Author Topic: i think my computer has a virus (Read 17183 times)

876543219 · « **on:** August 31, 2009, 12:43:28 AM »

My computer is alot slower than it was yesterday i looked in my add and remove programs and saw alot of programs i didn't dowload that was dowloaded today and i'm not sure if it isn't just automatic updates that happends everytime i shut my computer down it doesn't look like the automatic updates i being getting saying update for windowsxp and windows xp software updates and they all have the windows xp logo and today i looked and got about 30 others that don't have the windows xp logo and some of these say stuff like microsoft be framework 3.0 service pack -------- dr watson------- microsoft net framework service pack 2 -----netframe work------------ and alot of short 3 are 4 letter words like xps wpf-other-32 wf-32 i'm not sure what all this is if it's a virus are what it is it doesn't let me delete none of these most say this update can't be deleted a couple that i tried to delete microsoft net framework 2.0 service pack 2 can't be uninstalled because it will affect other applications that are installed and when i installed a free trial of narton commant prompt poped up for just a second i'm not sure why it did that and i file poped up before nortan was done downloading that sas nwse i'm not sure why it did that so i deleted nortan in add and remove programs it deleted the nortan but the file was still there and when i rebooted my computer is said deleting some kind of file i'm not sure what it was it said it one time then 2 then it quickly filled up the hole computer screen then it said deleting orphan file and started to almost fill up the screen again so i turned off my computer turned it back didn't do it again i'm not sure what's going on plz help

kmmhasan · « **Reply #1 on:** August 31, 2009, 02:47:54 AM »

Hmm. i think you pc is attacked by spyware. No general antivirus can detect spyware. You have use some anti spyware software.

Sometimes, program loads from registry, what you have to look in to the registry dlete delete their values.

if you are not a expert user, you better touch with a computer expert to help you.

Thanks

Mahmud Hasan
<link removed>

harry 48 · « **Reply #2 on:** August 31, 2009, 01:43:56 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above , complete , post the 3 logs here an expert will see them

do not touch your registry , the things you download kept they are for spyware and malware

also to keep your pc clean , wait for an expert

876543219 · « **Reply #3 on:** September 02, 2009, 07:43:23 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:34 AM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

here's the hijack log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: prio.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9c1374ac7f430) (gupdate1c9c1374ac7f430) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 8092 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:34 AM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: prio.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9c1374ac7f430) (gupdate1c9c1374ac7f430) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 8092 bytes

Karnac · « **Reply #4 on:** September 02, 2009, 07:49:51 AM »

Here is the result of your HJT log using the CH process tool.

http://www.computerhope.com/cgi-bin/process.pl?o=264659

Follow the directions for cleaning, and run Mbam afterwards.

harry 48 · « **Reply #5 on:** September 02, 2009, 12:21:40 PM »

KARNAC , i hate to disagree with you

but do you think 876543219 should do the cleaning or wait for an

expert , i think a few of these are needed for the pc when you read them

the only thing i would say is , 876543219 has 2 anti-virus in , there should only be 1 in the pc i believe , and

also Uniblue RegistryBooster , i think this is a bad program and should not mess with the registry

876543219 , remove 1 of your hjt logs and did you do the other logs

Karnac · « **Reply #6 on:** September 02, 2009, 01:50:14 PM »

HARRY48,

Then don't disagree with me ..... I provide an option for people who have problems and want their computers up and running....If there is a problem with the advice I give, I can be certain one of the Malware experts will be quick to correct me.....The tool is there to be used, and as you can see the past couple of months with Evils' absence it has provided an alternative to those who require help...the majority of people sent there with problems don't return to the forum afterwards.....In a discussion with CBMatt, he advised me that the process tool willl solve the majority of problems, it's just a matter of getting people to use it....therefore I suggest it at any opportunity I can.....the majority of issues are solved and Evil gets a well deserved break. Granted, Uniblue is a less than stellar program and we don't recommend registry cleaners, but I am not a malware expert and other than "Run the 3 scans and use the process tool" you won't find me giving any other instructions contrary to the rules ...... I do however respond to people who PM me when they can't get help in the forum for which they are most grateful, especially when their PC won't respond.

evilfantasy · « **Reply #7 on:** September 02, 2009, 01:59:04 PM »

Quote from: Karnac on September 02, 2009, 01:50:14 PM

I can be certain one of the Malware experts will be quick to correct me.....

We don't reply much, not enough time in the day, but I/we read almost all of the topics in this forum.

Just be careful and don't give advice you don't know how to reverse if something goes wrong.

@ Karnac - Check your PM's.

harry 48 · « **Reply #8 on:** September 02, 2009, 02:07:24 PM »

i have read a lot of hjt logs in the tool ( trying to learn ) and if the person takes some of them out they are needed by the pc , that is why i might send them there but never tell them to remove them

and as evil says if they take them out it cannot be reversed

and as you said , an expert will tell me if i did wrong

SuperDave · « **Reply #9 on:** September 02, 2009, 06:42:25 PM »

Quote

and as evil says if they take them out it cannot be reversed.

That is not what evil said.

Quote

Just be careful and don't give advice you don't know how to reverse if something goes wrong.

If you examine the HJT tool you will see a button for restore. That's why it's so important that the HJT program is installed on the C drive and not in a temp. folder or on the desktop.

evilfantasy · « **Reply #10 on:** September 02, 2009, 07:08:38 PM »

Quote from: SuperDave on September 02, 2009, 06:42:25 PM

That's why it's so important that the HJT program is installed on the C drive and not in a temp. folder or on the desktop.

876543219 · « **Reply #11 on:** September 02, 2009, 08:54:29 PM »

Here's there malwarebytes log i couldn't figure out how to save the superantispyware log
it sas 157 infected haven't deleted any of these yet i wanted to hear what you all think if there's some i should save I also ran avira it didn't find any thing also ran ccleaner

To answer harry i only deleted o3 o6 o6 and 023

Malwarebytes' Anti-Malware 1.40
Database version: 2729
Windows 5.1.2600 Service Pack 3

9/2/2009 9:48:01 PM
mbam-log-2009-09-02 (21-47-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140878
Time elapsed: 1 hour(s), 20 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 10
Files Infected: 177

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\RegTool (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Logs (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130 (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Results (Rogue.RegTool) -> No action taken.
C:\Program Files\Adware Professional (Rogue.AdwarePro) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin (Adware.DoubleD) -> No action taken.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Logs\2009-06-08 07-18-530.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Logs\2009-06-08 07-19-170.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\filelist.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-0.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-1.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-10.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-100.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-101.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-102.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-103.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-104.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-105.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-106.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-107.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-108.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-109.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-11.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-110.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-111.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-112.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-113.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-114.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-115.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-116.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-117.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-118.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-119.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-12.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-120.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-121.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-122.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-123.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-124.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-125.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-126.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-127.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-128.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-129.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-13.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-130.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-131.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-132.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-133.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-134.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-135.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-136.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-137.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-138.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-139.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-14.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-140.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-141.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-142.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-143.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-144.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-145.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-146.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-147.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-148.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-149.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-15.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-150.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-151.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-152.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-153.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-154.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-155.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-156.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-157.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-158.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-159.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-16.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-160.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-161.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-162.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-163.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-164.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-165.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-17.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-18.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-19.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-2.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-20.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-21.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-22.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-23.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-24.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-25.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-26.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-27.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-28.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-29.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-3.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-30.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-31.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-32.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-33.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-34.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-35.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-36.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-37.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-38.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-39.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-4.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-40.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-41.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-42.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-43.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-44.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-45.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-46.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-47.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-48.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-49.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-5.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-50.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-51.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-52.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-53.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-54.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-55.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-56.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-57.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-58.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-59.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-6.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-60.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-61.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-62.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-63.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-64.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-65.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-66.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-67.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-68.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-69.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-7.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-70.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-71.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-72.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-73.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-74.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-75.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-76.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-77.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-78.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-79.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-8.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-80.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-81.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-82.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-83.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-84.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-85.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-86.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-87.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-88.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-89.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-9.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-90.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-91.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-92.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-93.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-94.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-95.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-96.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-97.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-98.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-99.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> No action taken.
C:\Program Files\Adware Professional\noadware4_060709.na (Rogue.AdwarePro) -> No action taken.
C:\Program Files\Adware Professional\nutilities.dll (Rogue.AdwarePro) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin\stbup.exe (Adware.DoubleD) -> No action taken.

evilfantasy · « **Reply #12 on:** September 02, 2009, 08:57:39 PM »

Quote

No action taken.

