Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer refuses to work! [RESOLVED]


  • This topic is locked This topic is locked

#16
Snowbuzz

Snowbuzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Things are definitely getting better. I've uninstalled and reinstalled some of the programs that were causing the problems. Internet explorer is still not the fastest to load, but it hasn't frozen in a few days.


===============================================


ComboFix 08-05-21.3 - Princess 2008-05-22 16:25:50.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.396 [GMT -4:00]
Running from: C:\Documents and Settings\Princess\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-18 20:09 . 2008-05-18 20:09 <DIR> d-------- C:\Deckard
2008-05-11 22:15 . 2008-05-11 22:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 22:15 . 2008-05-11 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 14:20 . 2008-05-08 14:20 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook
2008-05-07 14:35 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 14:35 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-04-29 15:34 . 2008-05-18 23:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-29 15:34 . 2008-04-29 15:34 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 20:24 1,244 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-05-22 20:24 1,244 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-05-22 20:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-22 15:13 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-22 14:47 --------- d-----w C:\Documents and Settings\Princess\Application Data\WeatherBug
2008-05-19 03:38 341,704 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-05-19 03:38 341,704 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-19 03:38 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-05-18 18:08 --------- d-----w C:\Program Files\Apple Software Update
2008-05-18 18:02 --------- d-----w C:\Program Files\iTunes
2008-05-18 18:01 --------- d-----w C:\Program Files\iPod
2008-05-18 17:59 --------- d-----w C:\Program Files\QuickTime
2008-05-11 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-07 20:11 --------- d-----w C:\Documents and Settings\Princess\Application Data\AdobeUM
2008-05-07 19:31 --------- d-----w C:\Program Files\Logitech
2008-05-07 18:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 18:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-07 18:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 03:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-21 03:56 --------- d-----w C:\Documents and Settings\Princess\Application Data\SUPERAntiSpyware.com
2008-04-21 03:24 --------- d--h--w C:\Documents and Settings\Princess\Application Data\Move Networks
2008-04-21 03:11 --------- d-----w C:\Program Files\Trend Micro
2008-04-21 02:08 --------- d-----w C:\Program Files\Real
2008-04-21 02:05 --------- d-----w C:\Program Files\DeductionPro 2007
2008-04-21 02:03 --------- d-----w C:\Program Files\Creative
2008-04-21 01:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 01:53 --------- d-----w C:\Documents and Settings\Princess\Application Data\Shutterfly
2008-04-21 01:53 --------- d-----w C:\Documents and Settings\Princess\Application Data\ArcSoft
2008-04-21 01:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 01:42 --------- d-----w C:\Program Files\OfficeUpdate11
2008-04-21 01:41 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-21 01:41 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-21 01:40 --------- d-----w C:\Program Files\America Online 9.0
2008-04-21 01:28 --------- d-----w C:\Program Files\TOSHIBA
2008-04-21 01:13 --------- d-----w C:\Documents and Settings\Princess\Application Data\Malwarebytes
2008-04-21 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 01:12 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-21 00:49 --------- d-----w C:\Documents and Settings\Princess\Application Data\InstallShield
2008-04-14 19:57 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-04-14 19:57 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-04-14 19:57 --------- d-----w C:\Program Files\TaxCut06
2008-04-14 19:57 --------- d-----w C:\Documents and Settings\Princess\Application Data\TaxCut
2008-04-14 19:56 --------- d-----w C:\Program Files\TaxCut07
2008-04-14 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-28 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-03-27 21:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-27 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-27 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 18:13 208,896 ----a-w C:\WINDOWS\system32\ConTest.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2003-08-27 22:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( [email protected]_17.54.55.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-04-29 20:16:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 03:36:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2007-09-06 23:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 05:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2008-05-18 17:54:57 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-05-18 18:02:14 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-03-12 02:19:55 35,600 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-05-15 13:22:56 35,600 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-04-23 17:39:09 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-15 13:25:47 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-23 17:39:09 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-15 13:25:47 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-23 17:39:09 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-15 13:25:47 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-23 17:39:10 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-15 13:25:47 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-23 17:39:10 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-15 13:25:47 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-23 17:39:10 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-15 13:25:47 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-23 17:39:11 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-15 13:25:47 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-23 17:39:09 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-15 13:25:47 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-23 17:39:09 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-15 13:25:47 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-23 17:39:11 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-15 13:25:47 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-23 17:39:09 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-15 13:25:47 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-23 17:39:09 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-15 13:25:47 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\regsvr32.exe
- 2006-09-19 20:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2006-10-04 00:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2008-03-09 22:16:32 64,602 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-11 21:26:38 64,602 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-09 22:16:32 408,238 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-11 21:26:38 408,238 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2005-06-07 14:58 1339392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 18:28 98394]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 17:48 1388544]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 14:27 385024]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 18:37 88363 C:\WINDOWS\agrsmmsg.exe]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"PPFW"="c:\program files\panda security\panda antivirus + firewall 2008\firewall\PPFW.exe" [2007-07-09 12:03 165168]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 18:26 688218]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09 266240]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 12:31 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 01:30 188416]
"HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 12:27 126976]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 14:31 356352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PAVWAIT.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= mcmjpg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2005-03-17 17:37 151552 C:\TOSHIBA\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-31 13:40 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2004-08-27 13:34 278528 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 21:57 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"TAPPSRV"=2 (0x2)
"gusvc"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1170555621\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 10:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;cpoint;C:\WINDOWS\system32\drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 08:49]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-06 18:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42cdbd10-04af-11dc-8d40-00038a000015}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{808cd8bc-9071-11db-8d05-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-18 17:54:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:29:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [592] 0x8543CB20

