Antoniodz95

Perfect. I have downloaded SpywareBlaster and Online Armor as in the link on you previous post. I would like to say thank you for everything you have done and hope i dont have to see you in the future Have a great week.

ok FINALLY done with the kaspersky scan so here you go. KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, February 21, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, February 21, 2010 20:49:11 Records in database: 3610312 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer A:\ C:\ D:\ Scan statistics Objects scanned 45251 Threats found 0 Infected objects found 0 Suspicious objects found 0 Scan duration 00:36:43 No threats found. Scanned area is clean. Selected area has been scanned. Thank you very much for your help and patience. I hope you have a wonderful week!

Ok so on the front page at the bottom it says Febuary 24... Today is the 21st...

Currently doing the Kaspersky update taking forever but other than that my computer is performing like brand new!!! Thank you so much. Here is my MBAM results for now. Malwarebytes' Anti-Malware 1.44 Database version: 3772 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/21/2010 1:18:29 PM mbam-log-2010-02-21 (13-18-29).txt Scan type: Quick Scan Objects scanned: 124813 Time elapsed: 3 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok Limewire and

Ok so heres the ComboFix logfile ComboFix 10-02-21.01 - Rudy 02/21/2010 12:18:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2547 [GMT -8:00] Running from: c:\documents and settings\Rudy\Desktop\ComboFix.com AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Guest\Local Settings\Application Data\{674505EC-3AD0-43F5-93F8-0D5FD55B12BB} c:\documents and settings\Guest\Local Settings\Application Data\{674505EC-3AD0-43F5-93F8-0D5FD55B12BB}\chrome.manifest c:\documents and settings\Guest\Local Settings\Application Data\{674505EC-3AD0-43F5-93F8-0D5FD55B12BB}\chrome\content\_cfg.js c:\documents and settings\Guest\Local Settings\Application Data\{674505EC-3AD0-43F5-93F8-0D5FD55B12BB}\chrome\content\overlay.xul c:\documents and settings\Guest\Local Settings\Application Data\{674505EC-3AD0-43F5-93F8-0D5FD55B12BB}\install.rdf c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\77mya.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\AaYkp.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\J8NBm1B.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\m0150k0.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\n10bj0mM.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\p0lb1xA05.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\XXm5Ba0La.jpg c:\documents and settings\Rudy\Local Settings\Temporary Internet Files\yAPm7oLA.jpg c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 ))))))))))))))))))))))))))))))) . 2010-02-21 20:07 . 2010-02-21 20:08 -------- d-----w- c:\program files\ERUNT 2010-02-21 18:20 . 2010-02-21 18:20 -------- d-----w- c:\program files\trend micro 2010-02-21 18:20 . 2010-02-21 18:21 -------- d-----w- C:\rsit 2010-02-21 16:58 . 2010-02-21 16:58 -------- d-----w- c:\program files\MSXML 4.0 2010-02-21 16:58 . 2010-02-21 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-02-21 16:57 . 2010-02-21 16:57 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-21 16:56 . 2010-02-21 16:56 -------- d--h--w- c:\windows\msdownld.tmp 2010-02-21 04:06 . 2007-03-28 22:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll 2010-02-21 04:06 . 2007-03-28 21:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-02-21 04:06 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-21 04:06 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-21 04:04 . 2010-02-21 04:04 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-02-21 04:04 . 2007-03-08 19:20 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2010-02-21 04:04 . 2007-03-08 19:20 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-02-21 04:04 . 2007-03-08 19:20 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2010-02-21 04:04 . 2007-03-31 05:07 267864 ----a-w- c:\windows\system32\hpzids01.dll 2010-02-21 04:04 . 2007-03-18 06:11 303104 ----a-w- c:\windows\system32\hpovst10.dll 2010-02-21 04:04 . 2010-02-21 16:55 -------- dc----w- c:\windows\system32\DRVSTORE 2010-02-21 04:04 . 2007-03-18 06:11 675840 ----a-w- c:\windows\system32\hpowiax3.dll 2010-02-21 04:04 . 2007-03-18 06:11 569344 ----a-w- c:\windows\system32\hpotscl3.dll 2010-02-21 04:04 . 2007-03-08 19:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2010-02-21 04:04 . 2007-03-08 19:20 309760 ----a-w- c:\windows\system32\difxapi.dll 2010-02-21 04:04 . 2010-02-21 04:04 -------- d-----w- c:\program files\HP 2010-02-21 04:02 . 2010-02-21 04:07 122797 ----a-w- c:\windows\hpoins14.dat 2010-02-21 04:02 . 2007-09-21 11:55 1996 ------w- c:\windows\hpomdl14.dat 2010-02-20 22:44 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-02-20 22:42 . 2010-02-20 22:44 -------- d-----w- c:\windows\Logs 2010-02-20 20:42 . 2010-02-20 20:42 -------- d-----w- c:\program files\Windows Media Connect 2 2010-02-20 20:42 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-02-20 20:39 . 2010-02-20 20:41 -------- d-----w- C:\b906b94b06fe8f09838c 2010-02-20 20:39 . 2010-02-20 20:41 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-02-20 20:39 . 2010-02-20 20:39 -------- d-----w- c:\windows\system32\LogFiles 2010-02-19 18:35 . 2010-02-19 18:35 -------- d-----w- c:\documents and settings\Rudy\Application Data\Malwarebytes 2010-02-19 18:35 . 2010-02-21 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 18:35 . 2010-02-19 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-18 20:06 . 2010-02-18 20:06 -------- d-----w- c:\windows\system32\wbem\Repository 2010-02-17 22:08 . 2010-02-17 22:08 -------- d-----w- c:\documents and settings\Rudy\Application Data\Subversion 2010-01-31 18:08 . 2010-01-31 18:08 -------- d-----w- c:\documents and settings\Guest\Application Data\uTorrent 2010-01-30 14:53 . 2010-02-19 18:58 -------- d-----w- c:\program files\uTorrent 2010-01-30 14:53 . 2010-02-21 16:56 -------- d-----w- c:\documents and settings\Rudy\Application Data\uTorrent 2010-01-30 14:05 . 2010-01-30 14:05 -------- d-sh--w- c:\documents and settings\Rudy\IECompatCache 2010-01-25 22:59 . 2010-01-25 22:59 -------- d-----w- c:\windows\Sun 2010-01-24 20:07 . 2010-01-29 17:16 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\Nguzewugonajeroy.bin 2010-01-24 20:07 . 2010-01-30 03:42 120 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\Owabakamodetakob.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 17:51 . 2009-06-22 01:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-21 17:04 . 2010-01-13 02:46 -------- d-----w- c:\documents and settings\Rudy\Application Data\LimeWire 2010-02-21 17:03 . 2010-01-02 19:47 -------- d-----w- c:\program files\Steam 2010-02-04 18:01 . 2010-02-20 22:45 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 18:01 . 2010-02-20 22:45 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 18:01 . 2010-02-20 22:45 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-02-04 18:01 . 2010-02-20 22:45 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-01-22 01:13 . 2010-01-22 01:13 12328 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-05 18:52 . 2010-01-05 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-05 18:52 . 2010-01-05 18:52 -------- d-----w- c:\program files\Java 2010-01-05 18:52 . 2010-01-05 18:52 152576 ----a-w- c:\documents and settings\Rudy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2010-01-04 17:59 . 2010-01-04 14:30 -------- d--h--r- c:\documents and settings\Guest\Application Data\yahoo! 2010-01-04 00:03 . 2010-01-04 00:02 -------- d-----w- c:\program files\Jnes 2010-01-03 00:51 . 2009-06-22 01:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-02 20:27 . 2010-01-02 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-01-02 20:27 . 2010-01-02 20:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-02 20:27 . 2010-01-02 20:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-01-02 20:27 . 2010-01-02 20:27 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-01-02 20:27 . 2010-01-02 20:27 -------- d-----w- c:\program files\AVG 2010-01-02 20:27 . 2010-01-02 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2008-04-14 03:42 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2009-06-22 01:29 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2008-04-13 22:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:11 . 2008-04-14 03:42 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:07 . 2001-08-23 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:07 . 2008-04-14 03:42 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:07 . 2008-04-14 03:41 84992 ----a-w- c:\windows\system32\avifil32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280] c:\documents and settings\Rudy\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-01-02 20:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Steam\\steamapps\\lor72\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\lor72\\source 2007 dedicated server\\srcds.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Steam\\steamapps\\lordavatar95\\garrysmod\\hl2.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2010 12:27 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2010 12:27 PM 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/2/2010 12:27 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/2/2010 12:27 PM 285392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2010-02-21 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-04 06:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 12:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-02-21 12:28:13 ComboFix-quarantined-files.txt 2010-02-21 20:28 Pre-Run: 96,288,755,712 bytes free Post-Run: 98,081,968,128 bytes free - - End Of File - - 3B98F5A4878538D25E2BBFC59C3FBAF6

ok here you go. untitled.bmp help.bmp

Yes my internet Explorer is open but let me upload some pictures of my problem.

What do i use to open it? Internet explorer just keeps asking me what i want to open it with.

And now a new problem... Internet wont open unless i go to the Internet Explorer folder and right click and then start. Is there any way i can fix it? If i click it on the desktop it ask me what program i want to use to open it. Wow i cannot find the edit button... Anytime i want to open ANY program it asks what i want to open it with. Any help?

Wow i got really scared... I couldnt run in safe mode but now i can run regularly in my regular account!!! Here is the log as requested. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Documents and Settings\Rudy\Local Settings\Application Data\av.exe" deleted successfully. Error: could not open driver "AV" Disablement of driver "AV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\AV" not found! Deletion of driver "AV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. PS. On restart the computer did cleanup.bat is that good?

Ok i have 1 problem... I do not have access to a clean computer other than the library and i do not have a usb device other then my phone with a usb cable... Can i use that? the Fix did not work the av.exe keeps popping back up. Thanks for the help so far.

oh and here is the win32kdiag.txt i dont know if you need it but here you go. Running from: C:\Documents and Settings\Rudy\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Rudy\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

info.txt logfile of random's system information tool 1.06 2010-02-21 10:21:41 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Hello. I need help. Right now i am in safe mode and have windows xp 2010 virus. I cannot run mbam even in safe mode and really need help. I have AVG Free registered and did a full scan but it found nothing. Hope you can help me...