WiredWX Hobby Weather ToolsLog in

 


antivirus vista messing up my laptop

2 posters

descriptionantivirus vista messing up my laptop Emptyantivirus vista messing up my laptop29th March 2010, 1:55 pm

more_horiz
my laptop is getting these popups that my computer is in danger and that i have a virus it sais to down load there program please help me

descriptionantivirus vista messing up my laptop EmptyRe: antivirus vista messing up my laptop29th March 2010, 2:37 pm

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionantivirus vista messing up my laptop EmptyRe: antivirus vista messing up my laptop29th March 2010, 6:28 pm

more_horiz
ComboFix 10-03-28.03 - nestor2hott 03/29/2010 13:57:46.1.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.1790.1054 [GMT -4:00]
Running from: c:\users\nestor2hott\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1376201192-426686078-2981821646-500
c:\$recycle.bin\S-1-5-21-727980789-1891768318-1025507374-500
c:\program files\Common Files\Uninstall
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\users\nestor2hott\AppData\Local\ave.exe
c:\users\nestor2hott\AppData\Local\lqapgf
c:\users\nestor2hott\AppData\Local\lqapgf\admssftav.exe
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\-9FRl-Bn
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\aQ7M2.jpg
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\CHRkgVn
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\cufM2.jpg
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\H-h_V4OIa_
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\NYY5iHuVT.jpg
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sb3mISl1.jpg
c:\users\nestor2hott\AppData\Local\Microsoft\Windows\Temporary Internet Files\z46-H5--1-S98
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\uEf3M5.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 18:10 . 2010-03-29 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-29 13:44 . 2010-03-29 13:44 -------- d-----w- C:\_OTL
2010-03-29 13:05 . 2010-03-29 15:13 201728 --sha-w- c:\users\nestor2hott\AppData\Local\3445627866.dll
2010-03-29 06:56 . 2010-03-29 06:56 -------- d-----w- c:\program files\Veetle
2010-03-27 16:51 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 16:51 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 11:16 . 2010-03-27 11:16 -------- d-----w- c:\windows\system32\drivers\NSS
2010-03-27 11:16 . 2010-03-27 11:16 -------- d-----w- c:\program files\Norton Security Scan
2010-03-16 22:52 . 2010-03-20 18:51 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-16 22:52 . 2010-03-16 22:52 -------- d-----w- c:\programdata\McAfee
2010-03-16 22:52 . 2010-03-21 16:38 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-13 02:05 . 2010-03-13 02:05 -------- d-----w- c:\users\nestor2hott\AppData\Local\TVU Networks
2010-03-13 02:05 . 2010-03-13 02:05 -------- d-----w- c:\programdata\TVU Networks
2010-03-13 02:04 . 2010-03-13 02:05 -------- d-----w- c:\program files\TVUPlayer
2010-03-10 08:01 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 08:01 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 08:01 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-05 08:24 . 2010-03-05 08:34 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\GetRightToGo
2010-03-04 02:13 . 2010-03-04 02:13 -------- d-----w- c:\users\nestor2hott\AppData\Local\IsolatedStorage
2010-03-01 04:33 . 2010-03-01 04:33 -------- d-----w- c:\users\nestor2hott\AppData\Local\Windows Live Writer
2010-03-01 04:33 . 2010-03-01 04:33 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\Windows Live Writer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 00:32 . 2009-02-15 20:44 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\LimeWire
2010-03-27 17:05 . 2009-02-23 05:21 7592 ----a-w- c:\users\nestor2hott\AppData\Local\d3d9caps.dat
2010-03-27 16:51 . 2009-05-01 10:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 11:16 . 2008-10-25 22:53 -------- d-----w- c:\programdata\Symantec
2010-03-27 11:16 . 2008-10-25 22:52 -------- d-----w- c:\programdata\Norton
2010-03-27 11:16 . 2008-10-25 22:52 -------- d-----w- c:\program files\NortonInstaller
2010-03-27 11:16 . 2009-02-16 04:48 28409 ----a-w- c:\programdata\nvModes.dat
2010-03-24 15:11 . 2009-02-14 06:26 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\ZoomBrowser EX
2010-03-16 15:36 . 2010-03-22 22:16 52224 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
2010-03-16 15:36 . 2010-03-22 22:16 101376 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
2010-03-12 11:09 . 2009-02-14 06:27 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\CameraWindowDC
2010-03-10 12:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 08:07 . 2008-10-25 23:52 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 00:46 . 2010-03-09 00:46 84480 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
2010-03-09 00:46 . 2010-03-09 00:46 56832 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
2010-03-09 00:46 . 2010-03-09 00:46 42496 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
2010-03-09 00:46 . 2010-03-09 00:46 41984 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
2010-03-09 00:46 . 2010-03-09 00:46 301568 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
2010-03-09 00:46 . 2010-03-09 00:46 2767360 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
2010-03-09 00:46 . 2010-03-09 00:46 152664 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe
2010-03-08 00:40 . 2010-03-08 00:40 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-03-08 00:39 . 2010-03-08 00:39 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-08 00:39 . 2010-03-08 00:39 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2010-03-05 13:50 . 2009-02-12 02:11 107512 ----a-w- c:\users\nestor2hott\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 04:38 . 2008-10-25 23:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 03:39 . 2008-10-25 23:09 -------- d-----w- c:\programdata\WildTangent
2010-02-27 03:30 . 2010-02-27 03:30 -------- d-----w- c:\programdata\SpinTop Games
2010-02-26 22:13 . 2010-03-28 20:53 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 14:16 . 2009-10-03 19:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 06:49 . 2010-02-24 06:49 -------- d-----w- c:\users\nestor2hott\AppData\Roaming\Template
2010-02-22 18:28 . 2010-03-28 20:53 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-19 23:05 . 2010-02-19 23:05 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-10 01:22 . 2010-02-10 01:22 0 ----a-w- c:\users\nestor2hott\AppData\Roaming\wklnhst.dat
2010-02-06 08:19 . 2009-05-23 19:11 -------- d-----w- c:\program files\Google
2010-02-06 05:04 . 2010-02-06 05:04 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3EB6.tmp.exe
2010-02-04 21:51 . 2010-03-28 20:53 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-25 12:48 . 2010-02-25 22:30 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 22:30 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 22:30 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 22:30 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 22:30 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 22:30 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 22:30 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 22:30 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 22:30 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-25 22:09 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-02 06:38 . 2010-01-22 13:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 13:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 13:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-25 23:12 . 2008-10-25 22:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-23 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-727980789-1891768318-1025507374-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2008-10-25 115560]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]

