Sign In
Create Account
