HELP!!! Pleaaaase respond

5stey · 29 September 2009 at 1:09PM

aliEnRIK wrote: »

Dont panic. You removed AVAST and installed AVIRA because the computer was slow. I

ve asked you to run combofix

AlienRik I did run combifix it took a while and saved the log but I can't find it?? and it wont allow me to run combifix again I've tried 3 times!!

5stey · 29 September 2009 at 1:13PM

Please tell me how to run combifix again pleasssse.Do I need to shut down and start up again. Avira isn't updating anymore!!
Thankyou

5stey · 29 September 2009 at 1:35PM

aliEnRIK wrote: »

Dont panic. You removed AVAST and installed AVIRA because the computer was slow. Ive asked you to run combofix for 2 reasons ~
1 - to remove anything nasty it might find
2 - to show us a logfile of whats running (Goes deeper than Hijack)

The logfile will show us what needs doing next

Avira, Avast and AVG all have the plus and minus points. Dont panic about what you have and concentrate on getting the 'actual' problem fixed then you can have whatever av you desire

I

d guess that there is still remnants of 'some' av running in the system somewhere which is causing the problem, but until I see a logfile then your flying blind.

Halleluja here's the combifix log:
omboFix 09-09-28.01 - sarah 29/09/2009 10:16.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.894.174 [GMT 1:00]
Running from: c:\users\sarah\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2739527500-2302857582-2526765973-500
c:\windows\Installer\3f94f.msi
c:\windows\Installer\c59f4.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-28 19:55 . 2009-09-28 19:55

d

w- c:\program files\CCleaner
2009-09-28 16:52 . 2009-09-28 16:52

d

w- c:\program files\Trend Micro
2009-09-28 15:55 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-28 15:55 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-28 15:55 . 2009-09-28 15:55

d

w- c:\programdata\Avira
2009-09-28 15:55 . 2009-09-28 15:55

d

w- c:\program files\Avira
2009-09-28 14:28 . 2009-09-28 14:28

d

w- c:\users\sarahAppData\Roaming\Malwarebytes
2009-09-28 14:28 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 14:28 . 2009-09-28 14:28

d

w- c:\programdata\Malwarebytes
2009-09-28 14:28 . 2009-09-28 14:28

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 14:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 14:15 . 2009-09-28 14:15

d

w- C:\found.000
2009-09-21 19:25 . 2009-09-21 19:27

d

w- c:\windows\system32\ca-ES
2009-09-21 19:25 . 2009-09-21 19:26

d

w- c:\windows\system32\eu-ES
2009-09-21 19:25 . 2009-09-21 19:26

d

w- c:\windows\system32\vi-VN
2009-09-21 18:54 . 2009-09-21 18:54

d

w- c:\windows\system32\EventProviders
2009-09-17 18:00 . 2009-04-11 06:28 289792 ----a-w- c:\windows\system32\spinstall.exe
2009-09-17 17:59 . 2009-04-11 06:28 60416 ----a-w- c:\windows\system32\msscntrs.dll
2009-09-17 17:58 . 2009-04-11 06:28 69632 ----a-w- c:\windows\system32\PNPXAssoc.dll
2009-09-10 17:06 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 17:06 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 17:06 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 17:06 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 17:06 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 17:06 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 17:06 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 17:06 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 17:06 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 17:06 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 17:06 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 17:04 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 17:04 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-10 17:04 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 17:04 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 17:04 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 17:04 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 17:04 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-10 17:04 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-10 17:04 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-10 17:04 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-10 17:04 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-04 17:45 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-09-04 17:45 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 17:45 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 09:01 . 2009-04-22 09:11

d

w- c:\programdata\Google Updater
2009-09-21 19:27 . 2006-11-02 12:35

d

w- c:\program files\Windows Calendar
2009-09-21 19:27 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-09-21 19:27 . 2006-11-02 12:35

d

w- c:\program files\Windows Sidebar
2009-09-21 19:27 . 2006-11-02 12:35

d

w- c:\program files\Windows Collaboration
2009-09-21 19:27 . 2006-11-02 12:35

d

w- c:\program files\Windows Photo Gallery
2009-09-21 19:27 . 2006-11-02 12:35

d

w- c:\program files\Windows Defender
2009-07-27 12:10 . 2009-04-27 14:39 106032 ----a-w- c:\users\shaffa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-07-28 19:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 12:43 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 12:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 12:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 12:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 12:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-03-31 11:52 . 2009-03-31 11:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-28 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"OSD"="c:\program files\GTC\OSD\OSD.exe" [2008-09-01 139264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-22 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-06 6265376]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-08-06 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bd,0d,0e,8b,f2,3a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07DFA2BD-FE21-4B43-AACC-671F89E715AC}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{025F756A-0392-4D41-B031-8B072B5300AE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4AA65E84-CBB9-4A5D-95CA-3449F137C5E3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/09/2009 16:55 108289]
R3 mtc0303;BIOS Service Provider;c:\windows\System32\drivers\mtcBSv32.sys [14/03/2008 08:25 33792]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 VIACRX86;VIACRX86;c:\windows\System32\drivers\viacr.sys [22/04/2009 17:03 59264]
S2 gupdate1c9c32ae1e715e6;Google Update Service (gupdate1c9c32ae1e715e6);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 10:15 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 09:11]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 09:15]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 09:15]
.
.

Supplementary Scan

.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ustzvdpw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/r/hf
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 10:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-29 10:29
ComboFix-quarantined-files.txt 2009-09-29 09:29

Pre-Run: 128,601,841,664 bytes free
Post-Run: 128,545,689,600 bytes free

174 --- E O F --- 2009-09-28 14:23

5stey · 29 September 2009 at 1:44PM

Oh and another stupid question what does OSD do??? should it be running all the time?/

5stey · 29 September 2009 at 3:21PM

Please somebody help I am moving further and further into cyber space!!! Atrixblue I don't have skype sorry

aliEnRIK · 29 September 2009 at 6:24PM

ok

I cant see anything wrong with the logs as such but ~
C:\Program Files\GTC\OSD\OSD.exe

This (Ive only just realised) is an anti virus of some description
CA eTrust antivirus and ClamWin free antivirus. So uninstall it and make sure its gone for good.

Once thats out of the way then id guess the computer will run quicker and Avira will scan with no problems

5stey · 29 September 2009 at 6:27PM

aliEnRIK wrote: »

ok

I

cant see anything wrong with the logs as such but ~
C:\Program Files\GTC\OSD\OSD.exe

This (Ive only just realised) is an anti virus of some description
CA eTrust antivirus and ClamWin free antivirus. So uninstall it and make sure its gone for good.

Once thats out of the way then id guess the computer will run quicker and Avira will scan with no problems

Oh thank goodness you replied. So what do I have to do to get rid please. Tell me step by step so I don't screw things up.
Thanks again:T

5stey · 29 September 2009 at 7:26PM

I uninstalled OSD utility tray. Still doing the same thing. Now it says I need to install that driver HELP!!!

5stey · 29 September 2009 at 8:03PM

Please, Please somebody, somewhere will know what I need to do. pppppppppppppleasssse

aliEnRIK · 29 September 2009 at 8:15PM

Not entirely sure to be honest

Ive found this removal tool ~
http://download.mysecuritycenter.com/UninstallWithGUI.exe
But if you use it you DO SO AT YOUR OWN RISK

Personally id try as follows first ~
TICk these in hijack and click to FIX them
C:\Program Files\GTC\OSD\OSD.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\GTC\OSD\OSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Id also be tempted to open CCLEANER and goto TOOLS and START UP and shut down all CYBERLINK and ETRUST items from starting up

reboot

Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan

HELP!!! Pleaaaase respond

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free