Computer running very slowly. Logs posted...

Question

sebber 0 Newbie Poster

15 Years Ago

Hi all,

My PC, which was purchased brand new last year, has started to take a very long time to load up programs and tends to freeze when I click on a website link or program file. The PC has 3GB of Ram and has an Intel Core 2 Quad 2.40 GHZ processor. Until recently, it loaded up like lightning...

Bit of background: I use Registry Mechanic and think I may have accidentally deleted an important reg file whilst scanning with it...That's just my theory, though.

I also use Kaspersky 2010 and this helped resolved a very serious virus I encountered a couple of days after getting the PC.

I don't have many files loading up on startup, as I use CCleaner to manage my startup programs and processes.

I have posted here before (about the virus last year) and this forum was so important in me fixing the probs last time.The posters here were a massive help and I truly appreciate it. Fingers crossed we can get to the problem this time too!

Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 11/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SQplus - {CCF078EE-B071-4C40-9E57-F7B5962E8C95} - C:\Program Files\SeoQuake\SQplus.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.libproxy.dundee.ac.uk/lib/dundee/support/plugins/ebraryRdr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216127127671
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 10529 bytes

Malwarebytes' Anti-Malware 1.40
Database version: 2600
Windows 5.1.2600 Service Pack 3

11/08/2009 13:02:01
mbam-log-2009-08-11 (13-01-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219464
Time elapsed: 1 hour(s), 1 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\System32\THREED32.OCX (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\system32 (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\drivers (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\system32\THREED32.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\drivers\ndisplus.sys (Trojan.Agent) -> No action taken.

I have now REMOVED these with the "remove selected" option on the software...

ComboFix 09-08-10.06 - Paul 11/08/2009 13:23.2.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2640 [GMT 1:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\windows\Installer\156f19d.msi
c:\windows\Installer\15e4b27.msp
c:\windows\Installer\2ccd9e.msi
c:\windows\Installer\51603.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 12:13 . 2009-08-11 12:13 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:03 . 2009-08-09 19:03 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-08 17:41 . 2009-08-08 17:41 -------- d-----w- c:\documents and settings\Jenna\PrivacIE
2009-08-07 08:49 . 2009-08-09 19:16 -------- d-----w- c:\program files\Common Files\Real
2009-08-07 08:49 . 2009-08-07 08:49 -------- d-----w- c:\program files\Real
2009-08-05 17:25 . 2009-08-05 17:25 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-08-05 17:25 . 2009-08-05 17:25 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-08-05 17:25 . 2009-08-05 17:25 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-08-05 17:25 . 2009-08-05 17:25 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-08-05 17:25 . 2009-08-05 17:25 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-08-05 17:21 . 2009-08-05 17:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-31 20:59 . 2009-07-31 20:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-30 23:34 . 2009-07-30 23:35 -------- d-----w- c:\program files\Search Position Detective
2009-07-28 21:45 . 2009-07-28 21:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2009-07-26 20:41 . 2009-07-26 20:41 -------- d-----w- c:\program files\Clickbank Marketplace Product Detective
2009-07-23 21:41 . 2009-06-03 18:06 180224 ----a-w- c:\windows\system32\cnvshell.dll
2009-07-23 21:41 . 2009-07-23 21:45 -------- d-----w- c:\program files\ImageConverter Plus
2009-07-23 21:31 . 2009-07-23 21:38 -------- d-----w- c:\program files\Easy Graphic Converter
2009-07-21 23:09 . 2009-07-21 23:14 -------- d-----w- c:\program files\SeoQuake
2009-07-13 17:45 . 2009-07-13 17:45 -------- d-sh--w- c:\documents and settings\Jenna\IETldCache
2009-07-12 22:21 . 2009-07-12 22:21 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2009-07-12 22:20 . 2009-07-12 22:20 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2009-07-12 22:18 . 2009-07-12 22:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-12 22:18 . 2009-07-12 22:18 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2009-07-12 20:20 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-12 20:20 . 2009-07-12 20:20 -------- d-----w- c:\windows\ie8updates
2009-07-12 20:20 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-12 20:20 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 20:19 . 2009-07-12 20:20 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 12:35 . 2008-12-31 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-11 12:10 . 2008-07-24 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-11 10:55 . 2008-07-23 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 10:44 . 2008-07-15 11:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 19:18 . 2008-07-25 22:15 -------- d-----w- c:\documents and settings\Paul\Application Data\uTorrent
2009-08-10 19:03 . 2008-08-07 23:13 -------- d-----w- c:\documents and settings\Paul\Application Data\FileZilla
2009-08-05 17:05 . 2008-07-24 08:56 901152 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-05 17:05 . 2008-07-24 08:56 4160 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-05 17:05 . 2008-07-24 08:56 4035616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-05 17:05 . 2008-07-24 08:56 32608 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-05 17:01 . 2008-07-24 08:56 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-05 16:51 . 2008-07-24 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-04 22:43 . 2008-07-19 20:19 -------- d-----w- c:\documents and settings\Paul\Application Data\CopyToDvd
2009-08-04 22:43 . 2008-07-17 21:50 -------- d-----w- c:\documents and settings\Paul\Application Data\Vso
2009-08-03 18:28 . 2008-07-17 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-08-03 12:36 . 2008-07-23 18:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2008-07-23 18:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 20:17 . 2008-07-17 20:51 -------- d-----w- c:\documents and settings\Paul\Application Data\Azureus
2009-08-01 08:48 . 2008-08-16 08:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-15 13:37 . 2008-07-17 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 22:13 . 2009-06-06 20:30 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:48 . 2009-07-03 14:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 14:45 . 2009-07-03 14:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-30 23:43 . 2009-06-30 23:43 -------- d-----w- c:\program files\Google Goggles
2009-06-26 22:17 . 2009-06-26 22:16 -------- d-----w- c:\program files\SEO Elite 4
2009-06-25 15:47 . 2009-06-25 15:47 -------- d-----w- c:\documents and settings\Paul\Application Data\eMusic
2009-06-25 15:47 . 2009-06-25 15:47 -------- d-----w- c:\program files\eMusic Download Manager
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 13:01 . 2009-06-15 13:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 08:31 . 2008-07-23 17:53 75104 ----a-w- c:\documents and settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 14:13 . 2008-07-24 08:56 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 14:13 . 2008-07-24 08:56 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 18:30 . 2009-05-19 18:30 70984 ----a-w- c:\documents and settings\Paul\g2mdlhlpx.exe
2009-05-16 19:59 . 2009-05-16 19:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 16:46 . 2008-03-25 19:07 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-09-05 18:46 . 2008-08-16 12:17 88 --sh--r- c:\windows\system32\A87D422F17.sys
2008-09-05 18:46 . 2008-08-16 12:15 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [14/07/2008 17:50 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [14/07/2008 17:50 52224]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\Cyberlink\PowerDVD8\000.fcl [15/05/2008 12:07 61424]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISPLUS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\r989y04u.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 13:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-11 13:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 12:38
ComboFix2.txt 2008-07-23 10:34

Pre-Run: 53,734,227,968 bytes free
Post-Run: 53,741,219,840 bytes free

238 --- E O F --- 2009-07-31 17:00

--------------------------------------------

windows-virus

4 Contributors
20 Replies
389 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

kaninelupus 275 Practically a Posting Shark

15 Years Ago

Actually does look clean (anyone feel free to spot anything I've missed), so may well be related to recent registry clean-up. I know I don't simply trust a reg cleaner to start pulling reg-entries out, as this is one area of Windows not covered by system restore, meaning if you bugger it up, and haven't first backed up the registry (or specific thread thereof), good luck fixing the issue.

jholland1964 650 Posting Expert

15 Years Ago

#1. This is really a warning to ALL others who may be reading this thread; Never, ever use Combofix unless FIRST instructed to do so by a helper on a forum like this one. Combofix is NOT a "regular" clean up tool. It is a very specialized tool used only in extreme cases. If used incorrectly it can damage the computer.
While several of the files removed by Combofix point to infection, but several removed were from Smitfraudfix, which is a legitimate tool used for removal program for the Smitfraud infection. You must have had that program on your computer at some time. If you do still have it on the computer you can attempt to remove it, not sure if you will be able to do so since Combofix removed some of its files.

kaninelupus is correct concerning Registry Cleaners. Unless a person knows exactly what registry entries are being removed serious damage can be done to the computer in using them. My advice, NEVER use them. Cleaning a registry on a regular basis does nothing to speed the computer. There are literally thousands of registry entries on every computer, some are old dead entries, but they do nothing, take minimal space and are of no concern. Leave the registry alone. When there IS infection in the registry the use of a tool like MBA-M is THE way to go. It is designed to look for and find infections in the registry and remove them. I truly believe the argument used by an expert on another forum where I post concerning automated registry cleaners:

Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix.

Use that and you are likely going to remove a lot more than just that appendix. Leave them alone. Uninstall this program.

MBA-M actually was run somewhat incorrectly. The instructions are VERY clear, # Show Results to view the results.
# Be sure that everything is checked, and click Remove Selected.
# When MBA-M finishes, Notepad will open with the log. Reboot the computer There would be no need to run the scan, get the log, then run it again and fix. It should be all one operation. Since you did not give us the log received AFTER the fix I am not certain when it was run...before or after Combofix. The infections removed by Combofix could have been removed by MBA-M.

