Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] trojan:win32/renos.n


  • This topic is locked This topic is locked
112 replies to this topic

#31 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 October 2009 - 01:44 PM

what happens when you try and save to your desktop...are you choosing "desktop" as the location to "save to" in your browser what message is displayed

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#32 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 03 October 2009 - 03:45 PM

yes, i am saving it to my desktop, it scans download for viruses, then says dl is complete. and when i look on my desktop it's not there. i still have it on my usb...

#33 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 October 2009 - 05:31 PM

Hi, do a search for in in windows explorer in case it saved to another location

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#34 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 03 October 2009 - 08:58 PM

i found it, but it is dated yesterday. i can't get AVG to close nor can i uninstall the program.

#35 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 October 2009 - 09:01 PM

Go into your task manager (Ctrl + Alt + delete) and end task on anything related to avg


Try this with AVG

Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on the task bar.
  • Click on Tools.
  • Select Advanced Settings.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."

Try that, then run ComboFix

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#36 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 03 October 2009 - 09:26 PM

ComboFix 09-10-01.05 - Jennifer 10/03/2009 22:13.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.881 [GMT -5:00]
Running from: K:\ComboFix.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 18:31 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:31 . 2009-10-03 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 18:31 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 13:15 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 13:15 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 13:15 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 13:15 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 13:14 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 13:14 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 13:14 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 13:14 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 13:14 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-30 18:07 . 2009-09-30 18:07 -------- d-----w- c:\windows\Sun
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\ca-ES
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\eu-ES
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\vi-VN
2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\windows\system32\EventProviders
2009-09-27 18:43 . 2009-09-27 18:43 -------- d-----w- c:\users\Jennifer\AppData\Local\Adobe
2009-09-25 03:31 . 2009-09-25 03:31 -------- d-----w- c:\program files\PocketRAR
2009-09-24 03:16 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-09-24 03:15 . 2009-04-11 06:28 69632 ----a-w- c:\windows\system32\sendmail.dll
2009-09-17 00:10 . 2009-09-17 00:10 -------- d-----w- c:\users\Jennifer\AppData\Local\Apple
2009-09-10 23:07 . 2009-09-19 02:11 -------- d-----w- c:\users\Jennifer\AppData\Local\Apple Computer
2009-09-10 22:18 . 2009-09-10 22:18 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-09-10 22:18 . 2009-09-10 22:18 -------- d-----w- c:\programdata\Malwarebytes
2009-09-09 16:31 . 2009-09-09 16:31 -------- d-----w- c:\program files\iPod
2009-09-09 16:31 . 2009-09-09 16:31 -------- d-----w- c:\program files\iTunes
2009-09-07 23:52 . 2009-09-07 23:52 -------- d-----w- c:\program files\Trend Micro
2009-09-06 20:44 . 2009-09-06 20:44 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dBpoweramp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 02:55 . 2009-01-26 18:25 -------- d-----w- c:\programdata\avg8
2009-10-03 18:42 . 2008-02-13 04:01 680 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-10-01 04:45 . 2009-01-26 17:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-28 23:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-28 23:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-28 23:00 . 2009-03-04 03:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Azureus
2009-09-28 12:23 . 2009-03-04 03:28 -------- d-----w- c:\program files\Vuze
2009-09-14 02:08 . 2008-10-09 18:10 -------- d-----w- c:\program files\Java
2009-09-14 01:55 . 2009-08-23 19:36 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-09 16:38 . 2008-03-20 23:19 -------- d-----w- c:\program files\Safari
2009-09-09 16:31 . 2008-02-16 01:02 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 02:26 . 2009-08-30 02:27 286720 ----a-w- c:\windows\iun502.exe
2009-08-29 21:06 . 2009-01-26 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 17:18 . 2009-08-29 17:18 -------- d-----w- c:\users\Jennifer\AppData\Roaming\AccurateRip
2009-08-29 17:18 . 2009-08-29 17:18 14373 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-08-29 17:16 . 2009-08-29 17:16 2989 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\program files\Illustrate
2009-08-29 17:15 . 2009-08-29 17:16 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-08-29 00:27 . 2009-09-02 21:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 00:53 . 2008-09-30 04:33 -------- d-----w- c:\program files\Yahoo!
2009-08-23 19:37 . 2008-10-07 22:21 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Yahoo!
2009-08-23 19:37 . 2009-08-23 19:37 262144 ----a-w- C:\ntuser.dat
2009-08-23 19:36 . 2009-03-02 17:44 -------- d-----w- c:\programdata\Yahoo!
2009-08-20 18:32 . 2009-01-26 18:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 18:32 . 2009-01-26 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 18:32 . 2009-01-26 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 16:27 . 2009-09-09 20:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 20:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 20:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 20:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 20:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 20:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 20:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 20:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 20:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 20:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 20:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 19:09 . 2009-06-29 20:32 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-08 20:07 . 2009-08-08 20:07 -------- d-----w- c:\program files\Performance Designed Products
2009-07-25 10:23 . 2009-01-26 18:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:01 . 2009-07-28 21:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 21:49 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 18:26 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 18:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 18:26 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 18:26 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 18:25 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 20:35 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 20:35 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 20:35 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 20:35 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 20:35 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-02_22.08.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-14 04:24 . 2009-10-03 18:44 43866 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-03 18:44 62220 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-10-02 21:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-10-02 21:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-13 04:02 . 2009-10-03 18:44 9148 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1631534276-1343516910-3914046087-1000_UserData.bin
+ 2009-10-03 18:42 . 2009-10-03 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-03 18:42 . 2009-10-03 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-26 03:04 . 2009-10-03 18:18 248788 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 10:33 . 2009-10-03 18:47 594698 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-02 21:41 594698 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-02 21:41 100766 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-03 18:47 100766 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2009-10-02 21:16 1245184 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 1245184 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"P17Helper"="P17.dll" - c:\windows\System32\P17.DLL [2005-05-03 64512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-10 692224]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(B):23,f6,a6,4d,95,40,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D504D880-95D1-492C-ADAE-B576E239216B}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{A71B1F9C-9255-4273-8ADB-31B3ADFE0F98}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{3B996448-D309-4C77-A2B7-C4D414232053}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5521154B-CBFB-4B8C-A075-B1A56F929EF5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6F1839D4-9B31-4C83-AE8C-1BF363CA5A37}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5ECC7B7D-9FE9-4625-AF91-FE8869B0E635}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{043E93E7-5410-49E1-A795-EB9D7352155F}c:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= UDP:c:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"UDP Query User{DA3CDD47-60B6-494D-A1DA-C02887DFFA7D}c:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= TCP:c:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"{EEFACC1F-CBBC-4EC3-9E24-0B943DC59D57}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F13C2B37-4D30-449C-BABB-38D400F161E9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CA32CC9B-8A1B-40D3-A59C-0405F8052CEC}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5442C98F-B894-4B74-9C31-CA6C3FD111A3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A006F9C2-4AB7-4093-ABB9-EDC5A41BF38B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{89E20C78-02BA-4802-AAE5-F9EC73EC54D6}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{BE3817D7-E7B6-49F8-96AA-4D505FC45CB7}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{F832FD03-118A-48A8-917E-01EB630DEBCD}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{89DD3D8B-A51F-449E-B250-7A408159C289}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{812F4C17-BB33-4451-9C2A-00C9B359DA72}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{27E7C1C8-D77C-4283-A51A-BE245F9240A1}c:\\imt\\server32.exe"= UDP:c:\imt\server32.exe:WEBRAMI2
"UDP Query User{583E76B3-288C-45A1-90BA-5958E46759D8}c:\\imt\\server32.exe"= TCP:c:\imt\server32.exe:WEBRAMI2
"{D252D218-FF26-4F53-A931-F816804FFCD1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{349621B6-92C4-4924-9C59-07787D5F44FE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/18/2009 12:23 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/26/2009 1:26 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/6/2009 10:05 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 3:31 PM 297752]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/29/2009 3:31 PM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:19]

2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{5B8F40E9-6CDA-465A-B342-AF080453C573}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\srwuzhzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=16934311&tool_id=61057&qkw=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\srwuzhzv.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}\components\Engine.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 22:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000006E6D655AD1767910E7 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

#37 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 October 2009 - 09:45 PM

Hi,

Part of that log got cut off on the bottom.

What issues are you having now?

Please try and explain in detain what issues remain.

Please do the following:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#38 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 03 October 2009 - 11:37 PM

completed scan. nothing to report! computer is running fine. still cannot access hijack, spybot, ad-aware and avg is off. should i delete them and re-download?

#39 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 October 2009 - 03:35 AM

Hi,

You don't need Hijack This, so just delete it.

Try uninstalling The other programs and reinstalling.

There is a removal tool for AVG -

AVG Remover utility removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc.
http://www.avg.com/f.../avgremover.exe


If AVG won't install correctly, try one of these other programs:

Avira AntiVir
Avast

(Note: only install ONE antivirus at a time)


Please post a fresh DDS Log and Attach.txt

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#40 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 04 October 2009 - 09:46 AM

it won't let me uninstall program-hijackthis, says need to be admin. i don't know how to switch to admin to delete it. i don't know what you mean by: Please post a fresh DDS Log and Attach.txt

    Advertisements

Register to Remove


#41 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 04 October 2009 - 09:51 AM

nothing i choose to save, saves to where i ask it to/or at all. the avg remover link, i saved it but it's not on desktop- did a search on computer also not there. i tried to save a pic to my downloads that i emailed myself to test if it is working and the pic is not there.

#42 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 04 October 2009 - 10:39 AM

also get a message from windows when i reboot that says a program is trying to change my search settings but has been blocked. i keep getting access denied message when trying to reload spybot. am unable to completely delete the program- system error code 1060. the specified service does not exist as an installed service. internet is running fine. all else is waaaayyyyy off. Malwarebytes' Anti-Malware 1.41 Database version: 2902 Windows 6.0.6002 Service Pack 2 10/4/2009 11:34:11 AM mbam-log-2009-10-04 (11-34-11).txt Scan type: Quick Scan Objects scanned: 92288 Time elapsed: 7 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#43 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 October 2009 - 10:55 AM

Hi,

right click the icon and choose to "run as Administrator"


Does the message tell you what program is trying to change your search settings?

Have you tried using both IE and Firefox to download programs?

DDS - Instructions:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#44 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 04 October 2009 - 01:03 PM

nothing is saving to my desktop, i cannot find it with windows explorer. i am having issues with admin. even if i right click and run as admin, i still get those messages. no it does not tell me which program is trying to change my settings. even if i download something from my email, it does not save. i am using firefox.

#45 entropy1120

entropy1120

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 04 October 2009 - 01:08 PM

if i am in control panel and want to delete a program, it says i don't have access. can't right click and run as admin.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users