Inactive Computer slowing down over time

[dmcrx7]

virtumonde

OK,
I bow to your knowledge

I found this with spybot.

Not sure how to clean it. It appears to be a remnant from a bad virtumonde infection I had in 06. This is what led to the whole replace hard drive, reload everything that I was hoping to avoid this time.



--- Search result list ---
Virtumonde.sdn: [SBI $70056CE6] Data (File, nothing done)
C:\WINDOWS\system32\wigofoto
Properties.size=6456
Properties.md5=20FCD2C549D39077AE241934A6A41AE6
Properties.filedate=1228583877
Properties.filedatetext=2008-12-06 13:17:57

 

[Bobbye]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\msconfig.exe

That means it was infected.

Run the script:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

KillAll::
File::
c:\windows\system32\vutofudi.exe
c:\windows\system32\wayumabe.exe
c:\windows\system32\yahosuze.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . I don't need the log.

When done:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

 

[dmcrx7]

Done, it quarantined msconfig again. How do I start a new one?

 

[dmcrx7]

I found my xp license, btw, its on a sticker on the back of the tower.

Can I do a 'reinstall' somehow, so I don't lose hardware functionality, instead of a clean install?

 

[Bobbye]

I don't understand what you're asking.

 

[dmcrx7]

msconfig

I found the msconfig file

 

[Bobbye]

Okay- what are you going to do now?

 

[dmcrx7]

what now

I think I'm good.

I have found where to download the orig windows xp. I just have to figure out how to save my hardware drivers, so I can reuse the ones that were hard to find.

My hope is to do an 'upgrade' to xp instead of a clean install, even tho xp is already there.


As far as I can tell, all signs of pirated software are gone and virtumonde is gone.

 

[Bobbye]

You lost me a few posts back when you started on the reformat. I might be able to replace msconfig if there is a good copy on the system. Let's try this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  msconfig.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Post the logs for this.

 

[dmcrx7]

SystemLook 04.09.10 by jpshortstuff
Log created at 20:34 on 04/10/2010 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "msconfig.*"
C:\Qoobox\Quarantine\C\WINDOWS\msconfig.exe.vir --a---- 158208 bytes [14:38 27/09/2010] [07:56 04/08/2004] 4FD22142F54692463A7B98B7DE175573
C:\WINDOWS\Help\msconfig.chm --a---- 17240 bytes [04:00 04/08/2004] [04:00 04/08/2004] DAC4E9ABF3EB4B6F96D54060BE14AA1C
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe --a---- 169984 bytes [21:13 08/06/2007] [05:49 28/12/2006] 3C60AEFA68EFA2C4D13AB6B68FE82B81
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf --a---- 29436 bytes [01:02 04/10/2010] [01:02 04/10/2010] F5AF7C78B779815DA5963470C3946E6A
C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\msconfig.exe --a---- 169984 bytes [00:12 14/04/2008] [00:12 14/04/2008] A81135541C9D4EBCE43EFA8AD31395B4

-= EOF =-

 

[dmcrx7]

I hadn't uninstalled combofix yet, here's the new one

SystemLook 04.09.10 by jpshortstuff
Log created at 22:32 on 04/10/2010 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "msconfig.*"
C:\WINDOWS\Help\msconfig.chm --a---- 17240 bytes [04:00 04/08/2004] [04:00 04/08/2004] DAC4E9ABF3EB4B6F96D54060BE14AA1C
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe --a---- 169984 bytes [21:13 08/06/2007] [05:49 28/12/2006] 3C60AEFA68EFA2C4D13AB6B68FE82B81
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf --a---- 29436 bytes [01:02 04/10/2010] [01:02 04/10/2010] F5AF7C78B779815DA5963470C3946E6A
C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\msconfig.exe --a---- 169984 bytes [00:12 14/04/2008] [00:12 14/04/2008] A81135541C9D4EBCE43EFA8AD31395B4

-= EOF =-

 

[Bobbye]

Let's give this a try:

Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
FCopy::
C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\msconfig.exe |  c:\windows\msconfig.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================

 

[dmcrx7]

ComboFix 10-10-05.01 - Admin 10/05/2010 15:28:27.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2528.2074 [GMT -4:00]
Running from: h:\my documents\Downloads\ComboFix.exe
Command switches used :: h:\my documents\Downloads\CFScript.txt
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msconfig.exe

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\msconfig.exe --> c:\windows\msconfig.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-09-27 13:24 . 2010-09-27 14:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-09-27 12:39 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-26 17:56 . 2010-09-26 17:56 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy
2010-09-24 03:45 . 2010-09-24 03:45 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan229.tmp
2010-09-20 03:23 . 2010-09-20 03:23 -------- d-----w- C:\_OTM
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\windows\system32\xircom
2010-09-18 03:42 . 2010-09-18 03:42 -------- d-----w- c:\program files\microsoft frontpage
2010-09-18 00:45 . 2010-09-18 00:45 -------- d-----w- c:\program files\ESET
2010-09-12 03:11 . 2010-09-23 09:26 323840 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-09-12 02:52 . 2010-09-12 02:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Panda Security
2010-09-12 02:51 . 2010-09-12 02:51 -------- d-----w- c:\documents and settings\Admin\Application Data\SurfSecret Privacy Suite
2010-09-12 02:50 . 2010-09-12 02:50 -------- d-----w- c:\documents and settings\Admin\Application Data\pandasecuritytb
2010-09-12 02:50 . 2010-09-12 02:50 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-09-12 02:48 . 2010-09-12 02:50 -------- d-----w- c:\program files\Panda Security
2010-09-12 02:48 . 2010-09-12 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-09-12 01:00 . 2010-09-12 01:01 -------- d-----w- c:\program files\Common Files\Remote Control Software Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 02:39 . 2008-12-05 06:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Lavasoft
2010-09-28 01:27 . 2008-12-05 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-28 01:02 . 2008-12-06 17:28 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2010-09-28 01:01 . 2008-12-06 05:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-28 01:01 . 2008-12-06 17:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-27 17:37 . 2007-06-09 03:07 72688 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 02:46 . 2007-06-08 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-18 02:42 . 2007-06-08 23:52 -------- d-----w- c:\program files\MSBuild
2010-09-17 13:13 . 2009-02-21 20:16 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-09-14 12:55 . 2008-12-06 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 02:53 . 2008-12-06 05:37 -------- d-----w- c:\program files\CCleaner
2010-09-12 00:59 . 2007-12-21 05:24 -------- d-----w- c:\program files\Logitech
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\tcpip.sys
[-] 2006-12-28 . C5E8C53A50767F016B539D946ED8B121 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 19:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-27 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 17:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 18:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 02:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-07-20 16:22 32768 ----a-w- c:\windows\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- h:\program files\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-08 03:30 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amazon Download Agent"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
"LxrSII1s"=3 (0x3)
"LeapFrog Connect Device Service"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"wuauserv"=2 (0x2)
"BITS"=3 (0x3)
"ERSvc"=2 (0x2)
"NBService"=3 (0x3)
"MSIServer"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Electronic Arts\\Sports Car GT\\Spcar.exe"=
"h:\\Sports Car GT\\Spcar.exe"=
"h:\\Program Files\\Easyshare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [12/13/2008 3:25 AM 72672]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [6/8/2007 8:46 PM 815819]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [9/26/2008 11:53 PM 515803]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 1:35 AM 18560]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/20/2010 10:11 AM 401920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 04:00 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 04:57 38912 ----a-w- c:\vaio\vshellext.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cmicompany.com\mail
Trusted Zone: intuit.com\ttlc
Trusted Zone: mazdamotorsports.com\www
Trusted Zone: vanguard.com\personal
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\hge8xhz3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: h:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: h:\program files\DivX\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
Completion time: 2010-10-05 15:38:17
ComboFix-quarantined-files.txt 2010-10-05 19:38
ComboFix2.txt 2010-10-02 04:13

Pre-Run: 3,290,435,584 bytes free
Post-Run: 3,283,636,224 bytes free

- - End Of File - - 7879711A3AEC04321CA11623E1AA3115

 

[dmcrx7]

it appears to have put msconfig back in the qoobox

 

[Bobbye]

I read about users with Panda Security having this problem- it appears to be some kind of conflict. You can try replacing Panda with another antivirus program, then see if that handles the problem. Be sure to check the Panda site for instructions for uninstalling the program.

Download a new AV first> either of the following is good and free: Don't run it yet, save to the desktop:
Avira Free
Avast Home

Then download the Panda removal, save to desktop, don't run yet.

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run the Panda uninstall, including removing the program folder.
The run the new AV
Reboot the computer and then check the status.

 

[Bobbye]

Close due to inactivity