Run HiJackThis again and place check marks next to the following entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - (no file)
When the check marks are placed then click the Fix Checked button.
Exit HJT.
Your Java is way out of date and must be updated. To do this go HERE download the Offline Install file and save it to the desk top. Then go to Add/Remove and Uninstall ALL old versions of Java you find there. Once those are uninstalled then double click the install file on the desktop to install the new version. When the install is finished go back to the download page and on the right side click Verify Now to go to the verification page to check to be sure the install was complete.
Reboot the computer.
Run a new HJT scan and post that log back here.

jholland1964 650 Posting Expert

15 Years Ago

When exactly was it that you used System Restore? You likely wouldn't have had a good restore point. Some files were removed with Combofix.
Are you saying the crash happened AFTER removing those entries in HJT? Those were just empty entries, just housekeeping really.

jholland1964 650 Posting Expert

15 Years Ago

Honestly I am too. Especially with the System Restore and the Combofix. Let me see if I can get somebody else to take a look at this.

crunchie 990 Most Valuable Poster

15 Years Ago

Not only did you run combofix without being advised to do so, but you ran it twice :(.
Without being sure exactly what you have done with this pc, it is hard to say which way to go. I can suggest doing this first though;

Restore back to a much earlier time, then;

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.
Hopefully this will repair/replace corrupt/missing files.

Then see how the pc is running and let us know.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sebber 0 Newbie Poster · Answer 1 · 2009-08-11T20:24:11+00:00

Actually does look clean (anyone feel free to spot anything I've missed), so may well be related to recent registry clean-up. I know I don't simply trust a reg cleaner to start pulling reg-entries out, as this is one area of Windows not covered by system restore, meaning if you bugger it up, and haven't first backed up the registry (or specific thread thereof), good luck fixing the issue.

Thanks very much for looking at the logs....

Fortunately, I did keep backups of the registry logs. When restoring to the settings last Thursday (that was before Reg Mechanic delted 500+ entries), I did find that the load time was a lot quicker. It's still slow, though, so I feel something is configured wrong or missing...

Open to all suggestions!

sebber 0 Newbie Poster · Answer 2 · 2009-08-12T02:22:48+00:00

Thanks VERY much for the help, guys. Jholland1964, you have given very strong, indepth advice.

The PC was running a lot better, but has now crashed again and is "back to square one". So, I don't have access to another HiJackThis log until later. I'm typing this from my laptop.

I did follow your advice but, at a loss how to proceed after the problem reoccurring, I did a SYSTEM RESTORE to the state it was in earlier. FAR from perfect, but less lag.

How should I proceed now?

Should I just use Mal and HijackThis?

sebber 0 Newbie Poster · Answer 3 · 2009-08-12T03:07:04+00:00

I appreciate that the HJT cleanup was minor and think ComboFix may have screwed things up. I restored about two hours ago back to before using ComboFix, as I am still unsure what caused this problem in the first place.

I am genuinely at a loss how to proceed here. What would you recommend?

Thanks again...

sebber 0 Newbie Poster · Answer 4 · 2009-08-12T15:28:41+00:00

Not only did you run combofix without being advised to do so, but you ran it twice :(.
Without being sure exactly what you have done with this pc, it is hard to say which way to go. I can suggest doing this first though;
Restore back to a much earlier time, then;
Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.
Hopefully this will repair/replace corrupt/missing files.
Then see how the pc is running and let us know.

Thanks, Crunchie. I only used ComboFix once and I did so because it fixed the bulk of my probs last year. I am sorry about jumping right in. To be honest, though, the PC was running a little better after ComboFix and then it crashed out again...

I did run Mal-MB again and, upon reboot, the system is very slow. The Restore points also seem to be corrupted, as it won't let me restore to before last Friday.

Is there a quick way to resolve this by using the Windows XP disk or does it look like I'll have to restore the whole PC to factory settings?

Anything BUT that would be needed, but I guess I can backup all my files should my worst case scenario (whole reformat) present itself...

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2009-08-12T15:41:56+00:00

Combofix's log says that you did run it twice, or it was run twice on that pc.

Try the sfc /scannow as posted above.

kaninelupus 275 Practically a Posting Shark · Answer 6 · 2009-08-12T16:06:41+00:00

To be honest, it sounds like so many misguided attempts at self-fixing that may well be better to back-up files (to a location isolated from any valuable files till can be safely scanned) and starting over.

You could use the Windows Repair method, but with XP, each service pack broke a number of software apps, and restoring say an XP SP2-3, back to an earlier state can stuff-up some software installations. In all honesty, sometimes a "repair" can be more work than a fresh install.

sebber 0 Newbie Poster · Answer 7 · 2009-08-12T16:16:20+00:00

Yeah, I did screw up. I'll try the sfc / scannow fix first and see if that has a decent outcome. If nothing good comes of it, I'll backup my important files then reformat....

I'm starting to think that reformatting is the way to go now...

sebber 0 Newbie Poster · Answer 8 · 2009-08-12T16:21:33+00:00

You could use the Windows Repair method, but with XP, each service pack broke a number of software apps, and restoring say an XP SP2-3, back to an earlier state can stuff-up some software installations. In all honesty, sometimes a "repair" can be more work than a fresh install.

Do you think it would be ok to TRY this before reformatting? In other words, do you think it would be possible for me to try this as a last resort?

kaninelupus 275 Practically a Posting Shark · Answer 9 · 2009-08-12T16:53:40+00:00

I'd be at least backing-up ALL important files (again, to isolated location), before attempting a Repair. Reason being that if too much damage has been done with all these repair attempts, of if reverting Windows itself to original install state (ie, leaving applications in their current, patched/updated for service-pack state) causes a major crash, at least you are sitting pretty in that all that important data is safe and sound.

In the end, you have to evaluate what is more time consuming. Even in my own case, having been around computers for a 1/4 of a century, if my own machines are seriously hit, or a driver failure causes instability issues (happened a couple of months back with a failure of the TurboCache drivers), the first thing I always consider is what is going to cost me more time - fixing or re-installing? Whatever is more time efficient is the one that wins out every time.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 10 · 2009-08-12T18:34:00+00:00

Thanks, Crunchie. I only used ComboFix once and I did so because it fixed the bulk of my probs last year.

There is the problem to begin with...once it was used LAST year then it should have been Uninstalled and not left on the machine. As I stated earlier, this should be considered a "last ditch" program for use really when other steps either do not work at all or one where normal clean up doesn't do it completely, and not one to use for "ordinary" clean up of infections. With what it appears you had on the computer the standard running of MBA-M in normal mode, one or two online scans and then HJT probably would have done it, along with a final clean up of unnecessary starts. Added to the "mix" is your use of the Registry Mechanic program which likely has caused additional problems.
Do the repair using your XP disk as Crunchie has given directions for, at least this is the way I would begin, rather than a full reformat. That should leave most of your personal items intact. You probably will have to run Windows updates again to bring the computer back up to date. Try all that and let us know how it goes. If it doesn't go well you do have the option of the full reformat.

sebber 0 Newbie Poster · Answer 11 · 2009-08-13T01:29:53+00:00

I am backing up just now. Been 8 hours already and not even half of my 300 GB of Documents have been fully backed up. The PC is unbelievably slow just now, so will do a full reformat and let you know.

For the reformat, I have the original XP disc, Samsung PC studio and a graphics driver.

Are there any other drivers that seem to be missing?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2009-08-13T01:49:26+00:00

I am backing up just now. Been 8 hours already and not even half of my 300 GB of Documents have been fully backed up. The PC is unbelievably slow just now, so will do a full reformat and let you know.
For the reformat, I have the original XP disc, Samsung PC studio and a graphics driver.
Are there any other drivers that seem to be missing?

Take a look on both the XP disk and that Samsung disk, it is possible they contain drivers.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2009-08-13T02:35:49+00:00

Get yourself another hard drive to store your documents on for next time.

sebber 0 Newbie Poster · Answer 14 · 2009-08-14T05:00:37+00:00

Bit of an update:

Backed up my important files and have done a complete reformat.

PC is back to normal, EXCEPT I get the following msg when I start up now:

Pri Master hard disk: S.M.A.R.T Status BAD,Backup and Replace

Obviously something went badly wrong with the PC and this is the first and hopefully last Hard Drive I have had fail on me. I guess, even though the PC is only 13 months, the two viruses really took their toll...

I know now that the Drive could die at any time, so will just buy a new one asap to save further stress.

It was a 500 GB Sata II drive. Would any other Sata II drive suffice? Was thinking of upgrading to 1.5 TB...I know this is more of a hardware question, but was wondering whether anyone could share that info...

Thanks for assisting me in this thread. I really appreciate the efforts...

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2009-08-14T05:42:18+00:00

Any Sata II will suffice. You could also get the hard drive checker from the HD manufacturers site and see what it comes up with.

Computer running *very* slowly. Logs posted...

Computer running very slowly. Logs posted...