Inactive Computer slowing down over time

[dmcrx7]

My computer has been getting gradually slower.

Here are my logs.

GMR finds two files, then locks up on fatal exception, I have a screen grab.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9/14/2010 9:30:00 AM
mbam-log-2010-09-14 (09-30-00).txt

Scan type: Quick scan
Objects scanned: 118863
Time elapsed: 17 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 11:21:44.00 on Fri 09/17/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480.184 [GMT -4:00]

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
H:\Program Files\LeapFrog Connect\Monitor.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Start WingMan Profiler]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Monitor] "h:\program files\leapfrog connect\Monitor.exe"
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/8/2007 6:18:54 PM
System Uptime: 9/17/2010 9:10:33 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533VX
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2390/133mhz

==== Disk Partitions =========================


==== Installed Programs ======================


µTorrent
7-Zip 4.31
AAC Decoder
Ad-Aware SE Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
Adobe Shockwave Player 11.5
Advanced Photo Editor
Amazon Games & Software Downloader
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
AutoUpdate
CCleaner
CCScore
Digital Camera
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Foxit Reader
Foxit Toolbar
Google SketchUp 7
H.264 Decoder
HD-DV decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB954550-v5)
Icatch(IV) Camera Driver
InterVideo WinDVD 8
iSEEK AnswerWorks English Runtime
Java(TM) 6 Update 11
K-Lite Codec Pack 2.80 Full
Kodak EasyShare software
LeapFrog Connect
LeapFrog Tag Plugin
Logitech Harmony Remote Software 7
Lucent Technologies Soft Modem AMR
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Midnight Outlaw Illegal Street Drag
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.12)
MSN
MSXML 6.0 Parser
Nero 7 Premium
netbrdg
Norton PartitionMagic
Norton PartitionMagic 8.0
OfotoXMI
OpenOffice.org 2.1
Panda Cloud Antivirus
Panda Identity Protect 3.0.44
Panda Security Toolbar
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PokerStars.net
QuickTime Alternative 1.70
Real Alternative 1.49
Realtek AC'97 Audio
Remote Control USB Driver
rFactor (remove only)
RocketDock 1.3.0
Security Update for Excel 2007 (KB934670)
Security Update for Office 2007 (KB934062)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SEGA RALLY 2
SFR
SHASTA
skin0001
SKINXSDK
Software Update for Web Folders
Sports Car GT
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wvaiper
Update for Office 2007 (KB932080)
Update for Office 2007 (KB933688)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (KB934655)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Word 2007 (KB934173)
URGE
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC80CRTRedist - 8.0.50727.762
VPRINTOL
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Sidebar
WingMan Software
WIRELESS

==== End Of File ===========================

 

[Bobbye]

Welcome back! I helped you a year ago with a slow browser and gave you some pointers on speeding it up. So I ask that you review this: https://www.techspot.com/vb/topic135296.html

Even if this is not the same system, there are many reasons for 'slow.' Please tell me how much RAM you have installed in this system.

Then I would like you to run the following:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..


Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Important:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Edit: I'm going to have to check on the use of the Randa Cloud AV. I don't know whether it gives full time and updating features to the system.

 

[dmcrx7]

combofix logs

tks, the computer ran well after the last set of fixes. 2 ghz, 480 mb ram, that's why I try to keep my virus prot and other programs as simple as possible.

ComboFix 10-09-17.03 - Admin 09/17/2010 19:58:43.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480.279 [GMT -4:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msconfig.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-12 03:11 . 2010-09-12 03:11 323824 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-09-12 02:52 . 2010-09-12 02:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Panda Security
2010-09-12 02:51 . 2010-09-12 02:51 -------- d-----w- c:\documents and settings\Admin\Application Data\SurfSecret Privacy Suite
2010-09-12 02:50 . 2010-09-12 02:50 -------- d-----w- c:\documents and settings\Admin\Application Data\pandasecuritytb
2010-09-12 02:50 . 2010-09-12 02:50 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-09-12 02:48 . 2010-09-12 02:50 -------- d-----w- c:\program files\Panda Security
2010-09-12 02:48 . 2010-09-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-09-12 01:00 . 2010-09-12 01:01 -------- d-----w- c:\program files\Common Files\Remote Control Software Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 13:13 . 2009-02-21 20:16 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-14 12:55 . 2008-12-06 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:16 . 2008-12-05 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 02:53 . 2008-12-06 05:37 -------- d-----w- c:\program files\CCleaner
2010-09-12 00:59 . 2007-12-21 05:24 -------- d-----w- c:\program files\Logitech
2010-07-21 22:12 . 2010-07-21 22:12 -------- d-----w- c:\program files\ValuSoft
2010-07-21 22:12 . 2007-06-08 23:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-28 16:44 . 2010-06-28 16:44 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-05 16:56 . 2008-12-05 16:56 2098 --sha-w- c:\windows\system32\vutofudi.exe
2008-12-05 19:38 . 2008-12-05 19:38 2098 --sha-w- c:\windows\system32\wayumabe.exe
2008-12-06 14:47 . 2008-12-06 14:47 2098 --sh--w- c:\windows\system32\yahosuze.exe
.

------- Sigcheck -------

[-] 2006-12-28 . C5E8C53A50767F016B539D946ED8B121 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-27 102400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"Monitor"="h:\program files\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 22:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 18:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-07-20 16:22 32768 ----a-w- c:\windows\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- h:\program files\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-08 03:30 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Electronic Arts\\Sports Car GT\\Spcar.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\Sports Car GT\\Spcar.exe"=
"h:\\Program Files\\Easyshare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=455178debaf4d1498d95d2ca738cbb19
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-18 02:09:51
# local_time=2010-09-17 10:09:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 55310138 55310138 0 0
# compatibility_mode=1538 16774118 20 3 274007 112377355 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70097
# found=3
# cleaned=0
# scan_time=4732
C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\WInRAR Patch\Patch.exe a variant of Win32/HackTool.Patcher.A application 00000000000000000000000000000000 I
C:\Program Files\Angry IP Scanner\Angry IP Scanner 2.21.exe Win32/NetTool.Portscan.C application 00000000000000000000000000000000 I
H:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I

 

[dmcrx7]

by the way, this is a different computer, it,s 2,4 ghz, 480 mb ram
it was on here a couple years ago, cleaned it up and ran well, now its time to get rid of the bloat once again.

 

[Bobbye]

Let's handle the Eset entries first:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
  

  :Processes	
  :Services
  
  :Reg
  
  :Files  
  C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\WInRAR Patch\Patch.exe 
  C:\Program Files\Angry IP Scanner\Angry IP Scanner 2.21.exe 
  H:\AOL Instant Messenger\AIM.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click [b/]Save List To File.[/b]
• A message box will verify that the file is saved.
• Double-click the [/b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
  in your next reply.

 

[dmcrx7]

Error: Unable to interpret <C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\WInRAR Patch\Patch.exe > in the current context!
Error: Unable to interpret <C:\Program Files\Angry IP Scanner\Angry IP Scanner 2.21.exe > in the current context!
Error: Unable to interpret <H:\AOL Instant Messenger\AIM.exe > in the current context!

OTM by OldTimer - Version 3.1.16.1 log created on 09192010_232439


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\desktop\keygens for programs\desktop.ini
c:\documents and settings\all users\desktop\keygens for programs\oo.defrag.server-kg.rar
c:\documents and settings\all users\desktop\keygens for programs\registry.mechanic.v6.0.0.750_patch.exe
c:\documents and settings\all users\desktop\keygens for programs\sonysoundforge80dbuild128keygen.rar
c:\documents and settings\all users\desktop\keygens for programs\vmware.prod.kg.exe
c:\documents and settings\all users\desktop\keygens for programs\zonealarmkeygen.exe
c:\documents and settings\all users\desktop\keygens for programs\bs player\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\ahteam.nfo
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack notes.txt
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack_aht.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\file_id.diz
c:\documents and settings\all users\desktop\keygens for programs\nod32 fix\nod32.fix.v2.1-nsane.exe
c:\documents and settings\all users\desktop\keygens for programs\oodefrag85professional\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\poweriso v3.5.txt
c:\documents and settings\all users\desktop\keygens for programs\sound forge\sony sound forge 8.0d build 128.txt
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\tsrh.nfo
c:\documents and settings\all users\desktop\keygens for programs\tweaknow serial\key\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\ultraiso8serial.txt
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\keygen\brd.nfo
c:\documents and settings\all users\desktop\keygens for programs\ultraiso premium edition 8.6.0 build 1936\ultraiso-patch.exe
c:\documents and settings\all users\desktop\keygens for programs\webroot\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\windvd8platinum\intervideo windvd platinum v8.0.b06.072.txt
c:\documents and settings\all users\desktop\keygens for programs\winrar patch\patch.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\keygen_1.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzcou10.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzipse30.exe
scanner sequence 3.ZZ.11
----- EOF -----

 

[Bobbye]

The program I had you run shows a large number of pirated programs. They will all need to be removed to continue support. This was why I had you run the CK scan:
C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\WInRAR Patch\Patch.exe

It pretty much looks like almost everything on the system is pirated.

 

[dmcrx7]

programs

I don't use any of those programs, so I'll get them off of there.

A lot of useless stuff was added when I lost my harddrive years ago.

Winzip, the only one I would use, I use the free version anyway.

 

[dmcrx7]

programs

Ok, I just went to remove them, and only one was left anyway.

How do I get rid of the keygens? just delete?

 

[Bobbye]

A lot of useless stuff was added when I lost my harddrive years ago.

Keygens and cracks are use to get serial number and license numbers to use when a program is installed. The purpose is to steal (pirate) the program so you don't have to pay for it. It's illegal. Someone has to go after them- they don't just appear on a system.

You can try doing this to remove them- I'm not sure it will work- maybe you downloaded to keys to have on hand although most of these are the executables:

Run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

KillAll::
File::
c:\documents and settings\all users\desktop\keygens for programs\desktop.ini
c:\documents and settings\all users\desktop\keygens for programs\oo.defrag.server-kg.rar
c:\documents and settings\all users\desktop\keygens for programs\registry.mechanic.v6.0.0.750_patch.exe
c:\documents and settings\all users\desktop\keygens for programs\sonysoundforge80dbuild128keygen.rar
c:\documents and settings\all users\desktop\keygens for programs\vmware.prod.kg.exe
c:\documents and settings\all users\desktop\keygens for programs\zonealarmkeygen.exe
c:\documents and settings\all users\desktop\keygens for programs\bs player\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\ahteam.nfo
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack notes.txt
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack_aht.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\file_id.diz
c:\documents and settings\all users\desktop\keygens for programs\nod32 fix\nod32.fix.v2.1-nsane.exe
c:\documents and settings\all users\desktop\keygens for programs\oodefrag85professional\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\poweriso v3.5.txt
c:\documents and settings\all users\desktop\keygens for programs\sound forge\sony sound forge 8.0d build 128.txt
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\tsrh.nfo
c:\documents and settings\all users\desktop\keygens for programs\tweaknow serial\key\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\ultraiso8serial.txt
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\keygen\brd.nfo
c:\documents and settings\all users\desktop\keygens for programs\ultraiso premium edition 8.6.0 build 1936\ultraiso-patch.exe
c:\documents and settings\all users\desktop\keygens for programs\webroot\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\windvd8platinum\intervideo windvd platinum v8.0.b06.072.txt
c:\documents and settings\all users\desktop\keygens for programs\winrar patch\patch.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\keygen_1.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzcou10.exe
c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzipse30.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Part of the Combofix log is missing.

Do a new scan with Combofix when finished to above. Be sure to reboot after running the script before you do the new scan.

KEYGENS FOR PROGRAMS is the name of a program. It also need to be removed. This includes in Add/Remove Programs, Startup menu, program folders and application data.

There is at least a Vundo infection on the system.


Is the operating system legitimate?

 

[dmcrx7]

operating system

I don't know.

It has windows XP, and came new with windows XP. It did not come with a cd, and I don't know how to obtain a replacement now, since the computer and operating system are no longer supported.

 

[dmcrx7]

could the script kill the OS?

 

[Bobbye]

IF you mean could the script I wrote kill the OS? No reason it should. But if you have a pirated OS, anything can happen.

If you ordered or bought a new computer from a reputable manufacturer or dealer new, the Os should be legitimate.

A lot of useless stuff was added when I lost my harddrive years ago.

I addressed this in my Reply #10.

 

[dmcrx7]

Here's the one from the script

ComboFix 10-09-24.03 - Admin 09/24/2010 19:29:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480.270 [GMT -4:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\My Documents\Downloads\CFScript.txt
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

FILE ::
"c:\documents and settings\all users\desktop\keygens for programs\bs player\keygen.exe"
"c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\ahteam.nfo"
"c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack notes.txt"
"c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack_aht.exe"
"c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\file_id.diz"
"c:\documents and settings\all users\desktop\keygens for programs\oo.defrag.server-kg.rar"
"c:\documents and settings\all users\desktop\keygens for programs\oodefrag85professional\keygen.exe"
"c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\keygen.exe"
"c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\poweriso v3.5.txt"
"c:\documents and settings\all users\desktop\keygens for programs\registry.mechanic.v6.0.0.750_patch.exe"
"c:\documents and settings\all users\desktop\keygens for programs\sonysoundforge80dbuild128keygen.rar"
"c:\documents and settings\all users\desktop\keygens for programs\sound forge\sony sound forge 8.0d build 128.txt"
"c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\keygen.exe"
"c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\tsrh.nfo"
"c:\documents and settings\all users\desktop\keygens for programs\tweaknow serial\key\serial.txt"
"c:\documents and settings\all users\desktop\keygens for programs\ultraiso premium edition 8.6.0 build 1936\ultraiso-patch.exe"
"c:\documents and settings\all users\desktop\keygens for programs\ultraiso\keygen\brd.nfo"
"c:\documents and settings\all users\desktop\keygens for programs\ultraiso\ultraiso8serial.txt"
"c:\documents and settings\all users\desktop\keygens for programs\vmware.prod.kg.exe"
"c:\documents and settings\all users\desktop\keygens for programs\webroot\serial.txt"
"c:\documents and settings\all users\desktop\keygens for programs\windvd8platinum\intervideo windvd platinum v8.0.b06.072.txt"
"c:\documents and settings\all users\desktop\keygens for programs\winzip 11\keygen_1.exe"
"c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzcou10.exe"
"c:\documents and settings\all users\desktop\keygens for programs\winzip 11\wzipse30.exe"
"c:\documents and settings\all users\desktop\keygens for programs\zonealarmkeygen.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Admin\LOCALS~1\Temp\286.tmp
c:\documents and settings\Admin\Local Settings\temp\286.tmp
c:\documents and settings\all users\desktop\keygens for programs\bs player\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\ahteam.nfo
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack notes.txt
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\crack_aht.exe
c:\documents and settings\all users\desktop\keygens for programs\diskeeper 11 activation patch\file_id.diz
c:\documents and settings\all users\desktop\keygens for programs\oo.defrag.server-kg.rar
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\poweriso keygen\poweriso v3.5.txt
c:\documents and settings\all users\desktop\keygens for programs\registry.mechanic.v6.0.0.750_patch.exe
c:\documents and settings\all users\desktop\keygens for programs\sonysoundforge80dbuild128keygen.rar
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\keygen.exe
c:\documents and settings\all users\desktop\keygens for programs\tuneup utilities 2007\tsrh.nfo
c:\documents and settings\all users\desktop\keygens for programs\tweaknow serial\key\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\ultraiso premium edition 8.6.0 build 1936\ultraiso-patch.exe
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\keygen\brd.nfo
c:\documents and settings\all users\desktop\keygens for programs\ultraiso\ultraiso8serial.txt
c:\documents and settings\all users\desktop\keygens for programs\vmware.prod.kg.exe
c:\documents and settings\all users\desktop\keygens for programs\webroot\serial.txt
c:\documents and settings\all users\desktop\keygens for programs\zonealarmkeygen.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy
2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan229.tmp
2010-09-20 03:23 . 2010-09-20 03:23 -------- d-----w- C:\_OTM
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\xircom
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\program files\microsoft frontpage
2010-09-18 00:45 . 2010-09-18 00:45 -------- d-----w- c:\program files\ESET
2010-09-12 03:11 . 2010-09-23 09:26 323840 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-09-12 02:52 . 2010-09-12 02:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Panda Security
2010-09-12 02:51 . 2010-09-12 02:51 -------- d-----w- c:\documents and settings\Admin\Application Data\SurfSecret Privacy Suite
2010-09-12 02:50 . 2010-09-12 02:50 -------- d-----w- c:\documents and settings\Admin\Application Data\pandasecuritytb
2010-09-12 02:50 . 2010-09-12 02:50 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-09-12 02:48 . 2010-09-12 02:50 -------- d-----w- c:\program files\Panda Security
2010-09-12 02:48 . 2010-09-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-09-12 01:00 . 2010-09-12 01:01 -------- d-----w- c:\program files\Common Files\Remote Control Software Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:38 . 2007-06-09 03:07 74272 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 02:46 . 2007-06-08 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-18 02:42 . 2007-06-08 23:52 -------- d-----w- c:\program files\MSBuild
2010-09-17 13:13 . 2009-02-21 20:16 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-14 12:55 . 2008-12-06 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:16 . 2008-12-05 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 02:53 . 2008-12-06 05:37 -------- d-----w- c:\program files\CCleaner
2010-09-12 00:59 . 2007-12-21 05:24 -------- d-----w- c:\program files\Logitech
2010-06-28 16:44 . 2010-06-28 16:44 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-05 16:56 . 2008-12-05 16:56 2098 --sha-w- c:\windows\system32\vutofudi.exe
2008-12-05 19:38 . 2008-12-05 19:38 2098 --sha-w- c:\windows\system32\wayumabe.exe
2008-12-06 14:47 . 2008-12-06 14:47 2098 --sh--w- c:\windows\system32\yahosuze.exe
.

------- Sigcheck -------

[-] 2006-12-28 . C5E8C53A50767F016B539D946ED8B121 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-27 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 22:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 17:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 18:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 02:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-07-20 16:22 32768 ----a-w- c:\windows\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- h:\program files\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-08 03:30 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amazon Download Agent"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
"LxrSII1s"=3 (0x3)
"LeapFrog Connect Device Service"=2 (0x2)
"IntuitUpdateService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Electronic Arts\\Sports Car GT\\Spcar.exe"=
"h:\\Sports Car GT\\Spcar.exe"=
"h:\\Program Files\\Easyshare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 5:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 5:50 PM 55024]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [12/13/2008 3:25 AM 72672]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [6/8/2007 8:46 PM 815819]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [9/26/2008 11:53 PM 515803]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 1:35 AM 18560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 5:50 PM 7408]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/20/2010 10:11 AM 401920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 04:57 38912 ----a-w- c:\vaio\vshellext.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cmicompany.com\mail
Trusted Zone: intuit.com\ttlc
Trusted Zone: mazdamotorsports.com\www
Trusted Zone: vanguard.com\personal
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: h:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: h:\program files\DivX\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 19:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2408)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-24 19:51:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 23:51
ComboFix2.txt 2010-09-18 00:13



WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

[dmcrx7]

Here's the after

ComboFix 10-09-24.03 - Admin 09/24/2010 23:00:53.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480.168 [GMT -4:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy
2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan229.tmp
2010-09-20 03:23 . 2010-09-20 03:23 -------- d-----w- C:\_OTM
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\xircom
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\program files\microsoft frontpage
2010-09-18 00:45 . 2010-09-18 00:45 -------- d-----w- c:\program files\ESET
2010-09-12 03:11 . 2010-09-23 09:26 323840 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-09-12 02:52 . 2010-09-12 02:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Panda Security
2010-09-12 02:51 . 2010-09-12 02:51 -------- d-----w- c:\documents and settings\Admin\Application Data\SurfSecret Privacy Suite
2010-09-12 02:50 . 2010-09-12 02:50 -------- d-----w- c:\documents and settings\Admin\Application Data\pandasecuritytb
2010-09-12 02:50 . 2010-09-12 02:50 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-09-12 02:48 . 2010-09-12 02:50 -------- d-----w- c:\program files\Panda Security
2010-09-12 02:48 . 2010-09-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-09-12 01:00 . 2010-09-12 01:01 -------- d-----w- c:\program files\Common Files\Remote Control Software Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:38 . 2007-06-09 03:07 74272 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 02:46 . 2007-06-08 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-18 02:42 . 2007-06-08 23:52 -------- d-----w- c:\program files\MSBuild
2010-09-17 13:13 . 2009-02-21 20:16 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-14 12:55 . 2008-12-06 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:16 . 2008-12-05 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 02:53 . 2008-12-06 05:37 -------- d-----w- c:\program files\CCleaner
2010-09-12 00:59 . 2007-12-21 05:24 -------- d-----w- c:\program files\Logitech
2010-06-28 16:44 . 2010-06-28 16:44 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-05 16:56 . 2008-12-05 16:56 2098 --sha-w- c:\windows\system32\vutofudi.exe
2008-12-05 19:38 . 2008-12-05 19:38 2098 --sha-w- c:\windows\system32\wayumabe.exe
2008-12-06 14:47 . 2008-12-06 14:47 2098 --sh--w- c:\windows\system32\yahosuze.exe
.

------- Sigcheck -------

[-] 2006-12-28 . C5E8C53A50767F016B539D946ED8B121 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-18_00.07.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-25 02:46 . 2010-09-25 02:46 16384 c:\windows\temp\Perflib_Perfdata_754.dat
+ 2010-09-18 02:45 . 2010-09-18 02:45 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2010-09-24 03:45 . 2010-07-16 20:31 714048 c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan229.tmp\setup.exe
+ 2007-06-08 13:57 . 2010-09-24 23:40 279744 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-27 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 22:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 17:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 18:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 02:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-07-20 16:22 32768 ----a-w- c:\windows\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- h:\program files\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-08 03:30 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amazon Download Agent"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
"LxrSII1s"=3 (0x3)
"LeapFrog Connect Device Service"=2 (0x2)
"IntuitUpdateService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Electronic Arts\\Sports Car GT\\Spcar.exe"=
"h:\\Sports Car GT\\Spcar.exe"=
"h:\\Program Files\\Easyshare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 5:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 5:50 PM 55024]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [12/13/2008 3:25 AM 72672]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [6/8/2007 8:46 PM 815819]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [9/26/2008 11:53 PM 515803]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 1:35 AM 18560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 5:50 PM 7408]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/20/2010 10:11 AM 401920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 04:57 38912 ----a-w- c:\vaio\vshellext.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cmicompany.com\mail
Trusted Zone: intuit.com\ttlc
Trusted Zone: mazdamotorsports.com\www
Trusted Zone: vanguard.com\personal
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: h:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: h:\program files\DivX\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 23:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3448)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-24 23:14:19
ComboFix-quarantined-files.txt 2010-09-25 03:14
ComboFix2.txt 2010-09-24 23:51
ComboFix3.txt 2010-09-18 00:13

Pre-Run: 2,017,071,104 bytes free
Post-Run: 2,006,425,600 bytes free

- - End Of File - - 5F3E03DE57F90F1B40FA943A26D271E0

 

[dmcrx7]

Should I defrag?

and should I use something other than MS defrag?

 

[Bobbye]

You didn't need to run Combofx again. A log is generated after the script has been run. Then-if there are additional entries, I will set it up again.

I am not comfortable with the very high number of programs you pirated. Although I moved some data from them, I did not uninstall any of the program you might have used the keygens on.

Download the HijackThis Installer HERE and save to the desktop:

1. Double-click on HJTInstall.exe to run the program.
2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
3. Accept the license agreement by clicking the "I Accept" button."
4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
5. Click "Save log" to save the log file and then the log will open in notepad.
6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Save the log to your desktop- we will use it later
   
   To Use The Uninstall Manager
7. Start HijackThis
8. Click on the Config button
9. Click on the Misc Tools button
10. Click on the Open Uninstall Manager button.
    You will now be presented with a screen similar to the one below:
    
    
11. Highlight program to be removed
    Uninstall any programs which used the keygens. you can look in the list of data from these programs in Reply #13 & 14.
12. Click on the Delete this entry button.
13. Click on the Save listWhen you press Save button a notepad will open with the contents of that file. Copy and paste the contents of that notepad into your next reply.

Close HijackThis. Reboot the Computer. Empty the Recycle Bin

One of the entries in the keygen group was the Win32/HackTool.Patcher.A HackTool:Win32/PatchA is an application-a generic detection for a series of hacking tools intended to "patch" programs that may be evaluation copies, or unregistered versions with limited features. a user interactive program that does not automatically run at Windows start, or run as a hidden process.

Until I know that all pirated programs and the information from them is gone, I can't offer any more support. I would suggest that you do a clean reinstall if you can find an appropriate, legitimate disc.

I also noted this entries from 9/12/2010:
c:\program files\Common Files\Remote Control Software Common

 

[dmcrx7]

thanks for your help

As I have said, I do not use any of the programs the keygens were for. In fact only a couple were even in add programs, and they have been removed.

My best guess, is that he loaded all keygens, in case I wanted to use any of those programs.

Obviously, I cannot prove any of this, except to say that this old computer will only continue to run if I am diligent about keeping the minimum software needed to do the few things I use it for, I doubt it would even run those programs.

I appreciate your help.

I have moved my documents for c: to another drive and now need to defrag the c: drive. I was using 18 of 20 gb, and I think this is why the computer has been getting gradually slower.

 

[dmcrx7]

I'm confused

Above you said "Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Part of the Combofix log is missing.

Do a new scan with Combofix when finished to above. Be sure to reboot after running the script before you do the new scan."


But then you said I shouldn't have run it twice.

 

[dmcrx7]

uninstall log

7-Zip 4.31
Ad-Aware SE Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
Adobe Shockwave Player 11.5
Advanced Photo Editor
Amazon Games & Software Downloader
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
CCleaner
CCScore
Digital Camera
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Foxit Reader
Foxit Toolbar
Google SketchUp 7
HD-DV decoder
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Icatch(IV) Camera Driver
iSEEK AnswerWorks English Runtime
Java(TM) 6 Update 11
K-Lite Codec Pack 2.80 Full
Kodak EasyShare software
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
Logitech Harmony Remote Software 7
Lucent Technologies Soft Modem AMR
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Midnight Outlaw Illegal Street Drag
Mozilla Firefox (3.5.13)
MSN
MSXML 6.0 Parser
Nero 7 Premium
netbrdg
Norton PartitionMagic 8.0
OfotoXMI
OpenOffice.org 2.1
Panda Cloud Antivirus
Panda Cloud Antivirus
Panda Identity Protect 3.0.44
Panda Security Toolbar
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PokerStars.net
QuickTime Alternative 1.70
Real Alternative 1.49
Realtek AC'97 Audio
Remote Control USB Driver
RocketDock 1.3.0
Security Update for Excel 2007 (KB934670)
Security Update for Office 2007 (KB934062)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SEGA RALLY 2
SFR
SHASTA
skin0001
SKINXSDK
Sports Car GT
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wvaiper
Update for Office 2007 (KB932080)
Update for Office 2007 (KB933688)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (KB934655)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Word 2007 (KB934173)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC80CRTRedist - 8.0.50727.762
VPRINTOL
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Sidebar
WingMan Software
WIRELESS

 

[dmcrx7]

hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:16:34 PM, on 9/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

 

[dmcrx7]

What program should I use to defrag?

 

[dmcrx7]

Help!

Combofix quarantined my msconfig file

 

[Bobbye]

Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
None of these processes need to start on boot and run in the background.

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\DfrgNtfs.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

Close all Windows except HijackThis and click on "Fix Checked."

FYI
DfrgNtfs.exe is the Windows Defragment utility. IF you do not want to use this, stop it and download another program from the internet.
SiSUSBrg.exe is the USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
hpztsb07.exe adds a system tray icon to your taskbar that will assist in diagnosing HPDJ Taskbar Utility is for HP Deskjet printers to do maintenance tasks and diagnostics.problems with your Hewlett Packard printer.

You're already running a defrag in the background. Combofix did not remove msconfig. If the system isn't working as it should, it is most likely because it is not a legitimate version. You said it yourself that you do not have the OS that came with the computer, that the Sony processes were getting blocked, that you have 'your own' versions of the software you run.

It has windows XP, and came new with windows XP. It did not come with a cd,
I have own legitimate copies of the software I use. I am not using the preinstalled version of XP, as sony blocked many of the replacement products I now have on my Vaio

It is very possible that you also have a compatibility issue.

I wanted Combofix rerun originally because part of it was missing. You then ran the script and it generated a log after that. Then you ran Combofix again. you did not need to run it again at that point.

I'm sorry you aren't getting the results you wanted. I think there is a good chance that the OS itself it not legitimate. When we use software for which there is a charge, we are paying for the license to use it. It is not our own copy of the software. It still belongs to the author.

I have spent too much time as it is working on your system. Once I saw the first indication of piracy I should have withdrawn my support. It is not a matter of 'trust.'

Just do you know, you have a slim chance of finding a netbook that matches the speed of a laptop or desktop.
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

 

[dmcrx7]

Thank you for your help

I found my msconfig file in c:/Qoobox/Quarantine/C/ with a .vir extension
so assumed Combofix moved it there

Now that that I have followed your instructions, moved My documents from the C: drive, and defragged the C: drive, the computer is running much better, so thank you.

I am concerned about your post that I have a vundo infection, as I missed that in the logs.