.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 08:19]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 08:19]

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{C82BC4C0-EFC6-4667-B95E-1498C1383EAB}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.zugo.com/?cfg=2-80-0-wXgr
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Playdom Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-80-0-wXgr
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021XMUS&fl=0&ptb=kyo2bDtH3vUCZg.VxNw4HQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=11001&searchfor=
FF - component: c:\program files\Mozilla Firefox\extensions\{ca6a42e8-5c3b-8c3f-4659-f4845f33fdf9}\components\MQGsI5yFH.dll
FF - component: c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
FF - component: c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
FF - component: c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-uEf3M5 - c:\windows\system32\uEf3M5.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 14:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-03-29 14:23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-29 18:22

Pre-Run: 114,659,958,784 bytes free
Post-Run: 114,555,686,912 bytes free

- - End Of File - - B15631120E86CC9A25DCF1D179F4CA8F

descriptionantivirus vista messing up my laptop EmptyRe: antivirus vista messing up my laptop30th March 2010, 1:15 am

more_horiz
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=============

You have WildTangent installed. This program has sometimes been known to distribute adware. I recommend its removal. But, that choice is up to you.

I see you are running LimeWire, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

=============

===============================================

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    DDS::
    uStart Page = hxxp://bing.zugo.com/?cfg=2-80-0-wXgr

    Firefox::
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-80-0-wXgr
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm021XMUS&fl=0&ptb=kyo2bDtH3vUCZg.VxNw4HQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=11001&searchfor=

    File::
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\update.exe
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\uninstall.exe
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\SearchToolbar.dll
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbhelper.dll
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\chrome\content\id_searchtoolbar\tbcore3.dll
    c:\users\nestor2hott\AppData\Roaming\Mozilla\Firefox\Profiles\d4b3c2op.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\setup_widget_serv.exe

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    antivirus vista messing up my laptop 2v3rg44

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

descriptionantivirus vista messing up my laptop EmptyRe: antivirus vista messing up my laptop

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum