Internet's working much better now, yes. But when I first boot my computer up and click Firefox, sometimes it takes forever for the browser window to pop up. And when I first get on the internet, it often takes it a while to "get going" so to speak, but once it gets going it runs fine.
I think that ComboFix log I posted is the right one. It has today's date, it's just not the first date listed.
ComboFix 10-08-10.06 - Rebel 08/11/2010 10:32:18.3.2 - x86
In case I'm wrong, here's the log located at ComboFix.txt. The only problem is I ran ComboFix a couple of times today (I was trying to get it to offer to analyze those files again) so this log isn't going to show those files as deletions.
ComboFix 10-08-10.06 - Rebel 08/11/2010 11:17:13.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1473 [GMT -4:00]
Running from: c:\documents and settings\Rebel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rebel\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.
2010-08-10 21:35 . 2010-08-10 21:35 -------- d-----w- c:\documents and settings\Rebel\Application Data\U3
2010-08-10 19:03 . 2010-08-10 19:03 388096 ----a-r- c:\documents and settings\Rebel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-04 05:19 . 2010-08-04 05:19 -------- d-----w- c:\program files\ERUNT
2010-07-30 00:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-30 00:53 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-30 00:52 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-30 00:52 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-30 00:52 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-30 00:52 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-30 00:52 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-30 00:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-30 00:52 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-29 22:13 . 2010-07-29 22:13 -------- d-----w- c:\program files\Trend Micro
2010-07-29 20:04 . 2010-07-29 20:04 -------- d-----w- c:\program files\Alwil Software
2010-07-29 20:04 . 2010-07-29 20:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 21:30 . 2007-09-13 16:14 -------- d-----w- c:\program files\HP
2010-08-10 21:12 . 2010-06-28 01:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2010-08-10 21:07 . 2010-06-26 17:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
2010-08-10 21:07 . 2007-07-23 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 17:25 . 2007-07-24 17:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-30 00:49 . 2009-03-09 02:14 -------- d-----w- c:\documents and settings\Rebel\Application Data\OnlineArmor
2010-07-29 22:07 . 2007-07-23 23:05 53104 ----a-w- c:\documents and settings\Rebel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-29 21:34 . 2009-09-07 23:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2010-07-29 21:26 . 2005-08-24 11:14 -------- d-sh--r- c:\documents and settings\Rebel\Application Data\Winlog
2010-07-23 01:14 . 2009-09-12 02:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-06-28 02:54 . 2010-06-28 02:54 -------- d-----w- c:\program files\Avanquest update
2010-06-28 02:08 . 2010-06-28 02:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WEBREG
2010-06-28 01:51 . 2010-06-28 01:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2010-06-26 13:05 . 2009-12-15 16:29 -------- d-----w- c:\program files\Minefield
2010-06-26 03:57 . 2009-03-09 02:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\OnlineArmor
2010-06-26 03:55 . 2009-03-14 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-14 01:51 . 2009-12-22 04:11 -------- d-----w- c:\documents and settings\Rebel\Application Data\mIRC
2010-06-02 20:31 . 2010-06-02 20:31 45024 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-28 11:34 . 2010-05-28 11:34 503808 ----a-w- c:\documents and settings\Rebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-392c5e37-n\msvcp71.dll
2010-05-28 11:34 . 2010-05-28 11:34 499712 ----a-w- c:\documents and settings\Rebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-392c5e37-n\jmc.dll
2010-05-28 11:34 . 2010-05-28 11:34 348160 ----a-w- c:\documents and settings\Rebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-392c5e37-n\msvcr71.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-10_18.52.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-11 15:03 . 2010-08-11 15:03 16384 c:\windows\temp\Perflib_Perfdata_4ac.dat
+ 2007-04-17 05:45 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-08-10 18:54 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-08-10 18:54 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 10:00 . 2010-08-10 21:31 71448 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2010-03-22 03:57 71448 c:\windows\system32\perfc009.dat
+ 2007-07-23 22:57 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 10:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 10:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-04 10:00 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-04 10:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2007-07-23 22:57 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 10:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 10:00 . 2010-08-10 21:31 441422 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-03-22 03:57 441422 c:\windows\system32\perfh009.dat
+ 2007-04-17 05:43 . 2009-08-06 23:23 215920 c:\windows\system32\muweb.dll
+ 2007-07-25 13:11 . 2009-08-06 23:23 274288 c:\windows\system32\mucltui.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-07-23 22:57 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-07-23 22:57 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-04 10:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2007-07-23 22:57 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-07-23 22:57 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-08-10 19:03 . 2010-08-10 19:03 1094656 c:\windows\Installer\ace31.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Rebel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-31 136176]
"Windows Java Runtime"="c:\documents and settings\Rebel\java.jar" [2010-07-23 18160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\desktop\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-01 13:37 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Desktop\\a-squared Free\\a2service.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/29/2010 8:53 PM 165456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/8/2009 10:14 PM 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/8/2009 10:14 PM 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/8/2009 10:14 PM 28872]
R2 a2free;a-squared Free Service;c:\desktop\a-squared Free\a2service.exe [3/8/2009 10:13 PM 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/29/2010 8:53 PM 17744]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/8/2009 10:14 PM 1402568]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys --> c:\windows\system32\DRIVERS\PTUMWBus.sys [?]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys --> c:\windows\system32\DRIVERS\PTUMWCDF.sys [?]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys --> c:\windows\system32\DRIVERS\PTUMWFLT.sys [?]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys --> c:\windows\system32\DRIVERS\PTUMWMdm.sys [?]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys --> c:\windows\system32\DRIVERS\PTUMWNET.sys [?]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys --> c:\windows\system32\DRIVERS\PTUMWVsp.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/8/2009 10:14 PM 3321032]
--- Other Services/Drivers In Memory ---
*Deregistered* - BMLoad
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{D0BEBE8C-F1C4-BF41-7FA8-EECECBFECCF6}]
c:\documents and settings\Rebel\Application Data\svchost.exe [BU]
.
Contents of the 'Scheduled Tasks' folder
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-725345543-1003Core.job
- c:\documents and settings\Rebel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 17:05]
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-725345543-1003UA.job
- c:\documents and settings\Rebel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 17:05]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rebel\Application Data\Mozilla\Firefox\Profiles\3idjaz6o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\documents and settings\Rebel\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 11:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-11 11:24:35
ComboFix-quarantined-files.txt 2010-08-11 15:24
ComboFix2.txt 2010-08-11 14:59
ComboFix3.txt 2010-08-11 14:38
ComboFix4.txt 2010-08-10 18:56
Pre-Run: 77,776,019,456 bytes free
Post-Run: 77,760,843,776 bytes free
- - End Of File - - 9BAD788FF78A81D0CFC16EFB114F8F56