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 16:31:41
ComboFix-quarantined-files.txt 2008-05-22 20:31:03
ComboFix2.txt 2008-05-15 03:27:20
ComboFix3.txt 2008-05-09 16:42:16
ComboFix4.txt 2008-05-07 19:03:37
ComboFix5.txt 2008-04-30 21:55:21

Pre-Run: 4,844,290,048 bytes free
Post-Run: 4,908,728,320 bytes free

328 --- E O F --- 2008-05-22 15:13:33


===============================================



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 9:36:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 796077
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 151013
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:28:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Princess\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\abook.mab Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\cert8.db Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\ImapMail\imap.aol.com\INBOX.msf Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\ImapMail\imap.iu.edu\INBOX.msf Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\key3.db Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\Mail\pop.gmail.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\Mail\pop.gmail.com\Sent.msf Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\panacea.dat Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\parent.lock Object is locked skipped
C:\Documents and Settings\Princess\Application Data\Thunderbird\Profiles\hir4f4ke.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Princess\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini.inuse Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\History\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temp\~DF46C2.tmp Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temp\~DF46D4.tmp Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temp\~DF5F9B.tmp Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Princess\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Princess\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Princess\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\setup.ilg Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\54c7029ab35beb1fed4b5b92fbe7ac0fPSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\54c7029ab35beb1fed4b5b92fbe7ac0fPSK_NAMES2 Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sc17j7lq.ini.vir Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP826\A0136002.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP833\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

Advertisements


#17
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again

Logs are looking good, the only thing showing is in system restore points, and quarantine witch we are about to clean :) .

ComboFix Removal
  • Follow these steps to uninstall Combofix and tools used in the removal of malware
    [List]
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

===============================================

Reset your restore points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

===============================================

This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Posted Image 1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

Posted Image 4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0

#18
Snowbuzz

Snowbuzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I've installed most of those programs. I'm currently using Panda Antivirus + Firewall, so I'm going to stick with that until my subscription ends. Is there one program in particular that you recommend?
  • 0

#19
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
All three of the above listed AVs are good. I use AVG myself :) .
  • 0

#20
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP