Slow Laptop

whatatwit

Alienrik, I'm trying to run Combofix, but it wants me to disable some of my AVG & my Spybot......how do I do this
I really am rather dim sort of the Arnold Rimmer of the board when it comes to Techie stuff.

aliEnRIK

Turn AVG resident shield off
http://www.avg.com/faq.keyw-disable%2Bavg.num-1209


Turn off Spybots 'TEA TIMER' mode ~
Open Spybot
Change Mode (Top) to ADVANCED
Select TOOLS then RESIDENT
UNTICK 'Resident TEA TIMER' (Leave 'SD Helper' TICKED)

Id actually recommend leaving teatimer turned off as it tends to be more of a hindrance than of actual help

whatatwit

This is the log from Combofix
First bit,
ComboFix 09-05-17.08 - Carolyn 18/05/2009 19:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1112 [GMT 1:00]
Running from: c:\users\Carolyn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SpywareBot *disabled* (Updated) {9AE64A16-E498-408A-89B7-D5084F4A1212}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Now, the next bit appears to be from the re-cycle bin do you need me to post all of this?

I will post the next bit.

whatatwit

Here's the next bit.

((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 14:13 . 2009-05-18 14:13

---

d

---

w c:\program files\Trend Micro
2009-05-16 14:22 . 2009-05-16 14:22

---

d

---

w c:\users\Carolyn\AppData\Local\Microsoft Help
2009-05-14 19:32 . 2009-05-14 19:32

---

d

---

w c:\users\Public\HMRC
2009-05-14 19:28 . 2009-05-14 19:28

---

d

---

w c:\program files\HMRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 07:05 . 2008-10-25 20:52

---

d

---

w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 20:47 . 2007-12-12 22:11 2598 ----a-w c:\users\Carolyn\AppData\Roaming\wklnhst.dat
2009-05-16 11:41 . 2008-01-08 15:02

---

d

---

w c:\program files\Lx_cats
2009-05-14 08:02 . 2006-11-02 11:18

---

d

---

w c:\program files\Windows Mail
2009-05-11 07:00 . 2008-07-10 15:48 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 07:00 . 2008-07-10 15:48 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 07:00 . 2009-01-31 10:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-06 14:32 . 2008-10-25 20:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-10-25 20:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-17 03:16 . 2009-04-16 10:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 10:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 10:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 10:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 10:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 10:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 10:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 10:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 10:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 10:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 10:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 10:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 10:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 10:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 10:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 10:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 10:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-22 16:37 . 2009-02-22 16:37 266240 ----a-w c:\windows\system32\CSHelper.exe
2009-02-22 16:37 . 2009-02-22 16:37 225280 ----a-w c:\windows\system32\CSInstru.DLL
2008-12-13 12:34 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"HostManager"="c:\program files\Common Files\AOL\1200566682\ee\AOLSoftware.exe" [2006-11-14 50736]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\users\bec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

whatatwit

A bit more.....

