System won't run avg antispyware

[myquelahira]

hello. my comp is experiencing some problems. but i don't know where the problem lies. here are the symptoms. hope someone would help me.

system won't run avg antispyware.

system won't also run adobe photoshop.

and there is this program xenofex 1.0 which ccleaner or windows uninstaller can't uninstall. when i click the uninstall button,nothing happens.

attached are my hjt and combofix logs.

thanks in advance

p.s hey if anyone knows of a good tutorial in analyzing hjt and combofix logs,post a link please. i'd like to learn so i won't have to bother the people here. thanksthanksthanks

 

[howard_hopkinso]

xenofex 1.0 is a plugin for Photoshop I believe.

Your registry contains some kind of infection.

Download this TOOL. Extract it and run the Noob_kill.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
Note: Please delete any existing copy of Flash Disinfector(if any) on your pc and download this one.

* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
* Restart your computer and see if problem still persists.

Post a fresh Combofix log once done.

Regards Howard

 

[myquelahira]

woah. so that's why photoshop cs3 stoppped working. since i cant uninstall xenofex, i just deleted its folder from program files.

so i run flash_disinfector. there were no prompts.then the desktop just blanked for about 30 minutes then i restarted using controlaltdelete

by the way, kernel32.dll winsock.dll and wsock32.dll are in my avast virus chest (aren't they registry entries?). original location was in c:\windows\system32.

here's my combofix log.

thanksthanksthanks

 

[howard_hopkinso]

kernel32.dll winsock.dll are both normally found in the system32 directory, but obviously those file were infected. What doe Avast say the files are infected with?

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2fcd779-90f6-11dc-bbb0-000000000000}]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Let me know how your system is running.

Regards Howard

This thread is for the use of myquelahira only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[myquelahira]

why is it that there is a factory default start up item which is written in foreign characters(chinese or japanese maybe)?i mean i used tune up utilities before which identified the item as a dangerous start up program. but it's a factory default startup.by the way my computer is acer travelmate with vista basic. i think this entry [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e in combofix is the program i'm talking about.

hey i can't create new shortcuts. right click-new-shortcut but nothing happens.

by the way is it normal for a lot of invalid registry values just after reformatting the computer? i reformatted days ago then installed avast antivirus, avg antirootkit, spybot search and destroy, and avg antispyware which didn't run so i uninstalled it. then i run ccleaner which found a lot of invalid registry values not connected to any software i uninstalled (as far as i know).

now, avg antispyware does run. but avg antirootkit doesn't. then after reboot, avg antispyware goes to free version when it should still be a trial version. (maybe it's avg who's having problems not my comp.lol)

here's hjt and combofix.

thanksthanksthanks.thank you soo much.

and ow avast says nothing about those files.

 

[howard_hopkinso]

I`m not entirely sure what`s going on here, but something doesn`t look right.

When you reformatted, you did disconnect from the net first, didn`t you?

I`d be very tempted to reformat again.

Your log files look ok, but I can still see the

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []

and

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e

These seem a little suspicious to me, though I`m by no means an expert on Vista.

Regards Howard

This thread is for the use of myquelahira only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[myquelahira]

ahm reformat? huhu. later. during the Christmas break maybe. by the way, even before the first time this computer connected to the internet, that incoherent thing is displayed in msconfig startup list.

ok. i'm about to sleep. good night Mr. Howard. you've been helping me a lot. thank you so much.