Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast running when totally removed, combofix found winlogon.bak.vir


  • This topic is locked This topic is locked
6 replies to this topic

#1 durangodoug

durangodoug

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 14 September 2012 - 01:24 PM

I am concerned because I have uninstalled and deleted any trace of avast yet it still is showing up. This is my first post concerning this and I hope I provided enough information. I have had no other symptoms other than popups and they have stopped since I did cleaning in safe mode.

EDIT: Also, all antispyware and malware programs were disabled when these logs were made, yet they are still showing up.

Also, ran combofix before coming here for help. Quarantine log is attached as well.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.6.2
Run by James at 14:14:42 on 2012-09-14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3582.2748 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346297662305
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347259885468
TCP: Interfaces\{9B89C9D2-674F-44B6-9572-86BF03C2BCF5} : NameServer = 192.168.1.1
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\james\application data\mozilla\firefox\profiles\rmllofxn.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-10 913792]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-30 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-29 1262400]
R2 RalinkRegistryWriter;RalinkRegistryWriter;c:\program files\ralink\common\RaRegistry.exe [2012-8-29 372736]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-9-9 22016]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2012-8-29 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-30 22856]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2012-8-30 7424]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-29 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-30 1691480]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2012-8-29 16194]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-29 114144]
S3 RaMediaServer;Ralink UPnP Media Server;c:\program files\ralink\common\RaMediaServer.exe [2012-8-29 625728]
S3 rt2870;Ralink RT2870 Chipset Family Driver;c:\windows\system32\drivers\rt2870.sys [2012-8-29 1248320]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-9-9 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-9-9 17664]
S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-9-9 17664]
.
=============== Created Last 30 ================
.
2012-09-14 04:31:03 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-09-14 00:39:21 -------- d-----w- c:\program files\common files\BitDefender
2012-09-14 00:38:25 -------- d-----w- c:\documents and settings\james\application data\SUPERAntiSpyware.com
2012-09-14 00:37:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-14 00:37:36 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-13 06:07:38 -------- d-sha-r- C:\cmdcons
2012-09-13 06:06:24 98816 ----a-w- c:\windows\sed.exe
2012-09-13 06:06:24 518144 ----a-w- c:\windows\SWREG.exe
2012-09-13 06:06:24 256000 ----a-w- c:\windows\PEV.exe
2012-09-13 06:06:24 208896 ----a-w- c:\windows\MBR.exe
2012-09-13 06:03:34 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-13 02:30:45 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-09-13 02:30:45 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-09-13 02:30:01 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-09-13 02:29:20 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-09-13 02:29:20 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-09-13 02:29:19 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-09-13 02:29:19 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-09-10 06:53:11 -------- d-----w- c:\windows\system32\PreInstall
2012-09-10 06:53:09 -------- d--h--w- c:\windows\$hf_mig$
2012-09-10 06:07:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-09-10 06:07:18 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-09-10 06:07:18 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-09-10 06:07:18 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-09-10 06:07:18 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-09-10 05:59:21 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-09-10 05:59:04 -------- d-----w- c:\program files\IObit
2012-09-10 05:58:44 -------- d-----w- c:\program files\Evonsoft Computer Repair
2012-09-10 05:58:44 -------- d-----w- c:\documents and settings\james\application data\IObit
2012-09-10 05:52:16 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-10 05:52:16 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-09-10 05:29:34 -------- d-----w- c:\program files\GIGABYTE
2012-09-10 05:29:29 17488 ----a-w- c:\windows\gdrv.sys
2012-09-10 05:29:28 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-09-10 05:29:28 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-09-10 05:29:28 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-09-10 05:29:28 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-09-10 05:29:28 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-09-10 05:29:28 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-09-10 05:29:28 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-09-10 04:24:08 -------- d-----w- c:\documents and settings\james\application data\DRPSu
2012-09-10 04:21:21 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2012-09-10 04:19:30 -------- d-----w- c:\program files\DriverPack v12.3-Lite
2012-09-10 01:38:58 77416 ----a-w- c:\windows\system32\RTLVLAN_NB.DLL
2012-09-10 01:38:58 65824 ----a-w- c:\windows\system32\RTLTEAMING_NB.DLL
2012-09-10 01:38:58 36384 ----a-w- c:\windows\system32\drivers\RTLTEAMING.SYS
2012-09-10 01:38:58 22016 ----a-w- c:\windows\system32\drivers\RtNdPt5x.sys
2012-09-10 01:38:58 17664 ----a-w- c:\windows\system32\drivers\RTLVLAN.SYS
2012-09-08 01:41:03 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-09-07 04:03:19 -------- d-----w- c:\documents and settings\james\local settings\application data\Temp
2012-09-07 04:03:19 -------- d-----w- c:\documents and settings\james\local settings\application data\Adobe
2012-09-07 03:24:50 -------- d-----w- c:\program files\World of Warcraft
2012-09-07 03:24:50 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-09-07 03:24:50 -------- d-----w- c:\documents and settings\all users\application data\Blizzard Entertainment
2012-09-07 03:24:09 -------- d-----w- c:\documents and settings\all users\application data\Battle.net
2012-09-06 19:38:16 -------- d-----w- c:\documents and settings\james\local settings\application data\Identities
2012-09-05 01:31:50 -------- d-----w- c:\documents and settings\james\application data\XRay Engine
2012-09-01 03:47:08 17984 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
2012-08-31 18:33:59 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-31 18:33:55 -------- d-----w- c:\documents and settings\james\local settings\application data\PunkBuster
2012-08-31 18:33:21 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-31 18:33:21 138056 ----a-w- c:\documents and settings\james\application data\PnkBstrK.sys
2012-08-31 18:32:27 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-31 18:32:26 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-31 18:32:26 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2012-08-31 18:32:22 -------- d-----w- c:\windows\system32\LogFiles
2012-08-31 02:48:11 46 ----a-w- c:\documents and settings\james\test.bat
2012-08-31 02:23:57 -------- d-----w- c:\documents and settings\james\application data\Origin
2012-08-31 02:23:55 -------- d-----w- c:\program files\Origin Games
2012-08-31 02:23:51 -------- d-----w- c:\documents and settings\james\local settings\application data\Origin
2012-08-31 02:23:36 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-31 02:23:09 -------- d-----w- c:\documents and settings\james\local settings\application data\Downloaded Installations
2012-08-31 02:22:51 -------- d-----w- c:\documents and settings\james\local settings\application data\adawarebp
2012-08-31 02:22:27 -------- d-----w- c:\documents and settings\all users\application data\Origin
2012-08-31 02:22:25 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2012-08-31 02:21:12 -------- d-----w- c:\program files\Origin
2012-08-30 23:28:33 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-08-30 23:28:33 277352 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-08-30 23:28:33 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-08-30 18:36:49 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-08-30 05:33:44 -------- d-----w- c:\documents and settings\james\local settings\application data\Funcom
2012-08-30 05:33:31 -------- d-----w- c:\documents and settings\all users\application data\media center programs
2012-08-30 05:33:24 -------- d-----w- c:\program files\Funcom
2012-08-30 05:19:38 -------- d-----w- c:\program files\common files\Steam
2012-08-30 05:19:37 -------- d-----w- c:\program files\Steam
2012-08-30 05:14:39 -------- d-----w- c:\documents and settings\james\application data\Malwarebytes
2012-08-30 05:14:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-30 05:14:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 05:14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-30 05:06:27 -------- d-----w- c:\windows\pss
2012-08-30 05:05:17 -------- d-----w- c:\windows\system32\Lang
2012-08-30 04:59:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-08-30 04:54:56 -------- d--h--w- c:\windows\PIF
2012-08-30 04:43:32 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-08-30 04:43:05 -------- d-----w- C:\Intel
2012-08-30 04:15:16 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-30 04:15:06 -------- d-----w- c:\documents and settings\james\local settings\application data\Sun
2012-08-30 04:15:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 04:15:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 04:15:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 04:14:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 04:13:40 -------- d-----w- c:\documents and settings\james\local settings\application data\Google
2012-08-30 04:12:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-30 04:10:12 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-08-30 04:10:03 -------- d-----w- C:\Advanced Wheel Mouse
2012-08-30 04:09:58 7424 ----a-w- c:\windows\system32\drivers\whfltr2k.sys
2012-08-30 04:08:25 -------- d-----w- c:\documents and settings\james\local settings\application data\SlimWare Utilities Inc
2012-08-30 03:56:16 -------- d-----w- c:\program files\uTorrent
2012-08-30 03:56:02 -------- d-----w- c:\documents and settings\james\application data\uTorrent
2012-08-30 03:47:16 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2012-08-30 03:47:16 135265 ----a-w- c:\windows\system32\AW32n50.dll
2012-08-30 03:47:16 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2012-08-30 03:47:16 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2012-08-30 03:47:14 -------- d-----w- c:\program files\NETGEAR
2012-08-30 03:47:04 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-30 03:47:04 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-30 03:47:04 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-08-30 03:47:04 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-30 03:47:03 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-08-30 03:41:20 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-08-30 03:41:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-08-30 03:41:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-08-30 03:41:14 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-08-30 03:41:14 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 03:41:14 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 03:40:59 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-30 03:40:56 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-08-30 03:40:56 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-08-30 03:40:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-08-30 03:40:42 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-30 03:39:31 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 03:39:31 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 03:39:31 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 03:39:31 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-08-30 03:39:31 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 03:39:29 4373248 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-08-30 03:39:29 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-08-30 03:39:29 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 03:39:29 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 03:39:29 14014656 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-08-30 03:39:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-08-30 03:39:15 -------- d-----w- c:\program files\NVIDIA Corporation
2012-08-30 03:38:46 -------- d-----w- C:\NVIDIA
2012-08-30 03:37:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 03:37:52 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 03:37:04 -------- d-----w- c:\documents and settings\james\local settings\application data\Mozilla
2012-08-30 03:37:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-30 03:34:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2012-08-30 03:33:59 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-30 03:33:58 -------- d-s---w- c:\documents and settings\james\UserData
2012-08-30 03:33:58 -------- d-----w- c:\windows\Logs
2012-08-30 03:33:53 -------- d-----w- c:\program files\Sony Online Entertainment
.
==================== Find3M ====================
.
.
============= FINISH: 14:15:13.56 ===============

Attached Files


Edited by durangodoug, 14 September 2012 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 16 September 2012 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


I should be able to remove all traces of AVG with ComboFix.

Please run the tool and if asked to update please do.

Copy and past the C:\ComboFix.txt in your next reply.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 22 September 2012 - 08:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 22 September 2012 - 08:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 AM

Posted 23 September 2012 - 12:09 AM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 23 September 2012 - 09:03 AM

durangodoug

I'm listening.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 29 September 2012 - 08:09 AM

Are you still with us?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users