Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater · 2009/05/31

everything seems to be working like it was and the iPhone icon is finally gone, thank you so much for your time i extremely appreciate it and once again sorry for the late response.

ComboFix 09-05-25.05 - Chris R 05/25/2009 22:59.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2519 [GMT -5:00]
Running from: c:\documents and settings\Chris R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris R\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 00:57 . 2009-05-26 04:01 24201248 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-26 00:23 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2D776DC1-C6D7-43EC-9974-B38C57D33612}\mpengine.dll
2009-05-24 23:54 . 2009-05-24 23:54 -------- d-----w c:\program files\WOT
2009-05-24 23:37 . 2009-05-26 00:57 -------- d-----w c:\windows\LastGood
2009-05-24 22:46 . 2009-05-24 22:46 -------- d-sh--w c:\documents and settings\Chris R\IECompatCache
2009-05-22 01:02 . 2009-05-22 01:02 -------- d-sh--w c:\documents and settings\Chris R\PrivacIE
2009-05-21 23:25 . 2009-05-21 23:25 -------- d-sh--w c:\documents and settings\Chris R\IETldCache
2009-05-21 23:12 . 2009-05-21 23:12 -------- d-----w C:\f488d37fe5dc22d4f01a779b76
2009-05-21 23:08 . 2009-05-21 23:08 -------- d-----w c:\windows\ie8updates
2009-05-21 23:08 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-21 23:08 . 2009-05-21 23:08 -------- dc-h--w c:\windows\ie8
2009-05-19 23:10 . 2009-05-11 23:22 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 23:10 . 2009-05-11 23:22 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 23:10 . 2009-05-11 23:22 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 23:10 . 2009-05-11 23:22 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 23:10 . 2009-05-11 23:22 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 23:10 . 2009-05-11 23:22 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 23:10 . 2009-05-11 23:22 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 23:10 . 2009-05-10 14:27 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 23:10 . 2009-05-10 14:27 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-17 10:04 . 2009-05-17 10:04 -------- d-----w c:\documents and settings\Chris R\Application Data\Malwarebytes
2009-05-17 10:04 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 10:03 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 10:03 . 2009-05-17 10:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 10:03 . 2009-05-17 10:03 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 08:10 . 2009-05-17 09:50 117760 ----a-w c:\documents and settings\Chris R\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-17 08:10 . 2009-05-17 08:10 -------- d-----w c:\documents and settings\Chris R\Application Data\SUPERAntiSpyware.com
2009-05-15 22:24 . 2009-05-11 23:22 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 22:24 . 2009-05-11 23:22 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-12 00:16 . 2009-05-12 00:16 10121 ----a-w c:\documents and settings\Chris R\Application Data\AVS4YOU\kern.dll
2009-05-12 00:16 . 2009-05-12 00:16 422 ----a-w c:\documents and settings\Chris R\Application Data\AdobeUM\socks1.exe
2009-05-12 00:16 . 2009-05-12 00:16 16141 ----a-w c:\documents and settings\Chris R\Application Data\Apple Computer\lego.exe
2009-05-12 00:16 . 2009-05-12 00:16 145131 ----a-w c:\documents and settings\Chris R\Application Data\Ahead\nomad.exe
2009-05-12 00:16 . 2009-05-12 00:16 13221 ----a-w c:\documents and settings\Chris R\Application Data\Adobe\rengo.dll
2009-05-12 00:16 . 2009-05-12 00:16 11410 ----a-w c:\documents and settings\Chris R\Application Data\ATI MMC\msgdi.dll
2009-05-12 00:16 . 2009-05-12 00:16 11232 ----a-w c:\documents and settings\Chris R\Application Data\acccore\shalom.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 00:57 . 2009-05-26 00:57 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-26 00:57 . 2007-08-20 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-21 23:27 . 2006-05-17 23:52 21648 ----a-w c:\documents and settings\Chris R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 22:42 . 2008-10-13 06:33 -------- d-----w c:\program files\iTunes
2009-05-18 00:20 . 2005-01-14 07:52 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-17 22:39 . 2008-12-19 03:40 -------- d-----w c:\program files\trend micro
2009-05-17 08:09 . 2008-06-23 05:20 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-11 23:22 . 2008-06-23 04:19 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 23:22 . 2008-06-23 04:19 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 23:22 . 2007-06-29 02:51 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 23:22 . 2008-06-23 04:19 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 18:06 . 2006-06-13 00:59 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-22 21:01 . 2009-04-22 21:01 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-19 05:46 . 2009-04-19 05:46 -------- d-----w c:\program files\Windows Resource Kits
2009-04-10 04:21 . 2009-04-10 04:21 57344 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-53c7a249-n\Decora-SSE.dll
2009-04-10 04:21 . 2009-04-10 04:21 24064 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3d730fed-n\Decora-D3D.dll
2009-04-10 04:21 . 2009-04-10 04:21 315392 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl.dll
2009-04-10 04:21 . 2009-04-10 04:21 20480 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl_awt.dll
2009-04-10 04:21 . 2009-04-10 04:21 20480 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-547cf855-n\gluegen-rt.dll
2009-04-10 04:21 . 2009-04-10 04:21 114688 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-338ca1f4-n\jogl_cg.dll
2009-04-10 04:21 . 2009-04-10 04:21 499712 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\msvcp71.dll
2009-04-10 04:21 . 2009-04-10 04:21 499712 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\jmc.dll
2009-04-10 04:21 . 2009-04-10 04:21 348160 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-191d2da3-n\msvcr71.dll
2009-04-10 04:21 . 2009-04-10 04:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-10 04:21 . 2006-05-29 10:29 -------- d-----w c:\program files\Java
2009-04-10 04:20 . 2009-04-10 04:20 152576 ----a-w c:\documents and settings\Chris R\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 01:07 . 2006-05-17 23:53 -------- d-----w c:\documents and settings\Chris R\Application Data\ATI MMC
2009-03-30 01:07 . 2006-05-17 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2008-12-12 13:23 . 2008-10-02 05:02 144 --sha-w c:\windows\system32\3559006152.dat
.

------- Sigcheck -------

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-11-01 57344]
"ATI Scheduler "= "c:\program files\ATI Multimedia\MAIN\ATISched.EXE" [2006-11-01 26624]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "= "c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-08 344064]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-21 245760]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"COMODO Firewall Pro "= "c:\program files\Comodo\Firewall\CPF.exe" [2007-08-21 1115728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"TV Card Remote Control Device Monitor "= "c:\windows\3xHybridRMT.exe" [2008-03-17 466944]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"CTHelper "= "CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp "= "CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2006-12-12 20480]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Chris R\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-31 3450608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 23:22 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"%windir%\\system32\\drivers\\svchost.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26860:TCP "= 26860:TCP:BitComet 26860 TCP
"26860:UDP "= 26860:UDP:BitComet 26860 UDP
"86:TCP "= 86:TCP:BroadCam Web Server

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [5/17/2006 7:31 PM 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [5/17/2006 7:31 PM 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/22/2008 11:19 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/22/2008 11:19 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 10:15 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 10:15 PM 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [7/21/2008 7:26 PM 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [5/17/2006 7:31 PM 26752]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [7/21/2008 6:45 PM 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [7/21/2008 6:47 PM 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6/21/2008 11:19 PM 16512]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/17/2008 12:37 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/17/2008 12:37 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [8/15/2008 8:53 PM 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS-KHAB5DRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://e:\cdviewer\CdViewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 23:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1220945662-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F54A762-033B-B561-FAA0-DBF8F61A264D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapnckdeapmpobhhmd "=hex:6a,61,6d,6c,66,69,6c,6f,70,70,6f,64,68,6b,66,6c,6a,6a,
6b,6a,00,00
"habbmledjkgjgfgb "=hex:6a,61,6d,6c,66,69,6c,6f,70,70,6f,64,68,6b,66,6c,6a,6a,
6b,6a,00,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,3b,a9,8a,23,4d,
09,f6,b9,c8,28,51,af,b0,29,a3,98,ac,02,e8,23,a0,8f,60,c9,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:71,3b,04,66,8b,46,0d,96,93,d6,89,62,41,
16,12,a0,71,3b,04,66,8b,46,0d,96,cd,ad,00,12,be,7a,69,7b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,ad,36,c9,d4,30,
53,fb,f7,25,da,ec,7e,55,20,c9,26,fe,ad,6b,7c,04,97,22,11,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:3e,1e,9e,e0,57,5a,93,61,1d,e0,0e,55,2f,
70,2a,cc,3e,1e,9e,e0,57,5a,93,61,4f,b3,66,b8,50,10,eb,2c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:cd,44,cd,b9,a6,33,6c,cd,aa,1e,a4,a9,73,
bf,e3,25,cd,44,cd,b9,a6,33,6c,cd,cd,70,0d,6b,dc,bc,85,e0,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:50,93,e5,ab,ec,6a,4e,ab,e8,da,cf,f5,35,
cf,53,ed,b0,18,ed,a7,3f,8d,37,a4,14,32,2b,2b,f1,11,ad,ee,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:31,77,e1,ba,b1,f8,68,02,6e,96,77,7b,7d,
3a,72,69,31,77,e1,ba,b1,f8,68,02,22,52,48,97,cb,9e,df,d4,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:01,3a,48,fc,e8,04,4a,f1,d9,d1,eb,2c,22,
5e,7d,cb,83,6c,56,8b,a0,85,96,ab,a2,17,bf,45,dc,d8,59,ba,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,ba,9d,31,92,ff,
8a,16,da,51,fa,6e,91,28,9e,14,cc,00,75,87,61,b2,dc,39,20,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:3d,ce,ea,26,2d,45,aa,78,65,ce,ae,78,69,
f3,2c,88,b1,cd,45,5a,a8,c4,f8,b9,3a,2b,12,c6,54,14,c2,ad,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:f8,31,0f,a9,5f,a0,ec,fb,19,3d,60,dc,64,
dd,e0,22,e3,0e,66,d5,eb,bc,2f,6b,72,a2,91,0d,01,d2,01,95,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:05,73,21,dd,54,d8,4a,c5,c0,5d,f4,c0,63,
97,dc,f0,fa,ea,66,7f,d4,3b,6b,70,c6,a6,c3,5c,cf,71,f7,55,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(30008)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-26 23:03
ComboFix-quarantined-files.txt 2009-05-26 04:03
ComboFix2.txt 2009-05-26 02:36

Pre-Run: 41,939,767,296 bytes free
Post-Run: 41,957,421,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

305 --- E O F --- 2009-05-26 00:23

broni · 2009/05/31

You're very welcome

Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

When done.....

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

I'll mark this thread as resolved...

Log in or Sign up

Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Blue Screen Reboot, Slowed Internet, Iphone Shortcut

bronskater Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches