Log file check.

I'm concerned why i386 was in that folder, i386 is normally in the root of your C:\ drive.

Sure, i'll try to explain it in the most simple terms I can.

The first header part just lets me know the Combofix version, your OS, and if any command switches were used to run combofix, then shows it created a restore point should anything go wrong when it deletes files. (That's why it tells you 1 in 10 machines don't make it through a Combofix run)

The Other Deletions i'm sure is pretty obvious.

The newly created files part does just that, shows newly created file, this is helpful in such cases as Vundo like you had, in this case there weren't any leftovers, only the weird named files in your C:\ drive.

Then the Find3m report shows any modified files, this would show if any legit files were patched by malware, this sometimes happens in more extreme cases such as backdoor bots. (Then if any were patched, Combofix check files sizes and md5 codes)

Next, the registry check, Combofix look at non default registry entries, you had one non default, but the CFscript took that out. (Also shows stuff that runs at startup, but Hijack This does that anyway)

Last, catchme. Detects hidden rootkits or files hidden from our veiw.
Let me know how the machine is functioning.

ooo.. thanks alot! Belanzur!! that helped alot! is it if anything goes wrong with the computer, i can do this entire process again to clear problems? or is it that the CFScript must be changed everytime once used depending on the problems found in the log files? i386 appeared before i installed Service Pack 3 onto my Windows XP Service pack 2 so it came from the pack right?

Currently Computer's acting normal, no pop ups, no error message appearing at startup, explorer.exe appears normal, it kept on restarting itself before this.
but right now i have another question.

When i Insert a cd that contains files, the icons there was normal before i installed IE 7. But after i installed IE7, and after i i used it a while, when i insert a cd/dvd (game, software, etc) the icons, exe, cab, jpg, etc. every single file in the cd/dvd's icons changed to the IE7 Icon! if the extension is hidden u wouldn't know which file is which. every icon looks exactly like each other. the IE7 Shortcut Icon!
is this the work of viruses too? or isit the IE7's fault?

Belahzur is out on a holiday, so I will take over. The problem that occurs may vary due to the type of malware you are infected with so the script will change. If you are having any problems in future just post back with a new log and we will gladly help you. i386 is just a copy of a Windows Installation CD-ROM.

---

The IE 7 icon problem is related to the Shell Icon size. If you are using large icons in your shell and install IE 7, this problem appears.

You can test this by changing your shell icon size by right clicking on the desktop (in a blank area of course), select the Appearance Tab, Click the Effects... button, and uncheck Use Large Icons. Then go to the CD drive in Windows Explorer and observe that the bug goes away.

The "Use Large Icons" setting sets a registry key from 16 to 48. You can use regedit to set that key and one other to 47 so that you can have large icons and no bug when viewing your CD/DVD drive in Windows Explorer.

Change the following two registry keys in the code box 47 by going to Run >> regedit.



We recommend that you backup the registry before editing it, learn how to do it here.

WOOHOO!!! I DID WHAT U TOLD ME TO!!! AND YES!!! NO MORE BUGS!!!!

but sometimes the bug will go on and off... Sometimes it appears, sometimes it won't. will update you if it appears again!

THANK YOU!!!

Glad that we could help.

In order to prevent future malware attacks, please read below.

Upgrading Java

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

---

Use a Firewall

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Zonealarm here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

---

Delete\uninstall anything else that we have used

System Restore

Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

---

Other than that, your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.