Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

GUYS HELP, I CANT INSTALL ANY ANTIVIRUS [Closed]


  • This topic is locked This topic is locked
31 replies to this topic

#1 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 May 2014 - 02:53 AM

I never used an anti virus before,I felt it was useless, Now I realise my mistake.

My computer always had minor problems, but lately its out of control.
I nnoticed it was rendering my utorrent and bittorrent inaccessible. But it didnt stop there. Now im not able to install any anti-virus. I have tried :
1)norton
2)mcafee
3)AVG
4) Avast
5)comodo
6)Avira
7) Malwarebytes

all of the above end up in failure of installation. Usually saying "Access Denied"
I tried everything in safe mode aswell.

Here is what im thinking is going on: A virus has infected my computer, and that virus is stopping me from downloading any anti-virus and also prevented me from downloading 4 Important Windows security updates.

I cant reformat my computer ( Windows 7 x32 bit, professional) as it has important files.

please someone help me out.
Thanks in advance.

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 May 2014 - 09:38 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 12 May 2014 - 10:12 AM

Thank you very much for helping me. I'm not able to get TDSSKIller as there is a problem(i attached a screenshot of this problem too). I have attached the logs your have requested :). Also i have uninstalled utorrent and any other pirated items.

Attached Thumbnails

  • Capture1.PNG

Attached Files


Edited by igotmacroed, 12 May 2014 - 10:15 AM.


#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 May 2014 - 11:47 AM

Hi,
 
Since you had a problem with TDSSKiller....give this a try.   :)
 
LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Posted Image
 
 

#5 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 May 2014 - 08:34 AM

EDIT#2:45 MALWARE PROBLEMS FOUND

EDIT#1:Some Malware was found!! Still running the scan. 3 were found so far.

Sorry for the late reply, I'm running the software now(which surprisingly installed,unlike every other software i tried installing).

Do you recommend I proceed with the clean up after its done scanning?

I will post the log after the scan is over.

And thanks again for agreeing to help me :)


Edited by igotmacroed, 14 May 2014 - 08:46 AM.


#6 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 May 2014 - 08:54 AM

heres the log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.611000 GHz
Memory total: 2145968128, free: 1123356672
 
Downloaded database version: v2014.05.14.06
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
     06/30/2014 00:22:42
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\VSTBS23.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvm62x32.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff86ee4ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff86ed17b8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86ee4030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff86edaca8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86ee3ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff86eda030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86eda5b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff86ed1030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85c79030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xffffffff855a8030
Lower Device Driver Name: \Driver\nvstor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85c79030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85c79d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85c79030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff855c1948, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff855a8030, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 606523617
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606523680  Numsec = 18612720
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86eda5b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ee3020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86eda5b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86ed1030, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86ee3ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ee37a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ee3ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86eda030, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86ee4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ee3498, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ee4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86edaca8, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86ee4ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ee47a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ee4ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86ed17b8, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Users\Hemanth\AppData\Local\Temp\{19AA0FBD-BAA5-491C-ABF7-F287C2492D4B}\Addons\assistant_v3.exe --> [Trojan.SProtector]
Infected: C:\Users\Hemanth\AppData\Local\Temp\{7725EC02-D093-40F3-A218-98B1ACC6CEF4}\Addons\assistant_v3.exe --> [Trojan.SProtector]
Infected: C:\Users\Hemanth\AppData\Local\Temp\nsx4BC0.tmp\Convert.dll --> [Trojan.Agent]
Infected: C:\Users\Hemanth\AppData\Roaming\msconfig.ini --> [Trojan.Agent]
Infected: C:\Users\Hemanth\AppData\Local\Temp\services.exe.mui --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL --> [Backdoor.Agent.MSC]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\win32.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger --> [Hijack.Security]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger --> [Hijack.Security]
Infected: C:\Users\Hemanth\AppData\Local\Temp\explorer.exe.mui --> [Heuristics.Reserved.Word.Exploit]
Scan finished

Edited by igotmacroed, 14 May 2014 - 08:55 AM.


#7 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2014 - 06:01 PM

Hi,

 

Yes, please go ahead and open Malwarebytes again but this time I would like for you to run a Threat Scan and then remove anything that is found and post the new log.

 

Was there a log created by ESET?


Posted Image
 
 

#8 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 May 2014 - 01:49 PM

After using the cleanup and scanning it again it still says 41 of the problems still come up. I tried cleanup several times,but those same 41 problems keep coming up when I scan again.
There was no ESET log.
The other log after cleanup I will be able to post in 8 hours.

#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 May 2014 - 03:39 PM

Sorry...I misread the topic (too many tabs open).   :(
 
Don't worry about ESET.
 
Please do the following....
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#10 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 16 May 2014 - 09:32 AM

I saved the combofix.exe to my desktop and did a scan. It worked,but I couldn't find any log or text document. So i downloaded it again and saved it onto my desktop but now every time this error is coming(I kept a screenshot)

Attached Thumbnails

  • Capture.PNG

    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 May 2014 - 12:55 PM

Did you take a look in your C:\ folder and look for ComboFix.txt?  If it is there, please post that.  :)


Posted Image
 
 

#12 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 18 May 2014 - 09:37 AM

I'm sorry,I looked everywhere,but it's not there.

#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 May 2014 - 11:38 AM

No worries.  
 
Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.
 
Disable your AntiVirus and AntiSpyware applications.
 
Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------


Posted Image
 
 

#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 May 2014 - 05:29 AM

Still with me?


Posted Image
 
 

#15 igotmacroed

igotmacroed

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 22 May 2014 - 01:17 AM

I am very sorry,didn't get an email saying you replied. I will try that now. Sorry for keeping you waiting.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users