viruses....cannot turn on windows sercurity centre - Page 2

scanned using combofix, here is the log:

ComboFix 11-01-30.02 - Ramzan 31/01/2011 15:43:22.2.2 - x86
Running from: c:\users\Ramzan\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ramzan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scanner
c:\users\Ramzan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scanner\Scanner.lnk
c:\users\Ramzan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scanner\Uninstall Scanner.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-31 15:54 . 2011-01-31 15:55 -------- d-----w- c:\users\Ramzan\AppData\Local\temp
2011-01-31 15:54 . 2011-01-31 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 19:11 . 2011-01-30 19:11 -------- d-----w- c:\users\Ramzan\AppData\Roaming\f-secure
2011-01-30 19:09 . 2011-01-30 19:09 -------- d-----w- c:\programdata\F-Secure
2011-01-30 18:52 . 2011-01-31 13:22 -------- d-----w- c:\windows\BDOSCAN8
2011-01-30 18:38 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-28 19:39 . 2011-01-28 19:39 -------- d-----w- c:\program files\ESET
2011-01-28 15:57 . 2011-01-28 22:46 -------- d-----w- c:\users\Ramzan\AppData\Local\Adobe
2011-01-27 23:17 . 2011-01-27 23:17 -------- d-----w- c:\windows\Sun
2011-01-27 22:57 . 2011-01-27 22:57 -------- d-----w- c:\programdata\FLEXnet
2011-01-27 22:30 . 2011-01-27 22:30 110592 --sha-r- c:\windows\system32\swprvz.dll
2011-01-27 21:57 . 2011-01-27 21:57 -------- d-----w- c:\users\Ramzan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-01-27 21:57 . 2011-01-27 21:57 -------- d-----w- c:\users\Ramzan\AppData\Roaming\Adobe Mini Bridge CS5
2011-01-27 21:24 . 2011-01-27 21:24 -------- d-----w- c:\program files\Bonjour
2011-01-27 21:10 . 2011-01-27 21:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-01-25 16:58 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE26D764-769E-4BCA-9B5E-B495F5D4A189}\mpengine.dll
2011-01-21 15:53 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-21 15:53 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-21 15:53 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-21 15:53 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-21 15:53 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-20 15:23 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-20 15:22 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-01-20 15:21 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2011-01-20 15:21 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2011-01-20 15:21 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2011-01-20 15:21 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2011-01-20 15:21 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2011-01-20 15:21 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\wshom.ocx
2011-01-20 15:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-20 15:21 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-20 15:16 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-01-19 23:45 . 2011-01-19 23:45 -------- d-----w- C:\PerfLogs
2011-01-07 17:11 . 2011-01-07 17:11 -------- d-----w- C:\extensions
2011-01-07 17:10 . 2011-01-28 18:25 -------- d-----w- c:\users\Ramzan\AppData\Roaming\uTorrent
2011-01-01 17:26 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-01-01 17:26 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-01-01 17:26 . 2008-06-20 01:17 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-01-01 17:26 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-01-01 17:25 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2011-01-01 17:25 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-19 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-01-19 23:05 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-13 08:47 . 2010-12-28 22:55 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-28 22:57 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-28 22:57 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-12-28 22:57 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-28 22:57 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-12-28 22:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-12-28 22:55 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 18:09 . 2010-11-24 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-11-24 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"Google Update"="c:\users\Ramzan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 136176]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 15:58]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 15:58]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259305377-3176393449-80091005-1000Core.job
- c:\users\Ramzan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 18:30]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259305377-3176393449-80091005-1000UA.job
- c:\users\Ramzan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 15:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-31 16:00:11
ComboFix-quarantined-files.txt 2011-01-31 16:00

Pre-Run: 81,733,419,008 bytes free
Post-Run: 82,271,232,000 bytes free

- - End Of File - - 3D9990B5CA5DFB7EA36FF6CFF1A3DB7B

Again, you have NOT followed instuctions:
combofix instructions are VERY CLEAR

• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Yet your log shows the following:
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

What is it about the word STOP that you do not understand?

Do NOT run the program again. but sooner or later you are going to have to learn to follow instuctions.

I will have to consult with somebody else on this since you didn't follow the instructions correctly.

Honestly I don't know wat u trying to say...but if u know combofix won't allow you to scan unless the anti virus software disabled....which I did because the scan wudnt start unless I disabled the anti virus, so far as I'm concerned I followed all the instructions right! Check for ur self u CANNOT run a combofix scan unless u have disabled the anti virus software which I clearly did or the scan wouldn't have been completed...

Sorry, but you are 100% incorrect. NO place does it say that combofix will not scan if the anti-virus is enabled.
The instructions in the say the following:
"Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix."

It DOES NOT say combofix will not run, it says it will not run PROPERLY. Which means that some infected files may not be removed.

I posted similar instructions:
"Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix."

I DID NOT say it would not run.

It OBVIOUSLY DID run on your machine, the log clearly shows that Avast WAS enabled and Windows Defender WAS enabled. Neither one was turned off.

Here again is the top of YOUR log that you posted here:

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

If they were turned off the log would have said Disabled like this,

AV: avast! Antivirus [B]*[B]Disabled[/B][/B]/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus [B]*[B]Disabled[/B][/B]/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *[B][B]Disabled[/B][/B]/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Your log clearly does NOT say Disabled.

Ok I dnt knw what to say but I am 100% sure that I disabled avast, when I ran the combofix a message popped up saying that I would have to disable avast to Continue the scan, which I did but I didn't disable windows defender, but one of the reason I came back to the forum was that I couldn't turn on my windows security centre, so what should I do now? I'm sorry to be an inconvenience to u but I am sure dat avast was disabled!

I can assure you Avast was NOT disabled, if it were disabled it would show that it was disabled in your log. I told you, since it was run incorrectly you would have to wait until I get information concerning this incorrect running. That is all I can tell you now.

Did you run combofix twice? If so, I need to see the other log.

never mind about my question about running combofix twice, you did...33 days ago in your first thread. I won't need to see that other log.
Can you see now why this is all so very frustrating to all of us who work to help people clean their computers?
33 days! and you are back again with the same problems for the very same reason!
We care about keeping computers clean and safe and fun to use, it is people like you who do not.

Now you need to UNINSTALL Combofix and it MUST be done this way, EXACTLY:

Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

If you feel your problems are solved you can mark this one solved.

combofix was uninstalled, the way u stated! do u want me to run the removal tool same as before from the last thread? anywayz thanks again for all the help, the computer is running fine and windows security centre is working as well now, thanks again jhollad and believe me this wont b happening again! thank u for everything!

You don't need to run any more removal tools you all ready have removed everything.

I caution you one final time. Do not come back here and ask for assistance if you infect your system again by using any type of file sharing, cracked software, keygens, etc. You will NOT receive assistance for removal of infections due to illegal activity.