Can't Run Ad-aware 2007

[smilez]

ComboFix 07-12-02.5 - Raymond Huerta 2007-12-02 20:12:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.619 [GMT -8:00]
Running from: C:\Documents and Settings\Raymond Huerta\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 16:02 . 2007-12-02 16:02 <DIR> d-------- C:\Program Files\Avira
2007-12-02 16:02 . 2007-12-02 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-30 20:28 . 2007-12-02 17:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 20:28 . 2007-11-30 20:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-30 20:28 . 2007-11-30 20:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-30 20:28 . 2007-11-30 20:28 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-30 19:52 . 2007-12-01 14:55 3,078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-30 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-30 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-30 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-30 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 19:59 . 2007-11-29 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:56 . 2007-11-29 19:56 <DIR> d-------- C:\Deckard
2007-11-29 19:50 . 2007-11-29 19:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 20:58 . 2007-11-26 22:43 23,817 --a------ C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\info.dat
2007-11-15 18:35 . 2007-11-15 18:35 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-13 17:39 . 2007-11-13 17:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-07 22:08 . 2007-11-07 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-07 22:01 . 2007-11-07 22:01 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-07 21:16 . 2007-11-07 21:16 <DIR> d-------- C:\Program Files\uCertify
2007-11-07 20:45 . 2007-11-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 20:35 . 2007-11-07 20:35 <DIR> d-------- C:\Program Files\Bonjour
2007-11-07 20:27 . 2007-11-07 20:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-06 20:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-06 16:18 . 2007-11-07 22:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-06 16:16 . 2007-11-29 18:39 <DIR> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-20 00:27 --------- d-----w C:\Program Files\HPQ
2007-11-02 00:05 --------- d-----w C:\Program Files\uTorrent
2007-10-31 03:28 --------- d-----w C:\Program Files\ImgBurn
2007-10-28 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-28 19:30 --------- d-----w C:\Program Files\DVD Shrink
2007-10-28 19:29 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-18 00:58 --------- d-----w C:\Program Files\Google
2007-10-15 01:26 --------- d-----w C:\Program Files\iTunes
2007-10-15 01:26 --------- d-----w C:\Program Files\iPod
2007-10-15 01:25 --------- d-----w C:\Program Files\QuickTime
2007-10-15 01:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-15 01:25 --------- d-----w C:\Program Files\Apple Software Update
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-15 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-15 01:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 00:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-15 00:44 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-15 00:38 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 23:53 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-14 23:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-14 23:36 --------- d-----w C:\Program Files\MSBuild
2007-10-14 23:33 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-14 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 22:00 --------- d-----w C:\Program Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-14 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-14 21:59 --------- d-----w C:\Program Files\Sonic
2007-10-14 21:59 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-14 21:56 --------- d-----w C:\Program Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-14 21:55 --------- d-----w C:\Program Files\Zone.com
2007-10-14 21:42 --------- d-----w C:\Program Files\Hp
2007-10-14 21:42 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-14 21:37 1,579 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (EP414UA#ABA)_YN_0Pavi_QCND608085X_EU_46_I30A4_SHP_V49.37_BF.31_T060104_WXP2_L409_M1023_J80_7AMD_8Turion 64 Technology ML-40_92.19_#071014_N10EC8139_(EP414UA#ABA)_XMOBILE_CN10_Z10024378.MRK
2007-10-14 21:34 --------- d-----w C:\Program Files\InterVideo
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-10-14 21:31 --------- d-----w C:\Program Files\ATI Technologies
2007-10-14 21:30 --------- d-----w C:\Program Files\Synaptics
2007-10-14 21:29 --------- d-----w C:\Program Files\CONEXANT
2007-10-14 21:28 --------- d-----w C:\Program Files\AMD
2007-10-14 21:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-14 21:16 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"MSMSGS"="-C:\Program Files\Messenger\msmsgs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 10:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="-C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"LSBWatcher"="-c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"hpWirelessAssistant"="-C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" []
"HP Software Update"="-C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" []
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" []
"eabconfg.cpl"="-C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset"="-C:\Program Files\HPQ\Default Settings\cpqset.exe" []
"ATIPTA"="-C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-02 16:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 20:13:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 20:13:35
C:\ComboFix2.txt ... 2007-12-02 19:59
C:\ComboFix3.txt ... 2007-12-02 19:09
.
--- E O F ---

[tetonbob]

Good job.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
  IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[smilez]

man thank you so much. :) your the best.

[tetonbob]

You're welcome.

Enjoy the rest of your weekend. Surf Safely.

[smilez]

Quote:

Originally Posted by tetonbob

You're welcome.

Enjoy the rest of your weekend. Surf Safely.

you do likewise even though i got to study for finals and i couldnt do much with out my pc working properly.

thanks again.