i think my computer has a virus

[876543219]

Hello i tried to download it but it said that i couldn't rename it while it was downloading i didn't try to rename it could you send me another link to download it i found alot of sights were i could of downloaded it at but non looked trust worthy

[evilfantasy]

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

[876543219]

here's the combofix log while it was running it said couldn't find file mircdb.exe


ComboFix 09-09-03.02 - Administrator 09/03/2009 13:33.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.313 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.ele.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\S-1-5-21-299502267-688789844-1606980848-500
c:\windows\system32\llbiirc.dll

.
(((((((((((((((((((((((((   Files Created from 2009-08-03 to 2009-09-03  )))))))))))))))))))))))))))))))
.

2009-09-02 23:56 . 2009-09-02 23:56   --------   d-----w-   c:\program files\Icegiant Software
2009-09-02 23:54 . 2009-09-02 23:54   --------   dc----w-   C:\_ok2delete
2009-09-02 23:41 . 2009-09-02 23:41   --------   dc----w-   c:\documents and settings\Administrator\Application Data\FastStone
2009-09-02 23:41 . 2009-09-02 23:41   --------   d-----w-   c:\program files\FastStone Photo Resizer
2009-09-02 07:33 . 2009-09-02 07:33   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-02 07:33 . 2009-08-03 12:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 07:33 . 2009-09-02 07:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-02 07:33 . 2009-09-02 07:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-02 07:33 . 2009-08-03 12:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-02 05:32 . 2009-09-02 05:32   --------   dc----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-02 05:31 . 2009-09-02 05:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-09-02 05:17 . 2009-09-02 05:17   --------   d-----w-   c:\program files\CCleaner
2009-09-02 05:16 . 2009-03-30 09:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2009-09-02 05:16 . 2009-02-13 11:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2009-09-02 05:16 . 2009-02-13 11:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2009-09-02 05:16 . 2009-09-02 05:16   --------   d-----w-   c:\program files\Avira
2009-09-02 05:16 . 2009-09-02 05:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2009-09-02 01:44 . 2009-09-02 01:46   --------   d-----w-   c:\program files\Common Files\Adobe
2009-09-02 01:42 . 2009-09-02 01:42   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-09-01 04:51 . 2009-09-03 00:40   --------   d-----w-   c:\program files\Norton AntiVirus
2009-08-31 14:41 . 2009-07-28 15:33   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-08-31 14:16 . 2009-08-31 14:16   --------   dc----w-   c:\documents and settings\Administrator\Application Data\AVG8
2009-08-31 03:06 . 2009-03-19 15:32   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-31 03:06 . 2008-04-17 11:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-08-31 03:05 . 2009-08-31 03:05   --------   d-----w-   c:\program files\iPod
2009-08-31 03:04 . 2009-08-31 03:06   --------   d-----w-   c:\program files\iTunes
2009-08-31 03:02 . 2009-08-31 03:03   --------   d-----w-   c:\program files\QuickTime
2009-08-31 02:51 . 2009-08-31 02:51   --------   d-----w-   c:\program files\Real
2009-08-31 02:44 . 2009-08-31 02:44   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2009-08-31 02:42 . 2009-08-31 02:42   --------   d-----w-   c:\program files\Winamp Toolbar
2009-08-31 02:42 . 2009-08-31 02:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-08-31 02:41 . 2009-08-31 02:44   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Winamp
2009-08-31 02:41 . 2009-08-31 02:42   --------   d-----w-   c:\program files\Winamp
2009-08-31 01:53 . 2009-08-31 02:51   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2009-08-31 01:53 . 2009-08-31 02:51   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-08-31 00:25 . 2009-08-31 00:25   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Symantec
2009-08-31 00:08 . 2009-08-31 00:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\NortonSystemWorks
2009-08-30 22:00 . 2009-08-30 22:00   53   ----a-w-   c:\windows\DelToolbox.bat
2009-08-29 03:43 . 2009-08-31 00:25   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\windows\system32\XPSViewer
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\program files\MSBuild
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-29 02:06 . 2008-07-06 12:06   89088   ------w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-29 02:06 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-08-29 02:06 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-29 02:06 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-08-29 02:06 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-29 02:06 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-08-29 02:06 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-08-29 02:06 . 2009-08-29 02:07   --------   dc----w-   C:\128bfc075b3ea45d3a1213
2009-08-27 04:56 . 2009-08-27 04:56   --------   d-----w-   c:\documents and settings\Guest\Local Settings\Application Data\Help
2009-08-25 04:46 . 2009-08-25 04:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\QXOQNGQAYG
2009-08-25 04:46 . 2009-08-25 04:48   --------   d-----w-   c:\program files\BadgeHelp
2009-08-22 13:44 . 2009-08-22 13:44   --------   d-----w-   c:\program files\Common Files\eSellerate
2009-08-22 13:43 . 2009-08-30 07:37   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 07:28 . 2009-08-12 07:29   --------   d-----w-   c:\program files\CheckerBoard

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 07:26 . 2009-09-03 07:25   --------   d-----w-   c:\program files\DivX
2009-09-03 07:25 . 2009-09-03 07:25   --------   d-----w-   c:\program files\Common Files\DivX Shared
2009-09-03 00:40 . 2009-07-02 15:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-09-03 00:26 . 2009-04-19 01:17   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-09-02 23:56 . 2009-04-19 00:19   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-02 23:55 . 2009-04-19 00:15   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-09-02 22:34 . 2009-05-27 06:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-09-02 05:32 . 2009-05-21 13:34   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-08-31 03:01 . 2009-04-19 01:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-31 02:54 . 2009-07-05 14:32   --------   d-----w-   c:\program files\Common Files\Real
2009-08-31 00:25 . 2009-07-04 23:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2009-08-30 23:49 . 2009-06-29 14:24   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2009-08-30 22:26 . 2009-05-14 21:16   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-08-30 21:59 . 2009-06-30 02:08   --------   d-----w-   c:\program files\ffdshow
2009-08-30 21:48 . 2009-04-19 02:03   --------   d-----w-   c:\program files\Google
2009-08-30 21:19 . 2009-04-19 01:01   --------   d-----w-   c:\program files\Common Files\Apple
2009-08-29 03:40 . 2009-04-29 01:45   14056   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-29 05:41 . 2009-07-29 05:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-29 05:37 . 2009-05-24 01:30   --------   d-----w-   c:\program files\AVG
2009-07-21 06:38 . 2009-07-21 06:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-07-21 06:31 . 2009-07-21 06:31   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-07-21 06:31 . 2009-07-21 06:31   --------   dc----w-   c:\documents and settings\Administrator\Application Data\skypePM
2009-07-21 06:14 . 2009-07-21 06:11   --------   d-----w-   c:\program files\Graboid
2009-07-21 06:12 . 2009-07-21 06:12   --------   dc----w-   c:\documents and settings\Administrator\Application Data\MozillaControl
2009-07-21 04:28 . 2009-06-30 01:42   --------   dc----w-   c:\documents and settings\Administrator\Application Data\dvdcss
2009-07-08 09:16 . 2009-07-08 07:32   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Move Networks
2009-07-08 09:13 . 2009-07-08 09:11   --------   d-----w-   c:\program files\MediaMonkey
2009-07-08 09:13 . 2009-07-08 09:13   --------   dc----w-   c:\documents and settings\Administrator\Application Data\J River
2009-07-08 09:01 . 2009-07-08 09:01   --------   d-----w-   c:\program files\J River
2009-07-06 22:39 . 2009-07-06 04:55   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-07-05 15:02 . 2009-05-14 21:16   --------   d-----w-   c:\program files\Java
2009-07-05 14:32 . 2009-07-05 14:32   --------   d-----w-   c:\program files\Common Files\xing shared
2009-06-28 20:00 . 2009-04-30 17:41   12720   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 01:57 . 2009-06-30 01:41   45056   -c--a-w-   c:\windows\system32\WNASPI32.DLL
2009-06-18 01:57 . 2009-06-30 01:41   16512   ----a-w-   c:\windows\system32\drivers\ASPI32.SYS
2009-06-16 14:36 . 2008-05-03 12:00   81920   ------w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-03 12:00   119808   ------w-   c:\windows\system32\t2embed.dll
2009-06-07 22:43 . 2009-06-07 22:43   0   ----a-w-   c:\windows\nsreg.dat
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-03-21 1695232]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-31 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-31 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/2/2009 6:16 AM 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 gupdate1c9c1374ac7f430;Google Update Service (gupdate1c9c1374ac7f430);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 10:39 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:39]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-113007714-2147160587-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 02:30]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-113007714-2147160587-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 02:30]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{737E7CF6-2941-413F-9E5E-45B9A0617E3F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7mb3t0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7mb3t0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-113007714-2147160587-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d2,c5,08,dc,d1,59,40,93,9c,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,40,7a,aa,5d,88,8c,4b,b2,c1,95,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-09-03 13:45
ComboFix-quarantined-files.txt  2009-09-03 12:44

Pre-Run: 2,696,073,216 bytes free
Post-Run: 3,406,921,728 bytes free

269   --- E O F ---   2009-08-29 02:13

[Sesko]

I noticed your AVG, while your pc is getting slow check the usage of your pc. I can almost gurantee that your going to see your usage is at 100% and AVG is killing it.

I have the same issue here at the dealership with alot of the Pcs we have. I just uninstall AVG and then the computer is good to go. I'm not sure what causes it but I'm sure someone on here will be able to help.

Best of luck

[876543219]

I don't have avg i deleted it because the trial expired but while i had it on my computer my computer ran just as good as when i didn't  have it

i'm looking at my cpu usage right now and it's going from 0 to 5 percent 

[evilfantasy]

Sesko - Try AntiVir.

http://www.filehippo.com/download_antivir/

876543219.

• Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

How is the computer running now?

[876543219]

Hello thanks for all the help my computer is running as good as ever I don't have to click on refresh when i use internet explorer now   but all the programs in control panel  in add and remove programs are  still there i posted an image do any of you ever here of any of these programs and also just a couple of minutes ago i got a message from a webpage saying that avira detected a virus and needed to do an immidiate scan it was from an web page  so i tried to close it and it wouldn't so i ended it in control alt delete  i know avira don't send these out i had avira detect a virus today while i was on the web and this message didn't pop up           

[evilfantasy]

The screenshot of your add/remove programs looks fine. All of that is needed.

is this a link you visit often?

Can you send me the link in a PM please.

Also do this.

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[876543219]

here's the malwarebyte log  i did update it



Malwarebytes' Anti-Malware 1.40
Database version: 2737
Windows 5.1.2600 Service Pack 3

9/3/2009 5:56:13 PM
mbam-log-2009-09-03 (17-56-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134297
Time elapsed: 1 hour(s), 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[evilfantasy]

It doesn't appear anything got onto the computer but it wouldn't hurt to run a scan with Avira just to be sure.

If there are no other malware issues then we can finish up.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[876543219]

I ran avira and securia i went to microsoft sucurity updates clicked on express get high-priority (reccomended)

then it showed

genuine windows validation
To get updates, you must first validate your Windows software. Validation assures that you are using an authentic and fully licensed copy of Windows.



DO you want to validate windows now?

there's a check box before each of the listens below number 1 and 2 when i click on number one it sas

This copy of Windows did not pass genuine validation.
The product key found on this computer is not valid for use in your region.
they want me to pay 149,00 dollars for an genuine advatage kit i got this a couple months ago when i tried to download windows media player 11

1 Yes, help me validate Windows and get all important updates for my computer (Recommended)


2 Just show me updates for other products (Your computer will be more vulnerable to security threats until you update Windows.)



number two let me have some updates as shown below




is there any way i can validate my windows  without paying 149.00 dollars i seen this at couple sight







downloading Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) (update 1 of 2)... done!
Downloading Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) (update 2 of 2)... done!
Initializing installation... done!
Installing Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) (update 1 of 2)... done!
Installing Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) (update 2 of 2)...

i also ran microsoft windows malicious software tool it took 1 hour 32 minutes  and also found nothing


thanks for all the help i was just wondering i have avira ccleaner hjackthis malwarebytes superantispyware and you reccomend also using spybot wot and spyware blaster do  i
need all of these are can i get rid of a couple and how often should i run these programs and if there anything else i should download and what should i have turned on and of
in my internet options and in sucurity settings internet zone what should i check and not check  what should i have turned on and off

[evilfantasy]

i have avira ccleaner hjackthis malwarebytes superantispyware and you reccomend also using spybot wot and spyware blaster

Keep all of them Update and run either Spybot, Malwarebytes or Superantispyware now and then. It's best to switch off between different ones.

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[876543219]

i wouldn't let me copy but here is what it said

[attachment deleted by admin]

[evilfantasy]

your computer has a Volume Licensing Key. That key is now a blocked Volume Licensing Key (VLK).  VLKs are blocked by Microsoft at the request of the original key holder for such reasons as the key was lost, stolen, compromised, misused, or expired.  Also, MS may have blocked the key if it notices a pattern of misuse, ie, more installations of XP using that key than authorized.

You need to contact Microsoft directly to get your key activated. 1-866-PCSAFETY (1-866-727-2338). This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada.

Or...

If you have valid, licensed software (and your license key), then you can to go to the Windows Genuine Forum, register and post the log at Speak to us at Microsoft! If necessary, copy the original log or provide a link to this thread.

[876543219]

I don't have the original xp cd anymore when i downloaded xp it it didn't ask for a product key number all a really want is windows media player 11 could i get this anyway without a validation are by bypass the validation just for that program

is there any other way i could validate my xp