Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help! Combo Fix problem w XP home desktop

Started by looktotheskys , Jan 08 2009 05:42 PM

  • Please log in to reply

#1
looktotheskys
Posted 08 January 2009 - 05:42 PM

looktotheskys

    Member

  • Member
  • PipPip
  • 30 posts
Hello:
Here's what happened.


I run Windows XP Home. I have service pack 2 not 3. I also have a linkysys router. I closed Advast but did not close Zone Alarm when I ran Combo Fix. I waited and waited and my desktop did not come up after I ran Combo Fix, the first time, so, I ran Combo Fix again. OOOps. The reason I ran Combo Fix is that I heard about it on Leo Laport's talk radio show and I have been having problems with IE. I cleaned my system the other day with Avast, Adware, SpyBot, CleanUp. I was still having problems with IE.
Now, I cannot get to my desktop. It does not come up. The picture comes up in the background but no icons or start up options. I can get to the internet using Firefox thru the task manager. When I type in explorer.exe in the task manager nothing comes up. Looking at the log it looks like things were de-registered?? I can not open up any software programs either, Word, Photoshop, ect.. Why? Please help a Leo Laport listener with this issue. I have had great experiences with Geeks to go in the past. thanks again.

Sincerely,

Nicola




This is the first log of Combo Fix:

ComboFix 09-01-08.01 - Nicole 2009-01-08 12:36:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.562 [GMT -8:00]
Running from: c:\documents and settings\Nicole\Desktop\SECURITY\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alexa toolbar
c:\windows\Readme.txt
c:\windows\regedit.com
c:\windows\setup.exe
c:\windows\system32\taskmgr.com
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 10:44 . 2009-01-08 10:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-08 10:44 . 2009-01-08 10:44 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 20:43 41,816,096 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 20:41 --------- d-----w c:\documents and settings\Nicole\Application Data\DNA
2009-01-07 19:39 490,592 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-07 19:36 --------- d-----w c:\program files\Photoshop 7.0
2008-12-26 15:47 15,821,837 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-23 18:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-23 18:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 17:13 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-11-02 17:22 3,218 ----a-w c:\windows\system32\PerfStringBackup.TMP
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-06-05 04:36 273,544 -c--a-w c:\documents and settings\Nicole\Application Data\GDIPFONTCACHEV1.DAT
2007-05-19 18:55 722,176 -c--a-w c:\documents and settings\Nicole\gotomypc_428.exe
2001-08-16 21:14 1,915,822 -c----w c:\program files\lsghost2k2.rar
2000-12-12 19:17 100,432 -c----w c:\program files\Win2000PPAHotfix.exe
2000-09-06 01:03 2,917,440 -c----w c:\program files\TPS4PE15.ZIP
1999-11-02 23:08 29,184 -c----w c:\program files\A List of Useful Office 2000 Shortcut Keys.xls
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-07-10 289088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Washer"="c:\program files\Washer\washer.exe" [2002-12-12 816640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\Nicola\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-12-23 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-09-22 169472]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2005-01-10 77824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-21 19:07 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2002-01-17 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2002-01-17 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2002-01-17 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2002-01-17 10368]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2003-01-10 9728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S4 Dmfilhibpaur;Dmfilhibpaur; [x]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Shareaza - c:\program files\Shareaza\Shareaza.exe
HKLM-Run-HydarVisionDesktopManager - (no file)
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
SSODL-CDBurn- - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.riktr.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.surfline.com/
uDefault_Page_URL = hxxp://www.surfline.com/
mStart Page = hxxp://www.surfline.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &WordWeb...
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Nicole\Application Data\Mozilla\Firefox\Profiles\srtckrej.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.riktr.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 12:42:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-08 12:46:34
ComboFix-quarantined-files.txt 2009-01-08 20:46:29

Pre-Run: 18,287,960,064 bytes free
Post-Run: 18,304,868,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

155 --- E O F --- 2008-07-09 14:59:10





This is the second log of Combo Fix:




ComboFix 09-01-08.01 - Nicole 2009-01-08 13:19:19.2 - NTFSx86
Running from: c:\documents and settings\Nicole\Desktop\SECURITY\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 10:44 . 2009-01-08 10:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-08 10:44 . 2009-01-08 10:44 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:25 41,893,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 21:07 492,392 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-08 20:51 --------- d-----w c:\documents and settings\Nicole\Application Data\DNA
2009-01-07 19:36 --------- d-----w c:\program files\Photoshop 7.0
2008-12-26 15:47 15,821,837 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-23 18:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-23 18:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 17:13 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-11-02 17:22 3,218 ----a-w c:\windows\system32\PerfStringBackup.TMP
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-06-05 04:36 273,544 -c--a-w c:\documents and settings\Nicole\Application Data\GDIPFONTCACHEV1.DAT
2007-05-19 18:55 722,176 -c--a-w c:\documents and settings\Nicole\gotomypc_428.exe
2001-08-16 21:14 1,915,822 -c----w c:\program files\lsghost2k2.rar
2000-12-12 19:17 100,432 -c----w c:\program files\Win2000PPAHotfix.exe
2000-09-06 01:03 2,917,440 -c----w c:\program files\TPS4PE15.ZIP
1999-11-02 23:08 29,184 -c----w c:\program files\A List of Useful Office 2000 Shortcut Keys.xls
.

((((((((((((((((((((((((((((( snapshot@2009-01-08_12.44.12.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-08 18:27:16 17,125 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-08 21:10:09 17,125 ----a-w c:\windows\system32\tablet.dat
+ 2009-01-08 21:08:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-07-10 289088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Washer"="c:\program files\Washer\washer.exe" [2002-12-12 816640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-21 19:07 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2002-12-31 9728]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 Dmfilhibpaur;Dmfilhibpaur; [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-21 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-21 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2001-08-17 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2001-08-17 10368]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - aawservice
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - AVG Anti-Rootkit
*Deregistered* - AvgArCln
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KLIF
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PenClass
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srescan
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TabletService
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tmcomm
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - vsdatant
*Deregistered* - vsmon
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.riktr.com/
uDefault_Search_URL = hxxp://www.surfline.com/
mStart Page = hxxp://www.surfline.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &WordWeb...
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nicole\Application Data\Mozilla\Firefox\Profiles\srtckrej.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.riktr.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 13:25:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-01-08 13:29:09
ComboFix-quarantined-files.txt 2009-01-08 21:29:05
ComboFix2.txt 2009-01-08 20:46:38

Pre-Run: 18,315,026,432 bytes free
Post-Run: 18,296,008,704 bytes free

235 --- E O F --- 2008-07-09 14:59:10


:)

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP