Computer running slow as poop. Possible virus or just too much junk?

Hi,

It should be located on your C:\ Drive. C:\ComboFix.txt

Alright. Here it is.

ComboFix 10-11-23.02 - Brian Juon 3/2010 Tue 21:29:45.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2045.1784 [GMT -6:00]
Running from: c:\documents and settings\Brian Juon\Desktop\commy.exe.exe
AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-14 00:32 . 2010-11-14 00:32 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 00:32 . 2010-11-14 00:32 -------- d-----w- c:\windows\Sun
2010-11-14 00:32 . 2010-11-14 00:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 00:32 . 2010-11-14 00:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 00:32 . 2010-11-14 00:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 00:32 . 2010-11-14 00:32 -------- d-----w- c:\program files\Java
2010-11-12 03:30 . 2010-11-12 03:31 -------- d-----w- c:\documents and settings\Brian Juon\Application Data\ooVoo Details
2010-11-12 03:30 . 2010-11-12 03:30 -------- d-----w- c:\program files\ooVoo
2010-11-12 03:28 . 2010-11-12 03:28 -------- d-----w- c:\program files\Common Files\logishrd
2010-11-12 03:28 . 2008-04-14 11:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-11-12 03:28 . 2008-04-14 11:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-11-12 03:28 . 2008-04-14 11:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-11-12 03:28 . 2008-04-14 11:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-11-12 03:28 . 2008-04-14 11:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-11-12 03:26 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-12 03:26 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-11 13:41 . 2010-11-11 13:41 -------- d-----w- c:\documents and settings\Mom\Application Data\AVG10
2010-11-11 13:41 . 2010-11-11 13:41 -------- d-----w- c:\documents and settings\Mom\Application Data\OnlineArmor
2010-11-07 05:52 . 2010-11-07 06:46 -------- d-----w- c:\documents and settings\Brian Juon\Application Data\AVG
2010-11-07 05:52 . 2010-11-22 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-06 04:05 . 2010-11-06 04:35 -------- d-----w- c:\documents and settings\Brian Juon\Local Settings\Application Data\PMB Files
2010-11-06 04:05 . 2010-11-06 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-11-05 04:25 . 2010-11-05 04:25 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 04:24 . 2010-11-24 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 04:24 . 2010-11-22 02:59 -------- d-----w- c:\program files\AVG
2010-11-05 04:21 . 2010-11-05 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 05:25 . 2010-10-30 05:33 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Adobe
2010-10-29 06:56 . 2010-10-29 06:56 -------- d-----w- c:\documents and settings\Brian Juon\Local Settings\Application Data\Identities
2010-10-26 04:39 . 2010-10-26 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-10-26 04:39 . 2010-10-26 04:39 -------- d-----w- c:\documents and settings\Brian Juon\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-08-04 05:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 05:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2004-08-04 05:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-04 03:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 05:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 03:59 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 05:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 04:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 05:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 05:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 04:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-07-27 21:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-27 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-10-31 19071672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LG Intelligent Update"="c:\program files\lg_swupdate\autoupdate.exe" [2008-07-17 126976]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-11 13594624]
"nwiz"="nwiz.exe" [2009-02-11 1657376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"zOSD"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
EmEditor v3.lnk - c:\program files\EmEditor3\EMEDTRAY.EXE [2001-12-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
"c:\\Nexon\\PopTag\\CA.exe"=
"c:\\Nexon\\PopTag\\NMCOSrv.exe"=
"d:\combat arms\CombatArms.exe"= d:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"d:\\Combat Arms\\NMService.exe"=
"d:\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"56081:TCP"= 56081:TCP:Pando Media Booster
"56081:UDP"= 56081:UDP:Pando Media Booster
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/26/2010 4:20 PM 165888]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/17/2010 12:39 PM 691696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 7:51 AM 136176]
S2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [8/10/2007 8:37 AM 69632]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/26/2010 2:56 PM 20160]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/26/2010 3:57 PM 41376]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 4:56 PM 173392]
S3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [8/10/2007 8:35 AM 22528]
.
Contents of the 'Scheduled Tasks' folder

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6d7363c4237a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 13:51]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb6d7364106eba.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 13:51]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Brian Juon\Application Data\Mozilla\Firefox\Profiles\p69zwx7b.Mah Profile\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.txt=emeditor.txt
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-23 21:33:54
ComboFix-quarantined-files.txt 2010-11-24 03:33

Pre-Run: 18,480,656,384 bytes free
Post-Run: 19,102,081,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8EFDC4052445699E0BC7DC25BF52A7E1

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.