Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan infection won't go away.


  • Please log in to reply
14 replies to this topic

#1 Marianna_

Marianna_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 07 June 2009 - 04:57 PM

Hello.

I was referred here from my other post.

http://www.bleepingcomputer.com/forums/t/224285/trojanvundo-viruses-missing-registry-keys-due-to-spybot-search-and-destroy-deletingchanging-them/


At first I had AVG,Spybot,CCleaner, and Windows Defender on my computer but they didn't fix all the problems I was having so I was told to download:

-Malwarebytes Anti-Malware
-Prevx 3.0
-Dr.WebCureIt
-OtMoveIt3
-Autoruns


They have all worked to help improve my computer but two days ago Prevx popped up saying I had another infection and MBAM,Windows Defender,AVG did not catch it. So I ran Dr.WebCureIt and it caught the infections I had. But it said two were "Probably BACKDOOR.Trojans".
I removed/moved/cured everything but I don't think my computer is completely clean especially since MBAM,AVG,and Windows Defender didn't say anything about it.

Prevx says there is no infection found now but, I don't think it is catching everything.



DDS (Ver_09-05-14.01) - NTFSx86
Run by Marianna Mileji at 15:58:27.43 on Sun 06/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.146 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AVG Anti-Virus 6.0.801 *On-access scanning enabled* (Outdated) {67B30939-3B35-11D2-A595-002018648BA7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\avgserv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\quicktime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marianna Mileji\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearch Page = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com/?.home=ytie
mSearch Bar =
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.search.msn.com
mCustomizeSearch = hxxp://ie.search.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: Shell=Explorer.exe, c:\windows\system32\xhkjh.exe
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
TB: ZILLAbar: {8fc8ae66-ac15-4c0d-9e9a-51296a0c52fa} -
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\eo98gvx.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Define - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://69.31.7.116/Java/cfs40320.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
DPF: Yahoo! Canasta - hxxp://download.games.yahoo.com/games/clients/y/yt1_x.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://sympatico.zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - hxxp://rd1.surfernetwork.com/surferplugin.ocx
DPF: {666DDE35-E955-11D0-A707-000000521958} - hxxp://69.56.176.227/webplugin.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37649.4754166667
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4397/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\borababu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marian~1\applic~1\mozilla\firefox\profiles\rlw0803l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-3 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-5-5 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-5-5 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-25 298776]
R2 AvgCore;AVG6 Kernel;C:\avgcore.sys [2004-10-9 456416]
R2 AvgFsh;AVG6 Rezident Driver;C:\avgfsh.sys [2003-11-26 19136]
R2 AvgServ;AVG6 Service;C:\avgserv.exe [2004-10-9 16958]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-5-5 4368952]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-8-6 28672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2000-10-3 6942]
S2 gupdate1c9b5ccf7cb7312;Google Update Service (gupdate1c9b5ccf7cb7312);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S2 STOPzilla Local Service;STOPzilla Local Service; [x]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [2001-12-4 281856]
S3 DCamUSBLTN;M318B Digital Video Camera;c:\windows\system32\drivers\vq318vid.sys [2002-4-22 113632]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2008-8-26 20736]

=============== Created Last 30 ================

2009-05-18 04:04 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-18 04:04 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-18 04:04 17,408 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-05-18 04:04 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-05-18 04:04 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-05-18 04:04 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-05-18 04:04 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-05-18 04:04 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-05-18 04:04 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-05-18 04:02 29,311 a------- c:\windows\system32\dllcache\watv01nt.sys
2009-05-18 04:01 94,720 a------- c:\windows\system32\dllcache\umaxud32.dll
2009-05-18 04:00 13,192 a------- c:\windows\system32\dllcache\tdasync.sys
2009-05-18 03:59 20,752 a------- c:\windows\system32\dllcache\sonync.sys
2009-05-18 03:58 63,547 a------- c:\windows\system32\dllcache\sla30nd5.sys
2009-05-18 03:57 75,392 a------- c:\windows\system32\dllcache\s3savmxm.sys
2009-05-18 03:56 714,762 a------- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-05-18 03:55 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-05-18 03:54 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-05-18 03:53 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-05-18 03:53 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2009-05-18 03:53 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-05-18 03:53 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-05-18 03:53 35,200 a------- c:\windows\system32\dllcache\msgame.sys
2009-05-18 03:53 6,016 a------- c:\windows\system32\dllcache\msfsio.sys
2009-05-18 03:51 15,744 a------- c:\windows\system32\dllcache\lit220p.sys
2009-05-18 03:51 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2009-05-18 03:51 26,442 a------- c:\windows\system32\dllcache\lanepic5.sys
2009-05-18 03:51 19,016 a------- c:\windows\system32\dllcache\ktc111.sys
2009-05-18 03:51 37,376 a------- c:\windows\system32\dllcache\kousd.dll
2009-05-18 03:51 242,176 a------- c:\windows\system32\dllcache\kdsusd.dll
2009-05-18 03:51 45,568 a------- c:\windows\system32\dllcache\kdsui.dll
2009-05-18 03:51 5,632 a------- c:\windows\system32\dllcache\kbdusa.dll
2009-05-18 03:51 14,848 a------- c:\windows\system32\dllcache\kbdhid.sys
2009-05-18 03:51 18,432 a------- c:\windows\system32\dllcache\jupiw.dll
2009-05-18 03:50 26,624 a------- c:\windows\system32\dllcache\irstusb.sys
2009-05-18 03:50 18,688 a------- c:\windows\system32\dllcache\irsir.sys
2009-05-18 03:50 23,552 a------- c:\windows\system32\dllcache\irmk7.sys
2009-05-18 03:50 45,632 a------- c:\windows\system32\dllcache\ip5515.sys
2009-05-18 03:50 90,200 a------- c:\windows\system32\dllcache\io8ports.dll
2009-05-18 03:50 38,784 a------- c:\windows\system32\dllcache\io8.sys
2009-05-18 03:50 13,056 a------- c:\windows\system32\dllcache\inport.sys
2009-05-18 03:50 372,824 a------- c:\windows\system32\dllcache\iconf32.dll
2009-05-18 03:50 100,992 a------- c:\windows\system32\dllcache\icam5usb.sys
2009-05-18 03:50 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-05-18 03:50 45,056 a------- c:\windows\system32\dllcache\icam5com.dll
2009-05-18 03:50 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-05-18 03:48 123,392 a------- c:\windows\system32\dllcache\hpgt21tk.dll
2009-05-18 03:47 111,104 a------- c:\windows\system32\dllcache\fxscfgwz.dll
2009-05-18 03:46 63,360 a------- c:\windows\system32\dllcache\ess.sys
2009-05-18 03:45 28,062 a------- c:\windows\system32\dllcache\dp83820.sys
2009-05-18 03:44 256,512 a------- c:\windows\system32\dllcache\devcon32.dll
2009-05-18 03:43 20,736 a------- c:\windows\system32\dllcache\cmbp0wdm.sys
2009-05-18 03:42 223,232 a------- c:\windows\system32\dllcache\camdrv21.sys
2009-05-18 03:41 36,128 a------- c:\windows\system32\dllcache\banshee.sys
2009-05-18 03:40 26,624 a------- c:\windows\system32\dllcache\alifir.sys
2009-05-18 03:39 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-05-10 18:18 --d----- C:\Autoruns
2009-05-09 17:25 --d----- C:\_OTMoveIt

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-05 09:04 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-05-05 09:04 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-05-03 13:14 28,320 a------- c:\windows\system32\drivers\xihlxklu.sys
2009-05-03 07:04 28,320 a------- c:\windows\system32\drivers\czwxcxgk.sys
2009-05-03 06:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-01 09:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 09:25 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 09:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 02:33 11,641,624 ---shr-- C:\AVG6DB_F.DAT
2009-03-21 09:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2008-11-04 20:47 36 a------- c:\documents and settings\marianna mileji\klextlock.dat
2003-06-13 10:34 50,176 a------- c:\documents and settings\marianna mileji\onuninst.dll
2001-07-26 17:58 47 a------- c:\program files\ACMonitor_X73.ini
2001-07-05 13:46 8,116 a------- c:\program files\OSLO3071b2.USB
2001-05-11 12:39 53,248 a------- c:\program files\ACMonitor_X73.exe
2001-05-08 17:36 114,688 a------- c:\program files\lxarscan.dll
2001-04-23 15:22 1,437 a------- c:\program files\gtx73.ini
2001-02-22 10:54 768 a------- c:\program files\x73_lut.dat

============= FINISH: 15:59:38.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:59 AM

Posted 17 June 2009 - 11:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 19 June 2009 - 02:21 AM

Hello.

I was referred here from my other post.

http://www.bleepingcomputer.com/forums/t/224285/trojanvundo-viruses-missing-registry-keys-due-to-spybot-search-and-destroy-deletingchanging-them/


At first I had AVG,Spybot,CCleaner, and Windows Defender on my computer but they didn't fix all the problems I was having so I was told to download:

-Malwarebytes Anti-Malware
-Prevx 3.0
-Dr.WebCureIt
-OtMoveIt3
-Autoruns


They have all worked to help improve my computer but two days ago Prevx popped up saying I had another infection and MBAM,Windows Defender,AVG did not catch it. So I ran Dr.WebCureIt and it caught the infections I had. But it said two were "Probably BACKDOOR.Trojans".
I removed/moved/cured everything but I don't think my computer is completely clean especially since MBAM,AVG,and Windows Defender didn't say anything about it.

Prevx says there is no infection found now but, I don't think it is catching everything.

*I have not done anything since my first post so everything is the same.

*This is also an updated log.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Marianna Mileji at 1:58:44.71 on Fri 06/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.232 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AVG Anti-Virus 6.0.801 *On-access scanning enabled* (Outdated) {67B30939-3B35-11D2-A595-002018648BA7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\avgserv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Marianna Mileji\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearch Page = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com/?.home=ytie
mSearch Bar =
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.search.msn.com
mCustomizeSearch = hxxp://ie.search.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: Shell=Explorer.exe, c:\windows\system32\xhkjh.exe
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {0dca8549-9181-445b-b81e-d2ddf6ded695} - No File
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
TB: ZILLAbar: {8fc8ae66-ac15-4c0d-9e9a-51296a0c52fa} -
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [pidle] "c:\documents and settings\marianna mileji\application data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\eo98gvx.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Define - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://69.31.7.116/Java/cfs40320.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
DPF: Yahoo! Canasta - hxxp://download.games.yahoo.com/games/clients/y/yt1_x.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://sympatico.zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - hxxp://rd1.surfernetwork.com/surferplugin.ocx
DPF: {666DDE35-E955-11D0-A707-000000521958} - hxxp://69.56.176.227/webplugin.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37649.4754166667
DPF: {AED98630-0251-4E83-917D-43A23D66D507}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4397/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\borababu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marian~1\applic~1\mozilla\firefox\profiles\rlw0803l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-3 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-5-5 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-5-5 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-25 298776]
R2 AvgCore;AVG6 Kernel;C:\avgcore.sys [2004-10-9 456416]
R2 AvgFsh;AVG6 Rezident Driver;C:\avgfsh.sys [2003-11-26 19136]
R2 AvgServ;AVG6 Service;C:\avgserv.exe [2004-10-9 16958]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-5-5 4368952]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-8-6 28672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2000-10-3 6942]
S2 gupdate1c9b5ccf7cb7312;Google Update Service (gupdate1c9b5ccf7cb7312);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S2 STOPzilla Local Service;STOPzilla Local Service; [x]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [2001-12-4 281856]
S3 DCamUSBLTN;M318B Digital Video Camera;c:\windows\system32\drivers\vq318vid.sys [2002-4-22 113632]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2008-8-26 20736]

=============== Created Last 30 ================


==================== Find3M ====================

2009-06-09 06:40 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-06-09 06:40 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 10:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-03 13:14 28,320 a------- c:\windows\system32\drivers\xihlxklu.sys
2009-05-03 07:04 28,320 a------- c:\windows\system32\drivers\czwxcxgk.sys
2009-05-03 06:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-01 09:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 09:25 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 09:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 02:33 11,641,624 ---shr-- C:\AVG6DB_F.DAT
2009-04-27 04:17 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-04-17 04:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 04:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 09:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2008-11-04 20:47 36 a------- c:\documents and settings\marianna mileji\klextlock.dat
2003-06-13 10:34 50,176 a------- c:\documents and settings\marianna mileji\onuninst.dll
2001-07-26 17:58 47 a------- c:\program files\ACMonitor_X73.ini
2001-07-05 13:46 8,116 a------- c:\program files\OSLO3071b2.USB
2001-05-11 12:39 53,248 a------- c:\program files\ACMonitor_X73.exe
2001-05-08 17:36 114,688 a------- c:\program files\lxarscan.dll
2001-04-23 15:22 1,437 a------- c:\program files\gtx73.ini
2001-02-22 10:54 768 a------- c:\program files\x73_lut.dat

============= FINISH: 1:59:56.96 ===============

Attached Files


Edited by Marianna_, 19 June 2009 - 02:25 AM.


#4 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 19 June 2009 - 08:41 PM

Hi Marianna :thumbup2:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#5 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 22 June 2009 - 09:00 PM

Alright Well I was able to download combofix and have disabled all anti viruses but it keeps popping up that AVG 6.0.801 scanner is still active.

I was pretty sure I deleted AVG 6 since I installed AVG 8 but the scanner is still on?
My computer also makes a beeping noise as well when this pop up comes up.

#6 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 22 June 2009 - 10:07 PM

Hi,

Try to follow this instructions:

http://www.pchell.com/virus/uninstallavg.shtml
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#7 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 24 June 2009 - 03:47 PM

Alright well I went there and was able to follow the instructions but whenever I try to uninstall AVG this error comes up:

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

#8 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 24 June 2009 - 09:22 PM

Hi,

Try to follow this instructions:

http://www.angelopc.com/computer-article/h...rror-0x80070005
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#9 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 25 June 2009 - 10:21 AM

I am able to follow the instructions but when I get to these steps:

4. The first two entries should start with "Deny" pertaining to the "Everyone" group.
5. Highlight the first entry and click Remove. Now remove the other "Deny" entry.

I did not see the entries. It was blank.

#10 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 25 June 2009 - 08:11 PM

Hi,

Take a look in this discussion. Look the post #18, may it can help you.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#11 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 26 June 2009 - 03:27 AM

I was able to follow those instructions too but when the permissions part came up the boxes for "select Allow for full control and read" were already checked. They were also greyed out if that helps anything.

#12 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 26 June 2009 - 09:07 PM

Can you show me an image?
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#13 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 28 June 2009 - 03:34 PM

http://i43.tinypic.com/219owls.jpg

Uploaded a screen shot to tinypic.


I can show the picture a different way if needed and also re size if it's too small.

#14 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 AM

Posted 28 June 2009 - 04:51 PM

http://i43.tinypic.com/219owls.jpg

Uploaded a screen shot to tinypic.


I can show the picture a different way if needed and also re size if it's too small.


Look this link again, on the screen above you should click in the "Advanced" button and follow the other steps.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#15 Marianna_

Marianna_
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OK,USA
  • Local time:02:59 AM

Posted 24 July 2009 - 11:07 PM

Sorry took so long for the reply but I tried the steps the website said but I don't have the permissions it was talking about.. Or at least I don't think I do.

I took a screenshot of it.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users