99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 (edited) i cant do it bc it says app not found... Edited April 26, 2010 by 99GPGTX Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
ozo Posted April 26, 2010 Report Share Posted April 26, 2010 Can you boot into safe mode and run programs then? Quote Link to comment Share on other sites More sharing options...
99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 ok got it but it wont let me continue without disabling AVG...and there is no option to disable it..would i have to delete it Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
ozo Posted April 26, 2010 Report Share Posted April 26, 2010 If you're talking about combofix, don't worry about it, it should still do a good bit of it's job. There might be a snooze option in AVG, or something like that. I've never used it. But yeah, combofix should just run regardless. Quote Link to comment Share on other sites More sharing options...
99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 (edited) it was doing something they said...something about something not being installed so i says "connecting to Http://download.microsoft.com... then it downloaded whatever and it says 100% now its not doing anything on a positive note i hit IE and it opened Edited April 26, 2010 by 99GPGTX Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 now i have... Congrats!!! the microsoft recovery console was successfully installed. on each restart of the machine, a black sreen will offer you the option to boot into recovery console mode. For normal use, just ingnore the black screen. windows shall boot normally in 2 seconds click yes to continue the scanning for malware.... i assume hit yes? Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
ozo Posted April 26, 2010 Report Share Posted April 26, 2010 (edited) Yes, that means its working edit: Also make sure to post the log here after it's done. Edited April 26, 2010 by ozo Quote Link to comment Share on other sites More sharing options...
99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 ComboFix 10-04-21.01 - user1 04/26/2010 11:38:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1317 [GMT -4:00] Running from: c:\documents and settings\user1\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Toolbar4 c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\update.exe c:\documents and settings\user1\Application Data\02000000f3c65433891C.manifest c:\documents and settings\user1\Application Data\02000000f3c65433891O.manifest c:\documents and settings\user1\Application Data\02000000f3c65433891P.manifest c:\documents and settings\user1\Application Data\02000000f3c65433891S.manifest c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{7f009e2d-8bae-4e0d-a5e5-60de5ff7edf5} c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{7f009e2d-8bae-4e0d-a5e5-60de5ff7edf5}\chrome.manifest c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{7f009e2d-8bae-4e0d-a5e5-60de5ff7edf5}\chrome\xulcache.jar c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{7f009e2d-8bae-4e0d-a5e5-60de5ff7edf5}\defaults\preferences\xulcache.js c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{7f009e2d-8bae-4e0d-a5e5-60de5ff7edf5}\install.rdf c:\documents and settings\user1\Application Data\SystemProc c:\documents and settings\user1\Start Menu\Programs\PlayMP3z c:\documents and settings\user1\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif c:\program files\\setup.exe c:\program files\autorun.inf c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\program files\PlayMP3z c:\program files\PlayMP3z\PlayMP3.exe c:\program files\PlayMP3z\uninstall.exe c:\program files\Setup.exe c:\recycler\S-1-5-21-3396544724-6812511794-671276009-4986 c:\recycler\S-1-5-21-4738839956-5298837602-137074463-6328 c:\recycler\S-1-5-21-6291950628-9509260072-817331802-6205 c:\windows\GnuHashes.ini c:\windows\system32\641643679 c:\windows\system32\cabview32.dll c:\windows\system32\Cache c:\windows\system32\comsvcs32.dll c:\windows\system32\console32.dll c:\windows\system32\credui32.dll c:\windows\system32\cscui32.dll c:\windows\system32\dmconfig32.dll c:\windows\system32\dmserver3232.dll c:\windows\system32\dmsynth32.dll c:\windows\system32\dmsynth3232.dll c:\windows\system32\dmutil32.dll c:\windows\system32\dnssd32.dll c:\windows\system32\dot3cfg32.dll c:\windows\system32\drmclien32.dll c:\windows\system32\dsauth32.dll c:\windows\system32\es32.dll c:\windows\system32\esentprf32.dll c:\windows\system32\eventcls32.dll c:\windows\system32\fontext32.dll c:\windows\system32\fontext3232.dll c:\windows\system32\iasnap32.dll c:\windows\system32\iisext32.dll c:\windows\system32\iissuba32.dll c:\windows\system32\SysWoW32 c:\windows\system32\SysWoW32\_u1314294178v4 c:\windows\system32\SysWoW32\_u1314294178v5 c:\windows\system32\SysWoW32\_u1314294178v6 c:\windows\system32\SysWoW32\_u1314294178v7 c:\windows\system32\SysWoW32\mu1314294178v4 c:\windows\system32\SysWoW32\mu1314294178v4.kwd c:\windows\system32\SysWoW32\mu1314294178v5 c:\windows\system32\SysWoW32\mu1314294178v5.kwd c:\windows\system32\SysWoW32\mu1314294178v6 c:\windows\system32\SysWoW32\mu1314294178v6.kwd c:\windows\system32\SysWoW32\mu1314294178v7 c:\windows\system32\SysWoW32\mu1314294178v7.kwd c:\windows\system32\SysWoW32\wu1314294178v0 c:\windows\system32\SysWoW32\wu1314294178v0.kwd c:\windows\system32\SysWoW32\wu1314294178v1 c:\windows\system32\SysWoW32\wu1314294178v1.kwd c:\windows\system32\SysWoW32\wu1314294178v2 c:\windows\system32\SysWoW32\wu1314294178v2.kwd c:\windows\system32\SysWoW32\wu1314294178v3 c:\windows\system32\SysWoW32\wu1314294178v3.kwd c:\windows\system32\unrar.exe . ((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 ))))))))))))))))))))))))))))))) . 2010-04-26 14:33 . 2010-04-26 14:33 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes 2010-04-26 14:33 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-26 14:33 . 2010-04-26 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 14:33 . 2010-04-26 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-26 14:33 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 23:35 . 2010-04-21 16:06 52224 ----a-w- c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\FFExternalAlert.dll 2010-04-25 23:35 . 2010-04-21 16:06 101376 ----a-w- c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\RadioWMPCore.dll 2010-04-24 18:21 . 2010-04-24 18:21 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\avG 2010-04-24 18:21 . 2010-04-24 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-20 20:11 . 2010-04-20 20:11 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 20:10 . 2010-04-20 20:10 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-17 17:15 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll 2010-04-17 17:07 . 2010-04-17 17:15 -------- d-----w- c:\program files\Xvid 2010-04-13 01:28 . 2010-04-13 01:28 132472 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Symantec\SYMCCHECKER.dll 2010-04-12 19:44 . 2010-04-12 19:44 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-04-12 18:27 . 2010-04-12 18:25 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-04-12 18:27 . 2010-04-12 18:25 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-04-12 18:27 . 2010-02-06 18:38 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe 2010-04-12 18:27 . 2010-02-06 18:38 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-04-12 18:27 . 2010-02-06 18:38 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe 2010-04-12 18:27 . 2010-04-12 18:27 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-04-12 18:27 . 2010-04-12 18:27 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-04-12 18:27 . 2010-04-12 18:27 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-04-12 18:27 . 2010-04-12 18:27 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-04-12 18:27 . 2010-04-12 18:27 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-04-12 18:27 . 2010-04-12 18:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-04-12 18:25 . 2010-04-13 01:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-04-12 18:25 . 2010-04-13 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-04-08 14:26 . 2010-04-08 14:26 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-04-08 00:23 . 2010-04-08 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks 2010-04-08 00:23 . 2010-04-08 00:23 -------- d-----w- c:\program files\Orb Networks 2010-04-08 00:18 . 2010-04-08 00:18 -------- d-----w- c:\documents and settings\user1\Application Data\AVS4YOU 2010-04-08 00:17 . 2010-04-08 00:18 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-04-08 00:17 . 2008-08-13 14:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2010-04-08 00:17 . 2008-08-13 14:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2010-04-08 00:17 . 2008-08-13 14:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2010-04-08 00:17 . 2010-04-08 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-04-08 00:17 . 2010-04-08 00:18 -------- d-----w- c:\program files\AVS4YOU 2010-04-08 00:17 . 2008-08-13 14:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2010-04-08 00:17 . 2008-08-13 14:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-04-01 21:11 . 2010-04-01 21:11 -------- d-----w- c:\program files\Common Files\Skype 2010-04-01 13:35 . 2010-04-01 13:35 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-04-01 13:35 . 2010-04-01 13:35 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll 2010-04-01 13:35 . 2010-04-01 13:35 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2010-04-01 13:35 . 2010-04-01 13:35 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll 2010-04-01 13:35 . 2010-04-01 13:35 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll 2010-04-01 13:35 . 2010-04-01 13:35 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2010-04-01 13:35 . 2010-04-01 13:35 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-04-01 13:35 . 2010-04-01 13:35 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll 2010-04-01 13:35 . 2010-04-01 13:35 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-04-01 13:35 . 2010-04-01 13:35 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2010-04-01 13:35 . 2010-04-01 13:35 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-04-01 13:35 . 2010-04-01 13:35 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe 2010-04-01 13:34 . 2010-04-01 13:34 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-28 23:49 . 2010-03-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\xml_param 2010-03-28 23:47 . 2010-04-05 02:44 -------- d-----w- c:\program files\Wondershare 2010-03-28 23:43 . 2010-03-28 23:43 -------- d-----w- c:\documents and settings\user1\.dvdcss 2010-03-28 23:43 . 2010-03-28 23:43 -------- d-----w- C:\OutputFolder 2010-03-28 23:43 . 2010-03-28 23:43 -------- d-----w- c:\documents and settings\user1\Application Data\Digiarty 2010-03-28 23:43 . 2010-03-28 23:43 -------- d-----w- c:\program files\Digiarty 2010-03-28 20:24 . 2002-07-17 13:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL 2010-03-28 20:24 . 2002-07-17 12:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS 2010-03-28 20:24 . 2010-03-28 23:54 -------- d-----w- c:\program files\Free DVD Ripper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-26 14:58 . 2010-01-10 23:24 -------- d-----w- c:\documents and settings\user1\Application Data\BitTorrent 2010-04-25 16:51 . 2010-01-12 04:03 -------- d-----w- c:\documents and settings\user1\Application Data\Skype 2010-04-25 16:00 . 2010-04-25 16:00 0 ----a-w- c:\windows\system32\554.tmp 2010-04-25 16:00 . 2010-04-25 16:00 0 ----a-w- c:\windows\system32\553.tmp 2010-04-25 16:00 . 2010-04-25 16:00 0 ----a-w- c:\windows\system32\552.tmp 2010-04-25 16:00 . 2010-04-25 16:00 0 ----a-w- c:\windows\system32\551.tmp 2010-04-24 14:46 . 2010-04-24 14:46 1077248 --sha-w- c:\windows\system32\466.tmp 2010-04-24 14:10 . 2010-04-24 14:10 1077248 --sha-w- c:\windows\system32\43C.tmp 2010-04-24 12:09 . 2010-03-22 00:27 -------- d-----w- c:\documents and settings\user1\Application Data\skypePM 2010-04-23 18:07 . 2010-03-02 22:52 -------- d-----w- c:\documents and settings\user1\Application Data\LimeWire 2010-04-23 01:45 . 2010-04-23 01:44 1077248 --sha-w- c:\windows\system32\43.tmp 2010-04-22 02:38 . 2010-01-09 21:10 34895 ----a-w- c:\windows\system32\nvModes.dat 2010-04-20 20:10 . 2010-01-13 03:32 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-12 18:27 . 2010-02-06 18:38 -------- d-----w- c:\program files\DivX 2010-04-12 18:27 . 2010-02-06 18:38 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-03-29 14:42 . 2010-02-21 07:48 -------- d-----w- c:\documents and settings\user1\Application Data\dvdcss 2010-03-28 23:54 . 2010-02-06 17:24 -------- d-----w- c:\program files\MagicDVDRipper 2010-03-26 19:21 . 2010-01-10 23:57 -------- d-----w- c:\documents and settings\user1\Application Data\Apple Computer 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\22979\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\22979\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\22979\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\22979\AcrobatUpdater.exe 2010-03-24 03:45 . 2010-02-08 19:26 -------- d-----w- c:\documents and settings\user1\Application Data\U3 2010-03-22 00:27 . 2010-03-22 00:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-03-16 14:35 . 2010-03-16 14:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 14:35 . 2010-01-13 03:32 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 14:35 . 2010-01-13 03:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-02 23:19 . 2010-03-02 23:19 -------- d-----w- c:\program files\LimeWirepro 2010-03-02 23:19 . 2010-03-02 22:52 -------- d-----w- c:\program files\LimeWire 2010-02-22 19:44 . 2010-01-27 19:05 0 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\prvlcl.dat 2010-02-21 07:48 . 2010-01-09 20:59 68848 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-08 20:22 . 2010-02-08 20:22 56136 ---ha-w- c:\windows\system32\mlfcache.dat 2010-01-31 01:44 . 2010-01-31 01:44 0 ----a-w- c:\documents and settings\user1\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2010-01-28 22:02 . 2010-01-28 22:02 70984 ----a-w- c:\documents and settings\user1\g2mdlhlpx.exe 2010-01-12 22:26 . 2010-01-12 22:25 1677557 ----a-w- c:\program files\aresultra_fullversion.exe 2007-07-10 06:05 . 2010-02-20 04:46 2019328 ----a-w- c:\program files\setupx.exe 2007-03-13 06:34 . 2010-02-20 04:46 1062448 ----a-w- c:\program files\NeroBar.exe 2006-12-15 08:50 . 2010-02-20 04:46 483328 ----a-w- c:\program files\Toolbar.exe 2006-06-14 07:45 . 2010-02-20 04:46 288638 ----a-w- c:\program files\Nero7.ico . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544] "NVHotkey"="nvHotkey.dll" [2009-11-21 87144] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-09 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "Orb"="c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe" [2009-12-21 714192] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2008-04-14 99840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 14:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWirepro\\LimeWire.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/12/2010 11:32 PM 216200] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/12/2010 11:32 PM 242896] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 10:35 AM 308064] S0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [12/7/2009 3:36 PM 308248] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/28/2010 4:24 PM 16512] . Contents of the 'Scheduled Tasks' folder 2010-04-26 c:\windows\Tasks\Orb Index when idle.job - c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-12-21 23:04] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://cms.bsu.edu/Gateways/CurrentStudents.aspx FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - component: c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\FFExternalAlert.dll FF - component: c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\02uoxe1j.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\RadioWMPCore.dll ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-ares - c:\program files\Ares\Ares.exe HKLM-Run-nwiz - nwiz.exe Notify-140cd3f8891 - c:\windows\system32\dmserver32.dll AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-26 11:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-04-26 11:45:19 ComboFix-quarantined-files.txt 2010-04-26 15:45 Pre-Run: 67,134,214,144 bytes free Post-Run: 71,472,254,976 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - CAFDADA4D532FDE39FB3B70C2D4320FC Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
ozo Posted April 26, 2010 Report Share Posted April 26, 2010 Yeah you were pretty badly infected. Is it running any better now? Quote Link to comment Share on other sites More sharing options...
99GPGTX Posted April 26, 2010 Author Report Share Posted April 26, 2010 (edited) no cluue what any of that means ya it runs a little better..at least now i can open things up Edited April 26, 2010 by 99GPGTX Quote Currently: 2015 Evo X WW Forgestar F14 18s --Rally Armour Mudflaps ETS 3.5" FMIC, CAI, Open Dump DownPipe, Test Pipe, Ultimate Racing Catback, BLEVINS TUNE, Fortune Auto 500 Coilovers Build: Crescendo Mezzos x2 Crescendo 800.4, 1500.1 Loaded Fi Q12 Second Skin Pro XS D5100 RF 360.2 Sky High Audio Wiring Need: ALTERNATOR! PREVIOUS 1999 Grand Prix GTX 3.8L S/C-few modsWheels: Ruff Racing 280 19x8.5 Sub: Fully Loaded 12" Fi BTL Amps: Autotek MM3000.1d Sundown SAX-100.4HU/Tweets/mids: Alpine D310 + H701, TBI HDSS tweets, Mpyr audio 65m x4extra sheit: knukonceptz 0, 4, rcas, speaker wire EA 200amp alt HC 2400 TEAM DEADLY HERTZ!! Financial Consultant- Charles Schwab Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.