You have to let MBAM and SAS fix everything they find.

Locate the SUPERAntiSpyware log as follows:

* Click: Preferences
* Click the Statistics/Logs tab
* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log
* The log will open in your default text editor (such as Notepad)
* Post the SUPERAntiSpyware log in your reply.

876543219 · « **Reply #13 on:** September 02, 2009, 10:43:07 PM »

here is the super spyware log

And also everytime i open internet explorer is sas internet explorer can't display this webpage but when i click on refresh it Does. I din't think nothing of it at first i seen it every now and then but it does it every time now it doesn't do this on firefox are google chrome

I also posted what my control panel shows at the bottum of this post

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2009 at 11:25 PM

Application Version : 4.27.1002

Core Rules Database Version : 4040
Trace Rules Database Version: 1980

Scan type : Complete Scan
Total Scan Time : 01:23:37

Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 4375
Registry threats detected : 1
File items scanned : 13023
File threats detected : 109

Adware.Tracking Cookie
   C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[3].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[3].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[3].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@adecn[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@burstbeacon[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@crackle[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@portobanner569[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@poweredbanner[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@specificmedia[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@2o7[2].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@adbrite[1].txt
   C:\Documents and Settings\dalton\Cookies\dalton@adlegend[2].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@advertising[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@apmebf[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@atdmt[2].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@doubleclick[1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
   C:\Documents and Settings\dalton\Cookies\dalton@fastclick[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@imrworldwide[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@interclick[2].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@mediaplex[1].txt
   C:\Documents and Settings\dalton\Cookies\dalton@overture[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@questionmarket[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@realmedia[1].txt
   C:\Documents and Settings\dalton\Cookies\dalton@revsci[1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@serving-sys[2].txt
   C:\Documents and Settings\dalton\Cookies\dalton@specificclick[1].txt
   C:\Documents and Settings\dalton\Cookies\dalton@specificmedia[1].txt
   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@apmebf[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@chitika[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@intermundomedia[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Adware.MyWebSearch/FunWebProducts
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Adware.DoubleD
   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin\stbup.exe
   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin
   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290
   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar
   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD

[attachment deleted by admin]

evilfantasy · « **Reply #14 on:** September 02, 2009, 11:32:59 PM »

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

876543219 · « **Reply #15 on:** September 03, 2009, 02:28:27 AM »

Hello i tried to download it but it said that i couldn't rename it while it was downloading i didn't try to rename it could you send me another link to download it i found alot of sights were i could of downloaded it at but non looked trust worthy

evilfantasy · « **Reply #16 on:** September 03, 2009, 12:05:55 PM »

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2

Rename ComboFix to Combo-Fix before saving it to the desktop.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

876543219 · « **Reply #17 on:** September 03, 2009, 12:57:42 PM »

here's the combofix log while it was running it said couldn't find file mircdb.exe

ComboFix 09-09-03.02 - Administrator 09/03/2009 13:33.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.313 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.ele.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\S-1-5-21-299502267-688789844-1606980848-500
c:\windows\system32\llbiirc.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-02 23:56 . 2009-09-02 23:56   --------   d-----w-   c:\program files\Icegiant Software
2009-09-02 23:54 . 2009-09-02 23:54   --------   dc----w-   C:\_ok2delete
2009-09-02 23:41 . 2009-09-02 23:41   --------   dc----w-   c:\documents and settings\Administrator\Application Data\FastStone
2009-09-02 23:41 . 2009-09-02 23:41   --------   d-----w-   c:\program files\FastStone Photo Resizer
2009-09-02 07:33 . 2009-09-02 07:33   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-02 07:33 . 2009-08-03 12:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 07:33 . 2009-09-02 07:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-02 07:33 . 2009-09-02 07:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-02 07:33 . 2009-08-03 12:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-02 05:32 . 2009-09-02 05:32   --------   dc----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-02 05:31 . 2009-09-02 05:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-09-02 05:17 . 2009-09-02 05:17   --------   d-----w-   c:\program files\CCleaner
2009-09-02 05:16 . 2009-03-30 09:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2009-09-02 05:16 . 2009-02-13 11:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2009-09-02 05:16 . 2009-02-13 11:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2009-09-02 05:16 . 2009-09-02 05:16   --------   d-----w-   c:\program files\Avira
2009-09-02 05:16 . 2009-09-02 05:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2009-09-02 01:44 . 2009-09-02 01:46   --------   d-----w-   c:\program files\Common Files\Adobe
2009-09-02 01:42 . 2009-09-02 01:42   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-09-01 04:51 . 2009-09-03 00:40   --------   d-----w-   c:\program files\Norton AntiVirus
2009-08-31 14:41 . 2009-07-28 15:33   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-08-31 14:16 . 2009-08-31 14:16   --------   dc----w-   c:\documents and settings\Administrator\Application Data\AVG8
2009-08-31 03:06 . 2009-03-19 15:32   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-31 03:06 . 2008-04-17 11:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-08-31 03:05 . 2009-08-31 03:05   --------   d-----w-   c:\program files\iPod
2009-08-31 03:04 . 2009-08-31 03:06   --------   d-----w-   c:\program files\iTunes
2009-08-31 03:02 . 2009-08-31 03:03   --------   d-----w-   c:\program files\QuickTime
2009-08-31 02:51 . 2009-08-31 02:51   --------   d-----w-   c:\program files\Real
2009-08-31 02:44 . 2009-08-31 02:44   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2009-08-31 02:42 . 2009-08-31 02:42   --------   d-----w-   c:\program files\Winamp Toolbar
2009-08-31 02:42 . 2009-08-31 02:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-08-31 02:41 . 2009-08-31 02:44   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Winamp
2009-08-31 02:41 . 2009-08-31 02:42   --------   d-----w-   c:\program files\Winamp
2009-08-31 01:53 . 2009-08-31 02:51   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2009-08-31 01:53 . 2009-08-31 02:51   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-08-31 00:25 . 2009-08-31 00:25   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Symantec
2009-08-31 00:08 . 2009-08-31 00:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\NortonSystemWorks
2009-08-30 22:00 . 2009-08-30 22:00   53   ----a-w-   c:\windows\DelToolbox.bat
2009-08-29 03:43 . 2009-08-31 00:25   --------   dc----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\windows\system32\XPSViewer
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\program files\MSBuild
2009-08-29 02:07 . 2009-08-29 02:07   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-29 02:06 . 2008-07-06 12:06   89088   ------w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-29 02:06 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-08-29 02:06 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-29 02:06 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-08-29 02:06 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-29 02:06 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-08-29 02:06 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-08-29 02:06 . 2009-08-29 02:07   --------   dc----w-   C:\128bfc075b3ea45d3a1213
2009-08-27 04:56 . 2009-08-27 04:56   --------   d-----w-   c:\documents and settings\Guest\Local Settings\Application Data\Help
2009-08-25 04:46 . 2009-08-25 04:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\QXOQNGQAYG
2009-08-25 04:46 . 2009-08-25 04:48   --------   d-----w-   c:\program files\BadgeHelp
2009-08-22 13:44 . 2009-08-22 13:44   --------   d-----w-   c:\program files\Common Files\eSellerate
2009-08-22 13:43 . 2009-08-30 07:37   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 07:28 . 2009-08-12 07:29   --------   d-----w-   c:\program files\CheckerBoard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 07:26 . 2009-09-03 07:25   --------   d-----w-   c:\program files\DivX
2009-09-03 07:25 . 2009-09-03 07:25   --------   d-----w-   c:\program files\Common Files\DivX Shared
2009-09-03 00:40 . 2009-07-02 15:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-09-03 00:26 . 2009-04-19 01:17   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-09-02 23:56 . 2009-04-19 00:19   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-02 23:55 . 2009-04-19 00:15   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-09-02 22:34 . 2009-05-27 06:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-09-02 05:32 . 2009-05-21 13:34   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-08-31 03:01 . 2009-04-19 01:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-31 02:54 . 2009-07-05 14:32   --------   d-----w-   c:\program files\Common Files\Real
2009-08-31 00:25 . 2009-07-04 23:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2009-08-30 23:49 . 2009-06-29 14:24   --------   d-----w-   c:\program files\USB Disk Win98 Driver
2009-08-30 22:26 . 2009-05-14 21:16   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-08-30 21:59 . 2009-06-30 02:08   --------   d-----w-   c:\program files\ffdshow
2009-08-30 21:48 . 2009-04-19 02:03   --------   d-----w-   c:\program files\Google
2009-08-30 21:19 . 2009-04-19 01:01   --------   d-----w-   c:\program files\Common Files\Apple
2009-08-29 03:40 . 2009-04-29 01:45   14056   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-29 05:41 . 2009-07-29 05:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-29 05:37 . 2009-05-24 01:30   --------   d-----w-   c:\program files\AVG
2009-07-21 06:38 . 2009-07-21 06:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-07-21 06:31 . 2009-07-21 06:31   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-07-21 06:31 . 2009-07-21 06:31   --------   dc----w-   c:\documents and settings\Administrator\Application Data\skypePM
2009-07-21 06:14 . 2009-07-21 06:11   --------   d-----w-   c:\program files\Graboid
2009-07-21 06:12 . 2009-07-21 06:12   --------   dc----w-   c:\documents and settings\Administrator\Application Data\MozillaControl
2009-07-21 04:28 . 2009-06-30 01:42   --------   dc----w-   c:\documents and settings\Administrator\Application Data\dvdcss
2009-07-08 09:16 . 2009-07-08 07:32   --------   dc----w-   c:\documents and settings\Administrator\Application Data\Move Networks
2009-07-08 09:13 . 2009-07-08 09:11   --------   d-----w-   c:\program files\MediaMonkey
2009-07-08 09:13 . 2009-07-08 09:13   --------   dc----w-   c:\documents and settings\Administrator\Application Data\J River
2009-07-08 09:01 . 2009-07-08 09:01   --------   d-----w-   c:\program files\J River
2009-07-06 22:39 . 2009-07-06 04:55   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-07-05 15:02 . 2009-05-14 21:16   --------   d-----w-   c:\program files\Java
2009-07-05 14:32 . 2009-07-05 14:32   --------   d-----w-   c:\program files\Common Files\xing shared
2009-06-28 20:00 . 2009-04-30 17:41   12720   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 01:57 . 2009-06-30 01:41   45056   -c--a-w-   c:\windows\system32\WNASPI32.DLL
2009-06-18 01:57 . 2009-06-30 01:41   16512   ----a-w-   c:\windows\system32\drivers\ASPI32.SYS
2009-06-16 14:36 . 2008-05-03 12:00   81920   ------w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-05-03 12:00   119808   ------w-   c:\windows\system32\t2embed.dll
2009-06-07 22:43 . 2009-06-07 22:43   0   ----a-w-   c:\windows\nsreg.dat
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-03-21 1695232]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-31 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-31 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/2/2009 6:16 AM 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 gupdate1c9c1374ac7f430;Google Update Service (gupdate1c9c1374ac7f430);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 10:39 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 21:39]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-113007714-2147160587-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 02:30]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-113007714-2147160587-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 02:30]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{737E7CF6-2941-413F-9E5E-45B9A0617E3F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7mb3t0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7mb3t0y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-113007714-2147160587-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d2,c5,08,dc,d1,59,40,93,9c,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,40,7a,aa,5d,88,8c,4b,b2,c1,95,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-09-03 13:45
ComboFix-quarantined-files.txt 2009-09-03 12:44

