[Resolved] trojan:win32/renos.n
#31
Posted 03 October 2009 - 01:44 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
Register to Remove
#32
Posted 03 October 2009 - 03:45 PM
#33
Posted 03 October 2009 - 05:31 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#34
Posted 03 October 2009 - 08:58 PM
#35
Posted 03 October 2009 - 09:01 PM
Try this with AVG
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on the task bar.
- Click on Tools.
- Select Advanced Settings.
- In the left hand pane, scroll down to "Resident Shield".
- In the main pane, deselect the option to "Enable Resident Shield."
Try that, then run ComboFix
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#36
Posted 03 October 2009 - 09:26 PM
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.881 [GMT -5:00]
Running from: K:\ComboFix.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2009-10-04 03:19 . 2009-10-04 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 18:31 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:31 . 2009-10-03 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 18:31 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 13:15 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 13:15 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 13:15 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 13:15 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 13:14 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 13:14 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 13:14 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 13:14 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 13:14 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-30 18:07 . 2009-09-30 18:07 -------- d-----w- c:\windows\Sun
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\ca-ES
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\eu-ES
2009-09-28 23:30 . 2009-09-28 23:33 -------- d-----w- c:\windows\system32\vi-VN
2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\windows\system32\EventProviders
2009-09-27 18:43 . 2009-09-27 18:43 -------- d-----w- c:\users\Jennifer\AppData\Local\Adobe
2009-09-25 03:31 . 2009-09-25 03:31 -------- d-----w- c:\program files\PocketRAR
2009-09-24 03:16 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-09-24 03:15 . 2009-04-11 06:28 69632 ----a-w- c:\windows\system32\sendmail.dll
2009-09-17 00:10 . 2009-09-17 00:10 -------- d-----w- c:\users\Jennifer\AppData\Local\Apple
2009-09-10 23:07 . 2009-09-19 02:11 -------- d-----w- c:\users\Jennifer\AppData\Local\Apple Computer
2009-09-10 22:18 . 2009-09-10 22:18 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-09-10 22:18 . 2009-09-10 22:18 -------- d-----w- c:\programdata\Malwarebytes
2009-09-09 16:31 . 2009-09-09 16:31 -------- d-----w- c:\program files\iPod
2009-09-09 16:31 . 2009-09-09 16:31 -------- d-----w- c:\program files\iTunes
2009-09-07 23:52 . 2009-09-07 23:52 -------- d-----w- c:\program files\Trend Micro
2009-09-06 20:44 . 2009-09-06 20:44 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dBpoweramp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 02:55 . 2009-01-26 18:25 -------- d-----w- c:\programdata\avg8
2009-10-03 18:42 . 2008-02-13 04:01 680 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-10-01 04:45 . 2009-01-26 17:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-28 23:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-28 23:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-28 23:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-28 23:00 . 2009-03-04 03:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Azureus
2009-09-28 12:23 . 2009-03-04 03:28 -------- d-----w- c:\program files\Vuze
2009-09-14 02:08 . 2008-10-09 18:10 -------- d-----w- c:\program files\Java
2009-09-14 01:55 . 2009-08-23 19:36 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-09 16:38 . 2008-03-20 23:19 -------- d-----w- c:\program files\Safari
2009-09-09 16:31 . 2008-02-16 01:02 -------- d-----w- c:\program files\Common Files\Apple
2009-08-30 02:26 . 2009-08-30 02:27 286720 ----a-w- c:\windows\iun502.exe
2009-08-29 21:06 . 2009-01-26 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 17:18 . 2009-08-29 17:18 -------- d-----w- c:\users\Jennifer\AppData\Roaming\AccurateRip
2009-08-29 17:18 . 2009-08-29 17:18 14373 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-08-29 17:16 . 2009-08-29 17:16 2989 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\program files\Illustrate
2009-08-29 17:15 . 2009-08-29 17:16 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-08-29 00:27 . 2009-09-02 21:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 00:53 . 2008-09-30 04:33 -------- d-----w- c:\program files\Yahoo!
2009-08-23 19:37 . 2008-10-07 22:21 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Yahoo!
2009-08-23 19:37 . 2009-08-23 19:37 262144 ----a-w- C:\ntuser.dat
2009-08-23 19:36 . 2009-03-02 17:44 -------- d-----w- c:\programdata\Yahoo!
2009-08-20 18:32 . 2009-01-26 18:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 18:32 . 2009-01-26 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 18:32 . 2009-01-26 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 16:27 . 2009-09-09 20:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 20:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 20:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 20:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 20:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 20:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 20:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 20:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 20:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 20:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 20:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 19:09 . 2009-06-29 20:32 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-08 20:07 . 2009-08-08 20:07 -------- d-----w- c:\program files\Performance Designed Products
2009-07-25 10:23 . 2009-01-26 18:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:01 . 2009-07-28 21:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 21:49 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 18:26 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 18:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 18:26 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 18:26 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 18:25 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 20:35 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 20:35 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 20:35 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 20:35 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 20:35 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-02_22.08.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-14 04:24 . 2009-10-03 18:44 43866 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-03 18:44 62220 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-10-02 21:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-10-02 21:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-13 04:02 . 2009-10-03 18:44 9148 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1631534276-1343516910-3914046087-1000_UserData.bin
+ 2009-10-03 18:42 . 2009-10-03 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-03 18:42 . 2009-10-03 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-26 03:04 . 2009-10-03 18:18 248788 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 10:33 . 2009-10-03 18:47 594698 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-02 21:41 594698 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-02 21:41 100766 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-03 18:47 100766 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2009-10-02 21:16 1245184 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-04 02:53 1245184 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"P17Helper"="P17.dll" - c:\windows\System32\P17.DLL [2005-05-03 64512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-10 692224]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:23,f6,a6,4d,95,40,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D504D880-95D1-492C-ADAE-B576E239216B}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{A71B1F9C-9255-4273-8ADB-31B3ADFE0F98}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{3B996448-D309-4C77-A2B7-C4D414232053}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5521154B-CBFB-4B8C-A075-B1A56F929EF5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6F1839D4-9B31-4C83-AE8C-1BF363CA5A37}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5ECC7B7D-9FE9-4625-AF91-FE8869B0E635}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{043E93E7-5410-49E1-A795-EB9D7352155F}c:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= UDP:c:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"UDP Query User{DA3CDD47-60B6-494D-A1DA-C02887DFFA7D}c:\\program files\\gamehouse\\gemdrop\\gemdrop.exe"= TCP:c:\program files\gamehouse\gemdrop\gemdrop.exe:Super Gem Drop
"{EEFACC1F-CBBC-4EC3-9E24-0B943DC59D57}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F13C2B37-4D30-449C-BABB-38D400F161E9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CA32CC9B-8A1B-40D3-A59C-0405F8052CEC}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5442C98F-B894-4B74-9C31-CA6C3FD111A3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A006F9C2-4AB7-4093-ABB9-EDC5A41BF38B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{89E20C78-02BA-4802-AAE5-F9EC73EC54D6}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{BE3817D7-E7B6-49F8-96AA-4D505FC45CB7}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{F832FD03-118A-48A8-917E-01EB630DEBCD}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{89DD3D8B-A51F-449E-B250-7A408159C289}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{812F4C17-BB33-4451-9C2A-00C9B359DA72}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{27E7C1C8-D77C-4283-A51A-BE245F9240A1}c:\\imt\\server32.exe"= UDP:c:\imt\server32.exe:WEBRAMI2
"UDP Query User{583E76B3-288C-45A1-90BA-5958E46759D8}c:\\imt\\server32.exe"= TCP:c:\imt\server32.exe:WEBRAMI2
"{D252D218-FF26-4F53-A931-F816804FFCD1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{349621B6-92C4-4924-9C59-07787D5F44FE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/18/2009 12:23 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/26/2009 1:26 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/6/2009 10:05 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 3:31 PM 297752]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/29/2009 3:31 PM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:19]
2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{5B8F40E9-6CDA-465A-B342-AF080453C573}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\srwuzhzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=16934311&tool_id=61057&qkw=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\srwuzhzv.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}\components\Engine.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 22:20
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP0000006E6D655AD1767910E7 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
#37
Posted 03 October 2009 - 09:45 PM
Part of that log got cut off on the bottom.
What issues are you having now?
Please try and explain in detain what issues remain.
Please do the following:
**Vista users - right click on the IE icon and run as administrator
Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View scan report at the bottom.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#38
Posted 03 October 2009 - 11:37 PM
#39
Posted 04 October 2009 - 03:35 AM
You don't need Hijack This, so just delete it.
Try uninstalling The other programs and reinstalling.
There is a removal tool for AVG -
AVG Remover utility removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc.
http://www.avg.com/f.../avgremover.exe
If AVG won't install correctly, try one of these other programs:
Avira AntiVir
Avast
(Note: only install ONE antivirus at a time)
Please post a fresh DDS Log and Attach.txt
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#40
Posted 04 October 2009 - 09:46 AM
Register to Remove
#41
Posted 04 October 2009 - 09:51 AM
#42
Posted 04 October 2009 - 10:39 AM
#43
Posted 04 October 2009 - 10:55 AM
right click the icon and choose to "run as Administrator"
Does the message tell you what program is trying to change your search settings?
Have you tried using both IE and Firefox to download programs?
DDS - Instructions:
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txt's will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#44
Posted 04 October 2009 - 01:03 PM
#45
Posted 04 October 2009 - 01:08 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users