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C7E26FB3-618D-4683-817B-E814924CCBE6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4623A832-5A7A-4CF1-9B39-5C975B728009}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6418038F-B277-4D7F-A96A-13F43228AA03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{968B8950-0510-4195-8709-9494AD7055C4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A09A5013-ECBB-4905-A25D-749BA7FD1F99}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{7521D7BA-9B45-4C4F-BE82-FEEFAF87490D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{CAE86758-0855-453B-951E-8B17CAB88931}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{7E8CBB8A-990B-4743-BF15-1951F23BF8C9}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{0D2BBBE1-D88C-4953-9258-99224A36E3E0}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{962CFD3A-05BA-4125-B1C5-8A3BE05F3D35}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{18988B78-846A-47CE-9ED4-C8664AF9A5FC}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{B52D8A73-BE12-47A1-867A-404CB1940731}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{8F800E55-179E-462E-AD40-CECB8E7E06B7}"= Disabled:UDP:135:TCP Port 135
"{34556388-73E8-4A94-AB57-4647DC5B93E5}"= Disabled:UDP:5000:TCP Port 5000
"{AE78C2AA-2648-4307-9E79-AE4ADCA98F91}"= Disabled:UDP:5001:TCP Port 5001
"{31BBEC47-29F1-4A29-B7A8-ECEC91BFEBAF}"= Disabled:UDP:5002:TCP Port 5002
"{62EA219B-4789-419C-B1DE-6FB596DF8DAA}"= Disabled:UDP:5003:TCP Port 5003
"{20686B29-270F-453F-A61D-469E269CA21A}"= Disabled:UDP:5004:TCP Port 5004
"{F2FB2980-9311-460E-8911-90C5E79A142E}"= Disabled:UDP:5005:TCP Port 5005
"{FDBDFB49-696F-4607-AE6C-06237D9DE52F}"= Disabled:UDP:5006:TCP Port 5006
"{3000D69F-2F7D-4149-B5FC-AB07B880F597}"= Disabled:UDP:5007:TCP Port 5007
"{30214558-AC6D-4D42-8C2F-21FD832F0323}"= Disabled:UDP:5008:TCP Port 5008
"{F72923B0-678C-4C4F-88CF-7C991BA33853}"= Disabled:UDP:5009:TCP Port 5009
"{77E0445A-44C4-4AB8-8A80-4199A93F09BA}"= Disabled:UDP:5010:TCP Port 5010
"{31A2EB1C-4CEA-4BDF-BE92-43EE2598132E}"= Disabled:UDP:5011:TCP Port 5011
"{98422AAE-0215-4D30-911A-FFEE5D8C9B58}"= Disabled:UDP:5012:TCP Port 5012
"{4EB11268-872C-4E16-93F2-73497DF3A1BD}"= Disabled:UDP:5013:TCP Port 5013
"{0BE8024F-0484-4B2D-AC52-CB534DEFE543}"= Disabled:UDP:5014:TCP Port 5014
"{56019887-D04E-46BA-B3B7-3AFB58B04B1E}"= Disabled:UDP:5015:TCP Port 5015
"{6D4759DF-3EAA-4220-910D-4DF4CB97FFF6}"= Disabled:UDP:5016:TCP Port 5016
"{31BAD0AA-6809-4A8A-A35D-486F27AA0CFA}"= Disabled:UDP:5017:TCP Port 5017
"{3D327870-3F99-4B68-9C6B-0990BE604A29}"= Disabled:UDP:5018:TCP Port 5018
"{44496A17-A638-42CA-AD71-3E9739A1D7FB}"= Disabled:UDP:5019:TCP Port 5019
"{6A0ABD2A-F677-4E6C-B3D6-C3F531408AF2}"= Disabled:UDP:5020:TCP Port 5020
"{F0466DB4-4AFC-43A2-A4F8-802AF99CB29D}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{628FFBFE-2C37-44B0-B902-A93EB4E3629A}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{16991F89-5D35-40B5-AAE2-0CE58F82FF3F}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{4CF45D09-7EAB-4390-9EC0-15AFDD058D11}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{20D20F5B-4C7A-4B4E-83D5-C7C7DDDB6C3C}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{51D1B067-5031-44FC-B2E7-B63EE44392C3}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{FD7B56EE-81B0-4FCD-B7B7-61AE1C28CC99}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6D56F122-3632-4D34-A937-BBE02841AFBA}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5DDCF860-8061-492F-AF8C-3E87E0504ABC}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{2D6BB2DB-458F-430E-9B1D-6C430D2B75B0}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{BB750FDA-7EDD-46AF-93E5-6FC567AA2052}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{FA5C19F0-C8AE-4956-8E5F-7E31B2BC6C61}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{AF7A1841-29FA-46B5-851C-53355182EFED}"= UDP:c:\program files\Common Files\aol\1200566682\ee\aolsoftware.exe:AOL Shared Components
"{666302D1-596E-4333-902C-F6619084C83C}"= TCP:c:\program files\Common Files\aol\1200566682\ee\aolsoftware.exe:AOL Shared Components
"{3DD112E4-0AC4-4EA0-8419-C1C37449A829}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2B2B103-2B53-43CF-91E6-C6D7E26130F8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{85E12146-1328-450B-9842-B9C2A26085D1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3E53BEC-6F88-4EBE-B050-BF89B7A708AC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D7E33A9-ED28-4204-9ABE-CF0F2FFA67B0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00CD06E4-859F-4EA0-B039-2C9CD6DE1F16}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{60A0744C-96D0-425B-9119-0710A90DDE6E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{991CCE37-59A9-465F-9A7C-309A0C3CBC59}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8A8E3130-B281-41A6-A2C1-01D6D11CEA46}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/07/2008 16:48 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31/01/2009 11:42 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/07/2008 16:48 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/07/2008 16:48 298776]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [22/02/2009 17:37 266240]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/01/2008 23:04 600912]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 15:01 14848]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{460B0A45-45F7-44BB-9B13-FEAA16346FF8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-HWSetup - \HWSetup.exe


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\xocffcbg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 19:26
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????[W ????8?9?`?9???9???9??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-18 19:28
ComboFix-quarantined-files.txt 2009-05-18 18:28

Pre-Run: 25,069,195,264 bytes free
Post-Run: 27,387,748,352 bytes free

5467 --- E O F --- 2009-05-18 05:32

whatatwit

So, there it is.

Any suggestions.

aliEnRIK

whatatwit wrote: »

This is the log from Combofix
First bit,
ComboFix 09-05-17.08 - Carolyn 18/05/2009 19:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1112 [GMT 1:00]
Running from: c:\users\Carolyn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SpywareBot *disabled* (Updated) {9AE64A16-E498-408A-89B7-D5084F4A1212}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Now, the next bit appears to be from the re-cycle bin do you need me to post all of this?

I will post the next bit.

Was there anything UNDER the 'other deletions' bit? (Aside from what youve already posted)
And ive no clue what u ment by the recyle bin bit

aliEnRIK

With the log you HAVE provided, it looks clean

If you wish to have a double check (I would) id suggest an online KASPERSKY scan ~
run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates (This only SCANS it DOESNT delete anything, so id need to see anything it finds)

whatatwit

aliEnRIK wrote: »

Was there anything UNDER the 'other deletions' bit? (Aside from what youve already posted)
And ive no clue what u ment by the recyle bin bit

Sorry.....this is what was under the 'other deletions' There is pages and pages of it.
c:\$recycle.bin\S-1-5-18\$I0XKKTJ.mst
c:\$recycle.bin\S-1-5-18\$I0XMWUW.exe
c:\$recycle.bin\S-1-5-18\$I0X!!!P
c:\$recycle.bin\S-1-5-18\$I0XS31Z.txt

aliEnRIK

Is there anything OTHER than the recycle bin in the mega log? If so please post them

then before you run the kaspersky scan (IF you do) ~
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)