Pre-Run: 2,696,073,216 bytes free
Post-Run: 3,406,921,728 bytes free

269   --- E O F ---   2009-08-29 02:13

Sesko · « **Reply #18 on:** September 03, 2009, 01:06:39 PM »

I noticed your AVG, while your pc is getting slow check the usage of your pc. I can almost gurantee that your going to see your usage is at 100% and AVG is killing it.

I have the same issue here at the dealership with alot of the Pcs we have. I just uninstall AVG and then the computer is good to go. I'm not sure what causes it but I'm sure someone on here will be able to help.

Best of luck

876543219 · « **Reply #19 on:** September 03, 2009, 01:18:59 PM »

I don't have avg i deleted it because the trial expired but while i had it on my computer my computer ran just as good as when i didn't have it

i'm looking at my cpu usage right now and it's going from 0 to 5 percent

evilfantasy · « **Reply #20 on:** September 03, 2009, 01:19:59 PM »

Sesko - Try AntiVir. http://www.filehippo.com/download_antivir/

876543219.

Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.

How is the computer running now?

876543219 · « **Reply #21 on:** September 03, 2009, 03:13:33 PM »

Hello thanks for all the help my computer is running as good as ever I don't have to click on refresh when i use internet explorer now but all the programs in control panel in add and remove programs are still there i posted an image do any of you ever here of any of these programs and also just a couple of minutes ago i got a message from a webpage saying that avira detected a virus and needed to do an immidiate scan it was from an web page so i tried to close it and it wouldn't so i ended it in control alt delete i know avira don't send these out i had avira detect a virus today while i was on the web and this message didn't pop up

evilfantasy · « **Reply #22 on:** September 03, 2009, 03:17:02 PM »

The screenshot of your add/remove programs looks fine. All of that is needed.

is this a link you visit often?

Can you send me the link in a PM please.

Also do this.

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

876543219 · « **Reply #23 on:** September 03, 2009, 05:07:26 PM »

here's the malwarebyte log i did update it

Malwarebytes' Anti-Malware 1.40
Database version: 2737
Windows 5.1.2600 Service Pack 3

9/3/2009 5:56:13 PM
mbam-log-2009-09-03 (17-56-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134297
Time elapsed: 1 hour(s), 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #24 on:** September 03, 2009, 05:10:28 PM »

It doesn't appear anything got onto the computer but it wouldn't hurt to run a scan with Avira just to be sure.

If there are no other malware issues then we can finish up.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

876543219 · « **Reply #25 on:** September 03, 2009, 08:20:26 PM »

I ran avira and securia i went to microsoft sucurity updates clicked on express get high-priority (reccomended)

then it showed

genuine windows validation
To get updates, you must first validate your Windows software. Validation assures that you are using an authentic and fully licensed copy of Windows.

DO you want to validate windows now?

there's a check box before each of the listens below number 1 and 2 when i click on number one it sas

This copy of Windows did not pass genuine validation.
The product key found on this computer is not valid for use in your region.
they want me to pay 149,00 dollars for an genuine advatage kit i got this a couple months ago when i tried to download windows media player 11

1 Yes, help me validate Windows and get all important updates for my computer (Recommended)

2 Just show me updates for other products (Your computer will be more vulnerable to security threats until you update Windows.)

number two let me have some updates as shown below

is there any way i can validate my windows without paying 149.00 dollars i seen this at couple sight

downloading Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) (update 1 of 2)... done!
Downloading Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) (update 2 of 2)... done!
Initializing installation... done!
Installing Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) (update 1 of 2)... done!
Installing Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) (update 2 of 2)...

i also ran microsoft windows malicious software tool it took 1 hour 32 minutes and also found nothing

thanks for all the help i was just wondering i have avira ccleaner hjackthis malwarebytes superantispyware and you reccomend also using spybot wot and spyware blaster do i
need all of these are can i get rid of a couple and how often should i run these programs and if there anything else i should download and what should i have turned on and of
in my internet options and in sucurity settings internet zone what should i check and not check what should i have turned on and off

evilfantasy · « **Reply #26 on:** September 03, 2009, 09:04:59 PM »

Quote

i have avira ccleaner hjackthis malwarebytes superantispyware and you reccomend also using spybot wot and spyware blaster

Keep all of them Update and run either Spybot, Malwarebytes or Superantispyware now and then. It's best to switch off between different ones.

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

876543219 · « **Reply #27 on:** September 03, 2009, 09:49:34 PM »

i wouldn't let me copy but here is what it said

[attachment deleted by admin]

evilfantasy · « **Reply #28 on:** September 03, 2009, 10:01:32 PM »

your computer has a Volume Licensing Key. That key is now a blocked Volume Licensing Key (VLK). VLKs are blocked by Microsoft at the request of the original key holder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, MS may have blocked the key if it notices a pattern of misuse, ie, more installations of XP using that key than authorized.

You need to contact Microsoft directly to get your key activated. 1-866-PCSAFETY (1-866-727-2338). This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada.

Or...

If you have valid, licensed software (and your license key), then you can to go to the Windows Genuine Forum, register and post the log at Speak to us at Microsoft! If necessary, copy the original log or provide a link to this thread.

876543219 · « **Reply #29 on:** September 03, 2009, 10:41:21 PM »

I don't have the original xp cd anymore when i downloaded xp it it didn't ask for a product key number all a really want is windows media player 11 could i get this anyway without a validation are by bypass the validation just for that program

is there any other way i could validate my xp

evilfantasy · « **Reply #30 on:** September 03, 2009, 10:44:46 PM »

If you downloaded it from the internet then it's a cracked version and we don't help with making them work. Buy a key and you won't have these issues. Or use a free Linux Distro like Ubuntu. http://distrowatch.com/

Microsoft will usually work with you in getting it legal. Worth a try to see what they say.

876543219 · « **Reply #31 on:** September 04, 2009, 06:42:16 PM »

hello again I saw something on youtube that sounded to good to be true didn't think it would work but was worth a try all the comments on the post said it worked for them go to windowns in safe mode delete windows mediaplayer.exe in safe mode which made no sence how deleting it in safe mode will make it work when on your computer when your not in safe mode couldn't believe i was trying this restarted my computer hit control 8 selected safe mode started going threw and it just stops about a quarter of the way threw tried 3 or 4 times still nothing what do you think it could be

i did have windows media player on this computer before and one day i clicked the icon and nothing tried left click on the icon open still nothing tried the icon in start and the icon left of my clock still nothing so i deleted it after of a couple of days of trying to get it to work

evilfantasy · « **Reply #32 on:** September 04, 2009, 06:49:45 PM »

Bottom line. You have to get Windows legal before we can help any further.

Forum rules. http://www.computerhope.com/forum/index.php/topic,58736.0.html

Quote

If you need or lost your CD-KEY or other authentication key for a software program or game you’ll need to contact the developer of that program. We will not provide you or link you to where you can find a new one.

876543219 · « **Reply #33 on:** September 04, 2009, 06:52:47 PM »

I'm just wondering why my computer might not be going into safe mode and iv'e being asking for legal ways to validate my xp and iv'e being trying to validate my xp legally i'm not conserned about the validation anymore i probably won't get it fixed there are alot of good anti virus and anti spyware programs i can download and i have got good media players that work good

evilfantasy · « **Reply #34 on:** September 04, 2009, 07:05:47 PM »

Quote from: 876543219 on September 04, 2009, 06:52:47 PM

and iv'e being asking for legal ways to validate my xp

I've given information already.

Microsoft Product Activation http://www.microsoft.com/piracy/mpa.aspx or call Microsoft at 1-866-PCSAFETY (1-866-727-2338)

876543219 · « **Reply #35 on:** September 04, 2009, 07:20:54 PM »

plz help my last two posts i wasn't asking for more help validating my xp back to the original question why might my computer not work in safe mode could this be a virus

evilfantasy · « **Reply #36 on:** September 04, 2009, 07:23:49 PM »

Microsoft uses technology that makes it hard to run Windows unless it is validated. Get it legitimate and most if not all of your problems will go away. Until then, we don't help make computers that are not licensed work. Even if I know the answer it is against forum rules to help. Sorry, that's just the way it is.

Computer Hope Forum

News:

Author Topic: i think my computer has a virus (Read 17183 times)

876543219

kmmhasan

harry 48

876543219

Karnac

harry 48

Karnac

evilfantasy

harry 48

SuperDave

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

Sesko

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy

876543219

evilfantasy