0

Hello how's it going !

I've been trying to get rid of this virus that poses as a windows security threat , by trying to get me to buy their security no way! this thing wouldnt let me go on the net or open any of my applications to get rid of it. Only thing i could do was boot in safe mode ran Malwarebytes' Anti-Malware twice , first time it stopped almost at 90% completion then i ran spybot , after that re ran Malwarebytes' Anti-Malware this time it completed the whole process .

After doing all this in safe mode ,rebooted normally and sorte of got rid of the virus but now i have another problem none of my applications work,my firewall is locked, i cant even open internet explorer its always asking to choose a program to open with. Only way i can open apps are in safe mode so I think i might of done something wrong.

Theres a list of threats that Malwarebytes' Anti-Malware that are quarantined that most of the names are "rougue something files " but i aslo see some " disable security center" and hi jackthis exe" in there but i dont get because ive a hijack log after. I just hope i didnt quarantined someting i shouldnt have, but what a nightmare but if guys can help out that would great .


heres my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:20 AM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jc Vital\My Documents\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://cvpn.onss.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199676726031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 4976 bytes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:20 AM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jc Vital\My Documents\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://cvpn.onss.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199676726031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 4976 bytes


1rst Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.41
Database version: 3145
Windows 5.1.2600 Service Pack 3 (Safe Mode)

4/19/2010 9:12:54 PM
mbam-log-2010-04-19 (21-12-54).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 313757
Time elapsed: 48 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{331cf7ad-4ff8-47f8-bbfb-04eed85c4652} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51c0946f-938e-4909-a128-8a2f688df31a} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f32d7d45-1750-48da-9cac-c6216972bb33} (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Favorites\free porn pornstar video Lusty Nymph Crissy Moran Sitting Her Slippery Twat On A Huge Toy Cock at 4tube.com.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jc Vital\Favorites\free porn pornstar video Lusty Nymph Crissy Moran Sitting Her Slippery Twat On A Huge Toy Cock at 4tube.com.url (Rogue.Link) -> Quarantined and deleted successfully.


second one here


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

4/20/2010 12:50:45 AM
mbam-log-2010-04-20 (00-50-45).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 307774
Time elapsed: 51 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jc Vital\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Intern) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\emHm.dll (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58D71B89-9E1A-4A51-9E1C-7261442CCD39}\RP645\A0092506.dll (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58D71B89-9E1A-4A51-9E1C-7261442CCD39}\RP645\A0093472.dll (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58D71B89-9E1A-4A51-9E1C-7261442CCD39}\RP645\A0094431.dll (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58D71B89-9E1A-4A51-9E1C-7261442CCD39}\RP646\A0095411.dll (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58D71B89-9E1A-4A51-9E1C-7261442CCD39}\RP652\A0100354.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

2
Contributors
11
Replies
12
Views
7 Years
Discussion Span
Last Post by crunchie
0

Hi. Please read the post found HERE and post the requested logs upon completion.
Might want to keep away from the naughties too, unless you want to be perpetually infected (pun intended).

Edited by crunchie: n/a

0

I thank you I will follow these steps and report back. Is it better to go into " safe mode with networking " to download all the neccessary programs to the pc, i think its the only i can get online ?
Only have 1 pc thanks!

Edited by Optical 9: n/a

0

Ok ive follow those steps as instructed, everything worked ok except i could not do a scan for Malwarebytes' Anti-Malware (MBA-M) not in even in all safe modes.
Another thing i forgot to mention is that ive ran spy- bot first before everything, theres a few files that are quarantined as well but have not purged em yet.
If this doesnt work i was wondering if its safe to restore what is quarantined in spybot and Malwarebytes' Anti-Malware (MBA-M) back on the pc so i can re do the whole cleaning process again, if not i wont but just wanted to know.thanks


DDS report 1


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 11:01:58.98 on Tue 04/20/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.532 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRunOnce: [NeroHomeFirstStart] c:\program files\common files\ahead\lib\NMFirstStart.exe
mRun: [nForce Tray Options] sstray.exe /r
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://cvpn.onss.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199676726031
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-16 242696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-16 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-16 29512]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-14 916760]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2007-4-23 336944]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2009-2-1 302728]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-20 11:44:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 11:44:28 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 03:53:29 699904 ----a-w- c:\windows\is-96QB9.exe
2010-04-20 03:53:29 399 ----a-w- c:\windows\is-96QB9.lst
2010-04-20 03:53:29 10498 ----a-w- c:\windows\is-96QB9.msg
2010-04-20 00:23:36 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-04-20 00:23:22 178 --sh--w- c:\documents and settings\administrator\ntuser.ini
2010-03-28 23:14:05 833128 ----a-w- c:\windows\Replicant VST plug-in Uninstaller.exe

==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 21:53:36 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 21:53:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 21:52:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 11:02:19.18 ===============

Attachments
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2008 9:31:47 PM
System Uptime: 4/20/2010 7:40:00 AM (4 hours ago)

Motherboard: http://www.abit.com.tw/ |  | NF7-S/NF7 (nVidia-nForce2)
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1914/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 5.401 GiB free.
D: is FIXED (NTFS) - 55 GiB total, 10.639 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 74 GiB total, 12.946 GiB free.
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3112&SUBSYS_61121095&REV_02\4&3B1D9AB8&0&5840
Manufacturer: 
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3112&SUBSYS_61121095&REV_02\4&3B1D9AB8&0&5840
Service: 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP628: 1/21/2010 5:08:43 PM - Software Distribution Service 3.0
RP629: 2/2/2010 10:09:41 PM - Avg8 Update
RP630: 2/14/2010 2:48:59 PM - System Checkpoint
RP631: 2/14/2010 3:24:28 PM - Software Distribution Service 3.0
RP632: 2/26/2010 7:52:24 AM - Software Distribution Service 3.0
RP633: 3/4/2010 10:19:04 PM - System Checkpoint
RP634: 3/12/2010 3:14:12 AM - Avg8 Update
RP635: 3/12/2010 3:30:49 AM - Software Distribution Service 3.0
RP636: 3/14/2010 4:50:28 PM - Installed AVG 9.0
RP637: 3/14/2010 5:50:58 PM - Avg8 Update
RP638: 3/14/2010 5:53:45 PM - Avg Update
RP639: 3/16/2010 6:33:48 PM - Avg Update
RP640: 3/18/2010 6:59:53 AM - System Checkpoint
RP641: 3/28/2010 9:36:31 AM - System Checkpoint
RP642: 3/30/2010 8:39:21 AM - Avg Update
RP643: 3/30/2010 8:41:13 AM - Avg Update
RP644: 3/31/2010 6:39:29 AM - Software Distribution Service 3.0
RP645: 4/1/2010 9:00:37 AM - Avg Update
RP646: 4/8/2010 11:19:33 AM - Avg Update
RP647: 4/9/2010 5:58:15 PM - System Checkpoint
RP648: 4/17/2010 11:28:41 AM - Software Distribution Service 3.0
RP649: 4/17/2010 12:57:11 PM - Configured AVG Free 9.0
RP650: 4/17/2010 1:08:17 PM - Avg Update
RP651: 4/17/2010 1:09:53 PM - Avg Update
RP652: 4/19/2010 4:49:51 PM - System Checkpoint
RP653: 4/19/2010 10:37:17 PM - Restore Operation

==== Installed Programs ======================


AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
ANWIDA Soft DX Reverb 2.0 DEMO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
Bonjour
Canon PIXMA iP3000
CardRd81
CCScore
Cisco AnyConnect VPN Client
CR2
Delta
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
FXPansion_Guru_VSTi_DXi_RTAS_v1.0.2.5-PLZ
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Junk Mail filter update
Kodak EasyShare software
KSU
LightScribe System Software  1.10.19.1
Live 6.0.10
Live 7.0.15
Live 7.0.7
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments FM8
Nero 7 Essentials
neroxml
Nomad Factory Blue Tubes Bundle v2.0
Notifier
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
Ohm Force Hematohm VST2 v1.0
Ohmforce Mobilohm VST v1.04
Ohmforce OhmBoyz Vst Pro v1.2
Ohmforce Predatohm VST2 v1.0 PRO
Ohmforce Quad Frohmage Pro VST v1.10
OTtBP
OTtBPSDK
QuickTime
RealPlayer
Reason 4.0
Replicant VST plug-in
Rhapsody Player Engine
Rob Papen Predator V1.1.1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Series II MIDI
SFR
SHASTA
SKIN0001
SKINXSDK
Sonalksis SV-315 Compressor Plug-in (evaluation)
Sonalksis SV-517 Stereo EQ DX VST v1.2
Sounddiver Virus OEM 6.6 Release 1
Spybot - Search & Destroy
Sylenth1 v2.20
TerraTec Komplexer VSTi v1.0.2.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
VPRINTOL
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

4/20/2010 12:52:40 AM, error: Service Control Manager [7026]  - The followin
0

Let's keep Spybots find in quarantine for now.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Ok Combofix ran but only in safe mode with network connections (under administrator) , and it also ask that combofix download and install "microsoft windows recovery console" without it will not repiad serious infections , i clicked no because wasnt sure if that what it was supposed to do ,it just restarted my pc but it didnt produce a combo fix log, does it just automatically save somewhere in program files/ combofix ...?

heres my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:00 PM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jc Vital\My Documents\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF22294.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKLM\..\RunOnce: [combofix] "C:\ComboFix\CF22294.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/m010g/EN/install/gtdownlr.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://cvpn.onss.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199676726031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 4851 bytes

Edited by Optical 9: n/a

0

Looks like it was set to run after reboot. There may be a log in C:\qoobox.
Try running it again if you cannot find the log.

0

Nevermind
I just booted my pc normally " no safe" then it activated combofix. I let it run its course but i still chose no for letting combofix install " microsoft windows recovery console" it produced a CF log here it is

combofix

ComboFix 10-04-21.01 - Jc Vital 04/21/2010 17:00:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.478 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ave.exe
c:\documents and settings\Jc Vital\Local Settings\Temporary Internet Files\2g3VQesU.jpg
c:\documents and settings\Jc Vital\Local Settings\Temporary Internet Files\A8v81Sd1h.jpg
c:\documents and settings\Jc Vital\Local Settings\Temporary Internet Files\Au88kJdw.jpg
c:\documents and settings\Jc Vital\Local Settings\Temporary Internet Files\EknwS2.jpg
c:\recycler\S-1-5-21-329068152-789336058-1060284298-1003
c:\windows\system32\sstray.exe
c:\windows\wiaserviv.log

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 21:01 . 2010-04-21 21:01 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 11:44 . 2010-04-20 11:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 11:44 . 2010-04-20 11:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 11:44 . 2010-04-20 11:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-04-20 03:53 . 2010-04-20 03:53 699904 ----a-w- c:\windows\is-96QB9.exe
2010-04-17 17:10 . 2010-04-17 17:10 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-17 17:10 . 2010-04-17 17:10 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-17 17:10 . 2010-04-17 17:10 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-17 17:10 . 2010-04-17 17:10 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-17 17:10 . 2010-04-17 17:10 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-17 17:10 . 2010-04-17 17:10 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-17 17:10 . 2010-04-17 17:10 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-17 17:10 . 2010-04-17 17:10 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-17 17:09 . 2010-04-17 17:09 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-17 17:09 . 2010-04-17 17:09 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-17 17:09 . 2010-04-17 17:09 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-17 17:09 . 2010-04-17 17:09 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-17 17:08 . 2010-04-17 17:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-01 18:44 . 2010-04-01 18:44 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-04-01 18:44 . 2010-04-01 18:44 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-04-01 18:44 . 2010-04-01 18:44 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-03-30 12:41 . 2010-03-30 12:41 307992 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgaspmx.dll
2010-03-30 06:25 . 2010-04-17 15:19 439816 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\setup.exe
2010-03-29 15:50 . 2010-03-29 15:50 20846064 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-28 23:14 . 2010-03-28 23:14 833128 ----a-w- c:\windows\Replicant VST plug-in Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 21:00 . 2008-08-17 03:02 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-21 21:00 . 2010-04-21 21:00 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-20 03:54 . 2009-06-23 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 03:53 . 2009-11-08 00:28 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-20 02:37 . 2008-10-07 23:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-20 01:22 . 2010-04-20 01:22 13688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 00:23 . 2010-04-20 00:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-17 16:58 . 2010-03-14 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-30 04:46 . 2009-06-23 19:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-06-23 19:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 00:43 . 2008-04-24 16:48 -------- d-----w- c:\documents and settings\Jc Vital\Application Data\DivX
2010-03-17 00:40 . 2008-04-24 16:47 -------- d-----w- c:\program files\DivX
2010-03-17 00:40 . 2010-03-16 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-17 00:40 . 2010-03-17 00:40 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-17 00:40 . 2010-03-17 00:40 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-17 00:40 . 2010-03-17 00:40 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-17 00:38 . 2010-03-17 00:38 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-17 00:38 . 2010-03-17 00:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-17 00:38 . 2010-03-17 00:38 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-03-17 00:32 . 2010-03-17 00:40 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-17 00:32 . 2010-03-17 00:40 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-16 22:31 . 2010-03-16 22:31 -------- d-----w- c:\documents and settings\Jc Vital\Application Data\AVG9
2010-03-14 21:54 . 2010-03-14 21:54 390664 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\temp\~Upg0\RealPlayer11.exe
2010-03-14 21:54 . 2010-03-14 21:54 390664 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\RealPlayer\Update\RealPlayer11_AVG_RESTORED.exe
2010-03-14 21:53 . 2008-08-17 03:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 21:53 . 2008-08-17 03:02 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 21:52 . 2008-08-17 03:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-14 20:50 . 2008-06-26 22:36 -------- d-----w- c:\program files\AVG
2010-03-14 20:28 . 2010-03-14 20:28 8405312 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-14 20:28 . 2010-03-14 20:28 149000 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-14 20:28 . 2010-03-14 20:28 10309448 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-14 20:27 . 2010-03-14 20:27 283280 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-14 20:27 . 2010-03-14 20:27 181768 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-14 20:27 . 2010-03-14 20:27 79368 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-14 20:27 . 2010-03-14 20:27 64000 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-14 20:27 . 2010-03-14 20:27 52288 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-14 20:27 . 2010-03-14 20:27 50688 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-14 20:27 . 2010-03-14 20:27 49152 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-14 20:27 . 2010-03-14 20:27 118784 ----a-w- c:\documents and settings\Jc Vital\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:43 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-17 13:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-03 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 21:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-04-17 17:09 2064224 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 04:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7336:TCP"= 7336:TCP:Services
"7337:TCP"= 7337:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"9130:TCP"= 9130:TCP:Services
"9131:TCP"= 9131:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/16/2008 11:02 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/16/2008 11:02 PM 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/14/2010 5:52 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 5:53 PM 308064]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [4/23/2007 5:12 AM 336944]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2/1/2009 6:30 AM 302728]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/8/2008 10:46 AM 716272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://cvpn.onss.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-nForce Tray Options - sstray.exe
AddRemove-Nomad Factory Blue Tubes Bundle v2.0 - g:\progra~1\vst\VSTPLU~1\BLUETU~1\NOMADF~1\UNWISE.EXE
AddRemove-Ohm Force Hematohm VST2 v1.0 - g:\progra~1\vst\VSTPLU~1\VSTPLU~1\HEMATO~1\UNINST~1\UNWISE.EXE
AddRemove-Predator_is1 - g:\program files\vst\vstplugins\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BB9B3AA-27B5-4CFF-E5C5-9B5DDFB53AC9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhjcendpjebbkomkihgakkeggideokhcj"=hex:61,61,00,00
"magjfffielddaciccfnpijmgao"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1853957-8803-4085-618E-8ED78C85B9C5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-21 17:08:51
ComboFix-quarantined-files.txt 2010-04-21 21:08

Pre-Run: 4,865,286,144 bytes free
Post-Run: 4,780,077,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CBB861ED34D86C854CB38749861D3CBE

0

OK i'll go there


I think its running ok i still need to enable avg, mabm , spybot, and few other programs in msconfig while combofix was running before, ill post back logs & results soon .

thanks

Edited by Optical 9: n/a

0

Ok i just rebooted up all disabled apps are now working soo far soo good.

Ive scanned that file at jottis and here my results

Jotti's malware scan
Filename: is-96QB9.exe
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Thu 22 Apr 2010 04:00:07 (CET) Permalink

Additional info
File size: 699904 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 0637235e56d68e8cdb1d204508434a05
SHA1: 5f66a8bcd9cbca76b6cbccf5cd798eb3e2c31ea7

Hey man i really appreciate the help .the only app that didnt work or wasnt available was Avg in gottis website soo im gonna do a avg scan right now, but soo far soo good, thanks alot!

Edited by Optical 9: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.