Please HELP! Vundo!GRB - Scans Posted

MattyMatt · #11 26th Feb 2009, 10:36

here is the combofix log

ComboFix 09-02-25.02 - Matthew Wolfson 2009-02-26 12:20:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.543 [GMT -5:00]
Running from: c:\documents and settings\Matthew Wolfson\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-25 22:09 . 2009-02-25 22:10 <DIR> d-------- C:\rsit
2009-02-25 16:14 . 2009-02-25 16:14 <DIR> d-------- c:\program files\Trend Micro
2009-02-25 15:47 . 2009-02-25 15:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-25 13:26 . 2009-02-25 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-25 13:25 . 2009-02-25 13:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-25 13:25 . 2009-02-25 13:25 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\SUPERAntiSpyware.com
2009-02-25 13:24 . 2009-02-25 13:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-25 13:16 . 2009-02-25 13:16 <DIR> d-------- c:\program files\CCleaner
2009-02-25 12:13 . 2009-02-25 12:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-25 12:12 . 2005-08-12 20:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-02-25 12:12 . 2008-12-15 21:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2009-02-25 12:12 . 2009-02-25 12:12 <DIR> d-------- c:\documents and settings\Administrator
2009-02-25 10:54 . 2009-02-25 10:54 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\Malwarebytes
2009-02-25 10:53 . 2009-02-25 10:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 10:53 . 2009-02-25 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 10:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 10:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 14:21 . 2009-02-25 15:46 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-24 13:51 . 2009-02-24 13:51 <DIR> d-------- c:\documents and settings\Matthew Wolfson\WINDOWS
2009-02-24 13:09 . 2009-02-24 13:09 <DIR> d-------- c:\windows\system32\%SdcProfile%dellsupportcenter
2009-02-24 13:09 . 2009-02-24 13:09 138 --a------ c:\windows\system32\dfb21e63-c6c6-4906-90c2-97a68018e760.5.lrf
2009-02-24 10:54 . 2009-02-24 10:54 <DIR> d-------- C:\VundoFix Backups
2009-02-23 19:51 . 2009-02-23 19:51 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\McAfee
2009-02-23 07:36 . 2009-02-25 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 17:50 . 2009-02-24 14:04 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\skypePM
2009-02-21 17:50 . 2009-02-21 17:50 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-21 17:44 . 2009-02-24 14:35 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\Skype
2009-02-21 17:42 . 2009-02-21 17:42 <DIR> dr------- c:\program files\Skype
2009-02-21 17:42 . 2009-02-21 17:42 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-21 17:42 . 2009-02-21 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- c:\documents and settings\Michelle\Application Data\Logitech
2009-02-20 16:25 . 2009-02-20 16:25 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\Logitech
2009-02-20 16:24 . 2009-02-20 16:24 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-20 16:23 . 2009-02-20 16:23 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-02-20 16:23 . 2009-02-20 16:23 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-02-20 16:19 . 2007-01-23 15:45 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2009-02-20 16:19 . 2007-01-23 15:44 101,136 --a------ c:\windows\KHALMNPR.Exe
2009-02-20 16:19 . 2007-01-23 15:45 34,576 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2009-02-20 16:19 . 2007-01-23 15:45 33,296 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2009-02-20 16:18 . 2007-01-30 01:46 163,840 --a------ c:\windows\system32\kemutb.dll
2009-02-20 16:18 . 2007-01-30 01:46 135,168 --a------ c:\windows\system32\KemUtil.dll
2009-02-20 16:18 . 2007-01-30 01:46 110,592 --a------ c:\windows\system32\KemWnd.dll
2009-02-20 16:18 . 2007-01-30 01:46 69,632 --a------ c:\windows\system32\KemXML.dll
2009-02-20 16:17 . 2009-02-20 16:18 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-20 16:17 . 2009-02-20 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-20 16:13 . 2008-04-13 19:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-20 16:13 . 2008-04-13 19:11 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-01-30 09:45 . 2009-01-30 09:52 <DIR> d-------- c:\documents and settings\Matthew Wolfson\Application Data\PeaZip
2009-01-30 09:44 . 2009-01-30 11:11 <DIR> d-------- c:\program files\PeaZip
2009-01-27 11:58 . 2009-02-22 19:54 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-26 20:45 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-26 20:45 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-01-26 20:45 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-26 20:44 . 2008-04-13 19:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-26 14:35 . 2009-01-26 14:35 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-26 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-25 21:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-25 21:09 --------- d-----w c:\program files\Lavasoft
2009-02-25 21:09 --------- d-----w c:\documents and settings\Michelle\Application Data\Lavasoft
2009-02-25 20:49 --------- d-----w c:\program files\Java
2009-02-25 18:00 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-20 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 21:24 --------- d-----w c:\program files\Logitech
2009-02-20 16:12 --------- d-----w c:\program files\McAfee
2009-02-13 19:28 --------- d-----w c:\documents and settings\Michelle\Application Data\Apple Computer
2009-01-24 20:13 --------- d-----w c:\program files\MUSICMATCH
2009-01-24 20:13 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-01-24 18:43 --------- d-----w c:\documents and settings\Matthew Wolfson\Application Data\Apple Computer
2009-01-23 21:50 --------- d-----w c:\program files\iTunes
2009-01-23 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 21:49 --------- d-----w c:\program files\iPod
2009-01-23 21:49 --------- d-----w c:\program files\Common Files\Apple
2009-01-23 21:47 --------- d-----w c:\program files\QuickTime
2009-01-23 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-23 21:45 --------- d-----w c:\program files\Apple Software Update
2009-01-23 21:44 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-15 17:35 --------- d-----w c:\documents and settings\Matthew Wolfson\Application Data\AdobeUM
2009-01-15 15:28 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-01-15 15:27 --------- d-----w c:\program files\MSECache
2009-01-15 15:06 --------- d-----w c:\documents and settings\Matthew Wolfson\Application Data\HP
2009-01-15 15:04 --------- d-----w c:\documents and settings\Matthew Wolfson\Application Data\Gtek
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-02-07 23:14 722,176 ----a-w c:\documents and settings\Michelle\gotomypc_428.exe
2006-07-21 11:43 563,712 ----a-w c:\documents and settings\Michelle\gotomypc_370.exe
2006-06-22 22:30 563,712 ----a-w c:\documents and settings\Michelle\370_gotomypc.exe
2006-06-16 01:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 23:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 18:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-12 26112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-04-05 32768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-08-12 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-08-27 315392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2009-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-20 688128]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-05-18 6144]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138985284\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138985284\\ee\\aim6.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\blp\\Wintrv\\wintrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-27 206096]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2007-12-19 53307]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-12-01 31616]
R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\drivers\V0380Afx.sys [2008-12-01 142656]
R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\drivers\V0380Aud.sys [2008-12-01 94976]
R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\drivers\V0380Vid.sys [2008-12-01 273152]
R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\drivers\V0380Vfx.sys [2008-12-01 7168]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a1771084-9a9d-11dc-9270-00123f723c0e}]
\Shell\AutoRun\command - j:\__stickydrive\StickyDrive.exe
\Shell\StickyDrive\Command - j:\__stickydrive\StickyDrive.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-22 c:\windows\Tasks\MSK_ABImport_Weekly_Michelle.job
- c:\program files\McAfee\MSK\AbImpSch.dll [2007-11-26 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matthew Wolfson\Application Data\Mozilla\Firefox\Profiles\iupeoe54.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 12:22:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\MATTHE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-26 12:24:01
ComboFix-quarantined-files.txt 2009-02-26 17:23:58

Pre-Run: 192,066,281,472 bytes free
Post-Run: 192,063,582,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

255 --- E O F --- 2009-02-12 08:02:50

**evilfantasy** · #12 26th Feb 2009, 10:48

Looks OK. How is the computer running now?

MattyMatt · #13 26th Feb 2009, 10:53

Seems ok, I'll post back in a few days.

Thanks so much!!! You are the f'n man!

**evilfantasy** · #14 26th Feb 2009, 10:54

Time to do some cleanup and secure the work you have done.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:

Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.