Still no luck on Windows update. At least now it starts to download a handful of the updates vs. just failing immediately, but again all 118 updates failed to install. I ran Windows update several times, as the PC will often "hang" in the middle of the update. No changes in the performance of the PC after running ComboFix. It still fails to access the internet within the browser (ID or Firefox) and no new programs will open 10 to 15 minutes after a re-boot.
Here is the log file:
ComboFix 13-01-21.04 - Sherman 01/21/2013 14:11:17.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.389 [GMT -6:00]
Running from: c:\documents and settings\Sherman\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\tmp1CC.tmp
c:\documents and settings\All Users\Application Data\tmp62.tmp
c:\documents and settings\All Users\Application Data\tmpD5.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Sherman\My Documents\~WRL3562.tmp
c:\documents and settings\Sherman\WINDOWS
c:\windows\dasetup.log
c:\windows\system32\MFC42.1
c:\windows\system32\rnaph.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-21 16:00 . 2013-01-21 16:00 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{226D6161-49E7-4716-8D53-715E6232233E}\MpKsledcdc000.sys
2013-01-20 22:58 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{226D6161-49E7-4716-8D53-715E6232233E}\mpengine.dll
2013-01-17 04:55 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-14 01:06 . 2008-04-14 11:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-01-14 01:06 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-01-14 01:06 . 2008-04-14 11:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-01-14 01:06 . 2001-08-18 04:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-01-14 01:06 . 2001-08-18 04:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-01-14 01:05 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-01-14 01:05 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-01-14 01:05 . 2008-04-14 04:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-01-14 01:05 . 2008-04-14 04:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-01-14 01:05 . 2008-04-14 11:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-01-14 01:05 . 2008-04-14 04:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-01-14 01:05 . 2001-08-17 18:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-01-14 01:03 . 2001-08-17 19:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2013-01-14 01:03 . 2001-08-17 19:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-01-14 01:03 . 2001-08-17 19:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2013-01-14 01:03 . 2001-08-17 18:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2013-01-14 01:03 . 2001-08-17 19:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2013-01-14 01:03 . 2001-08-17 19:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2013-01-14 01:03 . 2001-08-17 19:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-01-14 01:03 . 2001-08-17 19:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2013-01-14 01:03 . 2001-08-17 19:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-01-14 01:01 . 2001-08-18 04:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-01-14 01:01 . 2001-08-18 04:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2013-01-14 01:01 . 2001-08-18 04:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2013-01-14 01:01 . 2001-08-17 19:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2013-01-14 01:01 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-01-14 01:01 . 2001-08-18 04:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2013-01-14 01:01 . 2001-08-17 18:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2013-01-14 01:01 . 2001-08-17 20:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2013-01-14 01:01 . 2001-08-17 18:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2013-01-14 01:01 . 2001-08-17 20:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2013-01-14 01:01 . 2001-08-17 18:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2013-01-14 01:00 . 2001-08-18 04:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2013-01-14 01:00 . 2008-04-14 11:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-01-14 01:00 . 2001-08-18 04:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2013-01-14 01:00 . 2001-08-17 20:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2013-01-14 01:00 . 2001-08-17 20:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2013-01-14 01:00 . 2001-08-17 18:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2013-01-14 01:00 . 2001-08-17 18:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2013-01-14 01:00 . 2001-08-17 18:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2013-01-14 01:00 . 2001-08-17 20:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2013-01-14 01:00 . 2008-04-14 06:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2013-01-14 01:00 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2013-01-14 01:00 . 2001-08-17 18:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2013-01-14 00:59 . 2001-08-17 19:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2013-01-14 00:59 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2013-01-14 00:59 . 2001-08-17 18:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2013-01-14 00:59 . 2001-08-17 20:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2013-01-14 00:59 . 2001-08-18 04:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2013-01-14 00:59 . 2001-08-17 19:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2013-01-14 00:59 . 2001-08-17 20:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2013-01-14 00:59 . 2001-08-18 04:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2013-01-14 00:59 . 2001-08-18 04:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2013-01-14 00:59 . 2001-08-18 04:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2013-01-14 00:59 . 2001-08-18 04:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2013-01-14 00:59 . 2001-08-18 04:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2013-01-14 00:58 . 2001-08-18 04:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2013-01-14 00:58 . 2001-08-17 18:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2013-01-14 00:58 . 2001-08-17 19:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2013-01-14 00:58 . 2001-08-17 18:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2013-01-14 00:58 . 2001-08-18 04:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-01-14 00:58 . 2001-08-18 04:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-01-14 00:58 . 2001-08-17 19:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-01-14 00:58 . 2001-08-18 04:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-01-14 00:58 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-01-14 00:58 . 2001-08-17 18:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-01-14 00:56 . 2001-08-18 04:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2013-01-14 00:55 . 2001-08-17 18:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2013-01-14 00:55 . 2001-07-21 20:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-01-14 00:55 . 2001-07-21 20:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2013-01-14 00:55 . 2001-08-17 18:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2013-01-14 00:55 . 2001-08-18 04:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2013-01-14 00:55 . 2001-08-17 18:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-01-14 00:55 . 2001-08-17 19:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-01-14 00:55 . 2001-08-17 19:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2013-01-14 00:55 . 2001-08-17 19:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2013-01-14 00:55 . 2008-04-14 06:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2013-01-14 00:55 . 2001-08-17 19:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2013-01-14 00:53 . 2001-08-17 20:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2013-01-14 00:52 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-01-14 00:52 . 2001-08-17 19:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-01-14 00:52 . 2001-08-17 19:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2013-01-14 00:52 . 2001-08-18 04:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2013-01-14 00:52 . 2001-08-17 19:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2013-01-14 00:52 . 2008-04-14 06:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2013-01-14 00:52 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2013-01-14 00:52 . 2001-08-17 19:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2013-01-14 00:52 . 2001-08-17 19:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2013-01-14 00:52 . 2008-04-14 11:42 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2013-01-14 00:52 . 2001-08-18 04:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2013-01-14 00:51 . 2001-08-18 04:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2013-01-14 00:51 . 2001-08-17 19:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2013-01-14 00:51 . 2008-04-14 06:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2013-01-14 00:51 . 2008-04-14 06:10 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2013-01-14 00:51 . 2001-08-17 19:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2013-01-14 00:51 . 2001-08-17 19:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2013-01-14 00:51 . 2001-08-18 04:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-01-14 00:51 . 2001-08-17 20:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2013-01-14 00:51 . 2001-08-17 20:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2013-01-14 00:51 . 2001-08-17 20:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2013-01-14 00:51 . 2001-08-17 20:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2013-01-14 00:51 . 2001-08-18 04:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2013-01-14 00:49 . 2001-08-17 20:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2013-01-14 00:49 . 2001-08-18 04:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2013-01-14 00:49 . 2001-08-17 20:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2013-01-14 00:49 . 2001-08-17 20:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2013-01-14 00:49 . 2001-08-17 20:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2013-01-14 00:49 . 2001-08-17 20:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2013-01-14 00:49 . 2001-08-17 19:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2013-01-14 00:49 . 2001-08-17 18:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2013-01-14 00:49 . 2001-08-17 18:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2013-01-14 00:49 . 2001-08-17 18:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2013-01-14 00:49 . 2001-08-17 18:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-01-14 00:49 . 2001-08-18 04:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-01-14 00:49 . 2008-04-14 06:01 2065792 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-01-14 00:48 . 2001-08-17 18:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-01-14 00:48 . 2001-08-17 19:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-01-14 00:48 . 2001-08-17 19:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-01-14 00:48 . 2008-04-14 06:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-01-14 00:48 . 2001-08-17 18:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-01-14 00:48 . 2001-08-17 18:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-01-14 00:48 . 2001-08-17 18:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 17:30 . 2012-04-20 01:49 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 17:30 . 2011-06-17 13:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-14 22:49 . 2009-07-26 19:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-20 23:30 . 2013-01-20 23:29 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Spotify Web Helper"="c:\documents and settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-07-09 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-01-27 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\Sherman\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Microtek Scanner Finder.lnk - c:\windows\twain_32\ScanWiz5\SDII.exe [2010-1-14 315392]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LunaImaging\\jres\\Sun\\1.4.1\\bin\\javaw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Sherman\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
S1 MpKsledcdc000;MpKsledcdc000;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{226D6161-49E7-4716-8D53-715E6232233E}\MpKsledcdc000.sys [1/21/2013 10:00 AM 29904]
S3 cpuz135;cpuz135;\??\c:\docume~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:30]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 05:18]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-07 05:18]
.
2013-01-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
.
2013-01-21 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
.
2013-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2013-01-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2013-01-21 c:\windows\Tasks\ReclaimerUpdateFiles_Sherman.job
- c:\documents and settings\Sherman\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 19:38]
.
2013-01-05 c:\windows\Tasks\ReclaimerUpdateXML_Sherman.job
- c:\documents and settings\Sherman\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 19:38]
.
2013-01-21 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sherman.job
- c:\documents and settings\Sherman\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 19:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: jocogov.org\ims
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\zubcfgwp.default-1358112118875\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Logitech Vid - c:\program files\Logitech\Vid HD\Vid.exe
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-01-21 14:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1032GSX rev.AS022D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x857B52E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2013-01-21 14:42:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-21 20:41
.
Pre-Run: 17,399,201,792 bytes free
Post-Run: 17,336,524,800 bytes free
.
- - End Of File - - CB7236786156D95BC1D7C9DB7A1B5DA2