Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: system restore? will it work

Page 2 of 5 1 2 345
Reply  
Thread Tools
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
27-Oct-2009, 03:26 PM #16
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
If you are not sure how to disable see this help page.



Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


NEXT

Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
Register for free to hide this ad!
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
28-Oct-2009, 01:36 PM #17
Attached is the Combofix log #1. I ran the ATF Cleaner after the Combfix log came up. I installed Malwarebytes, but it will not run. Currently, there are new Windows that I did not have before, or at least have not seen before. This one is entitled "Security Central". It came up after the Combofix ran.

I could not get the Malwarebytes to run yet, so my only log for you is Combofix.

ComboFix 09-10-27.07 - Mitchell 10/28/2009 7:43.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -5:00]
Running from: c:\documents and settings\Mitchell\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\buxuhto.exe
c:\docume~1\Mitchell\LOCALS~1\Temp\svchost.exe
c:\docume~1\Mitchell\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\Mitchell\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\29127627
c:\documents and settings\All Users\Application Data\29127627\29127627.bat
c:\documents and settings\All Users\Application Data\29127627\29127627.exe
c:\documents and settings\All Users\Application Data\55983333
c:\documents and settings\All Users\Application Data\55983333\55983333.exe
c:\documents and settings\All Users\Application Data\80165020
c:\documents and settings\All Users\Application Data\80165020\80165020.exe
c:\documents and settings\All Users\Application Data\ebedehil.sys
c:\documents and settings\All Users\Application Data\eqymyxy.reg
c:\documents and settings\All Users\Application Data\izylege.reg
c:\documents and settings\All Users\Application Data\kytakenud.com
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\okohonok.bin
c:\documents and settings\All Users\Application Data\ynibug.reg
c:\documents and settings\All Users\Documents\ylipu.pif
c:\documents and settings\Mitchell\Application Data\eviwaz._dl
c:\documents and settings\Mitchell\Application Data\lizkavd.exe
c:\documents and settings\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Mitchell\Application Data\seres.exe
c:\documents and settings\Mitchell\Application Data\svcst.exe
c:\documents and settings\Mitchell\Cookies\nasugyfywi._dl
c:\documents and settings\Mitchell\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Mitchell\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Mitchell\Desktop\Security Tool.lnk
c:\documents and settings\Mitchell\Desktop\Windows Police Pro.lnk
c:\documents and settings\Mitchell\Local Settings\Application Data\{632C469C-F8C4-43F7-BD88-88568110F26D}
c:\documents and settings\Mitchell\Local Settings\Application Data\{632C469C-F8C4-43F7-BD88-88568110F26D}\chrome.manifest
c:\documents and settings\Mitchell\Local Settings\Application Data\{632C469C-F8C4-43F7-BD88-88568110F26D}\chrome\content\_cfg.js
c:\documents and settings\Mitchell\Local Settings\Application Data\{632C469C-F8C4-43F7-BD88-88568110F26D}\chrome\content\overlay.xul
c:\documents and settings\Mitchell\Local Settings\Application Data\{632C469C-F8C4-43F7-BD88-88568110F26D}\install.rdf
c:\documents and settings\Mitchell\Local Settings\Application Data\ejafaxuci._dl
c:\documents and settings\Mitchell\Local Settings\Application Data\yzazyherum.pif
c:\documents and settings\Mitchell\Local Settings\Temporary Internet Files\begydulare.exe
c:\documents and settings\Mitchell\Local Settings\Temporary Internet Files\uwyqohasu.dat
c:\documents and settings\Mitchell\Local Settings\Temporary Internet Files\xesiropa.db
c:\documents and settings\Mitchell\ntuser.dll
c:\documents and settings\Mitchell\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Mitchell\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Mitchell\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Mitchell\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Mitchell\Start Menu\Programs\Security Tool.lnk
c:\documents and settings\Mitchell\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Mitchell\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\Mitchell\Start Menu\Programs\Windows Police Pro
c:\documents and settings\Mitchell\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
C:\dtacmawh.exe
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Antispyware
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\beloho._sy
c:\program files\Common Files\bobejy.inf
c:\program files\Common Files\uzudypi.dll
c:\program files\Common Files\veteqijec.ban
c:\program files\Common Files\ybujofuk.com
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\cafyq.vbs
c:\windows\ceapoe.dll
c:\windows\epecefudar._sy
c:\windows\eqecatev.dll
c:\windows\qixerelyn.inf
c:\windows\svohost.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\41.exe
c:\windows\system32\arizeg.dll
c:\windows\system32\AVR09.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\calc.dll
c:\windows\system32\cpcp.cpo
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ehovolisu.reg
c:\windows\system32\fujobila.exe
c:\windows\system32\gibetara.exe
c:\windows\system32\husugudi.dll
c:\windows\system32\jifujeme.exe
c:\windows\system32\lepayuje.dll
c:\windows\system32\lijujepo.exe
c:\windows\system32\nuar.old
c:\windows\system32\nubobevu.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pivojobe.exe
c:\windows\system32\plUGie.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qadekih.reg
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\skynet.dat
c:\windows\system32\terowuko.dll
c:\windows\system32\viveveno.dll
c:\windows\system32\voladeti.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\yyW4l.dll
c:\windows\system32\zanumoyu.exe
c:\windows\system32\zazaliwu.dll
c:\windows\ucicihor._sy
c:\windows\zexetugozi.ban

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf
-------\Legacy_WDefend
-------\Service_WDefend


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 12:15 . 2009-10-28 12:15 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\program files\NETGEAR
2009-10-28 12:15 . 2007-12-26 15:47 272128 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2009-10-28 12:15 . 2007-12-25 16:24 344064 ----a-w- c:\windows\system32\SCMLib.dll
2009-10-28 12:15 . 2007-12-18 20:46 266240 ----a-w- c:\windows\system32\WG1v2lib.dll
2009-10-28 12:15 . 2007-04-27 11:00 1069056 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 12:15 . 2006-07-27 19:26 36864 ----a-w- c:\windows\system32\RtlGina2.dll
2009-10-28 12:15 . 2005-07-20 09:53 966765 ----a-w- c:\windows\system32\acAuth.dll
2009-10-28 12:15 . 2005-01-25 19:30 143360 ----a-w- c:\windows\system32\IpLib.dll
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\documents and settings\Mitchell\Application Data\InstallShield
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Trend Micro
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-20 15:26 . 2009-10-27 12:15 58 ----a-w- c:\windows\wp4.dat
2009-10-20 15:26 . 2009-10-27 12:15 3 ----a-w- c:\windows\wp3.dat
2009-10-20 15:22 . 2009-10-28 12:12 0 ----a-w- c:\windows\Kwosifopaniy.bin
2009-10-20 15:22 . 2009-10-22 17:36 120 ----a-w- c:\windows\Ibuvadikujik.dat
2009-10-20 15:20 . 2009-10-20 15:20 11169 ----a-w- c:\documents and settings\Mitchell\Local Settings\Application Data\wubev.dat
2009-10-20 15:20 . 2009-10-20 15:20 11044 ----a-w- c:\windows\xadymiz.dat
2009-10-20 15:19 . 2009-10-20 15:19 -------- d-----w- c:\program files\Security Central
2009-10-20 15:18 . 2009-10-20 15:18 53248 ----a-w- C:\ldvx.exe
2009-10-20 15:18 . 2009-10-20 15:18 27648 ----a-w- C:\vyiy.exe
2009-10-15 13:51 . 2009-10-15 13:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 12:32 . 2009-10-28 12:32 0 ---ha-w- c:\windows\system32\BIT8.tmp
2009-10-28 12:15 . 2004-07-30 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 05:01 . 2007-10-05 19:33 -------- d-----w- c:\program files\LogMeIn
2009-10-20 15:20 . 2009-10-20 15:20 17594 ----a-w- c:\documents and settings\Mitchell\Application Data\wanehebis.dat
2009-10-13 17:30 . 2006-09-13 13:05 -------- d-----w- c:\documents and settings\Mitchell\Application Data\AdobeUM
2009-10-13 12:41 . 2007-08-08 15:45 -------- d-----w- c:\program files\Access 97 Runtime
2009-10-02 20:17 . 2009-09-02 17:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-02 12:14 . 2007-10-05 19:33 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 12:14 . 2007-10-05 19:33 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 12:14 . 2007-10-05 19:33 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-28 18:45 . 2008-09-02 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 20:06 . 2004-07-30 20:28 98472 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 12:00 . 2007-05-25 20:22 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-09 12:00 . 2007-05-25 20:22 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-03-30 01:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 17:46 . 2009-09-02 17:46 0 ----a-w- c:\windows\nsreg.dat
2009-09-02 17:46 . 2009-09-02 17:46 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Thunderbird
2009-08-29 08:08 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-03-19 22:43 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2007-08-09 11:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2007-08-09 11:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-08-09 11:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-04-17 02:45 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-03-19 22:45 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-03-19 22:34 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2007-08-09 11:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-03-19 22:45 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 1980-01-01 05:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-20 15:24 . 2009-07-20 15:24 27136 --sha-w- c:\windows\SYSTEM32\lefopiwo.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Security Central"="c:\program files\Security Central\Security Central.exe" [2009-10-20 1317376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-10-28 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 13:29 10520 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 12:14 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/14/2009 6:12 PM 231704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [10/5/2007 2:33 PM 47640]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\SYSTEM32\DRIVERS\lknuhst.sys [4/30/2008 11:37 AM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\SYSTEM32\DRIVERS\lknuhub.sys [4/30/2008 11:37 AM 37248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [10/28/2009 7:15 AM 272128]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/14/2009 6:12 PM 325128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jics.org/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4EF5B7A8-C522-4373-A8E7-561515415A95} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -

BHO-{becffbca-413b-49e7-9cd7-164ff7952903} - nubobevu.dll
HKCU-Run-inixs - c:\windows\system32\minix32.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Xbifugahopir - c:\windows\eqecatev.dll
HKLM-Run-29127627 - c:\documents and settings\All Users\Application Data\29127627\29127627.exe
HKLM-Run-hitimozem - c:\windows\system32\terowuko.dll
HKLM-Run-55983333 - c:\docume~1\ALLUSE~1\APPLIC~1\55983333\55983333.exe
HKLM-Run-vasazilegu - viveveno.dll
SharedTaskScheduler-{e536cd76-e145-4ba9-a092-b85f28cc7ee5} - c:\windows\system32\terowuko.dll
SSODL-kiguzunuk-{e536cd76-e145-4ba9-a092-b85f28cc7ee5} - c:\windows\system32\terowuko.dll
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 07:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x ?e???x???x???????????????????x???X???????x???x???????????x???8???????x???x? ?????????? ???????????0????????????????D?w????????????7??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,a8,95,a7,66,f3,c0,46,83,5b,68, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,a8,95,a7,66,f3,c0,46,83,5b,68, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\mysql\bin\mysqld-max-nt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF26623.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 8:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 13:00

Pre-Run: 122,124,144,640 bytes free
Post-Run: 122,264,330,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 983A51BFF49A823BD6EF65FF64083307
__________________
There's always hope.....
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
28-Oct-2009, 01:57 PM #18
Using ProcessExplorer, I was able to kill the Security Central process and get Malwarebytes to finally run. Attached is the log from the quick scan of Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/28/2009 12:53:26 PM
mbam-log-2009-10-28 (12-53-26).txt

Scan type: Quick Scan
Objects scanned: 98335
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Upgr adeCodes\e20d6ec50a67ec04083b1251f2935d09 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________
There's always hope.....
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
28-Oct-2009, 10:18 PM #19
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the code box below into it:

Code:
File::
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\Kwosifopaniy.bin
c:\windows\Ibuvadikujik.dat
c:\documents and settings\Mitchell\Local Settings\Application Data\wubev.dat
c:\windows\xadymiz.dat
C:\ldvx.exe
C:\vyiy.exe
c:\windows\system32\BIT8.tmp
c:\windows\SYSTEM32\lefopiwo.exe
Folder::
c:\program files\Security Central
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security Central"=-
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
29-Oct-2009, 09:12 AM #20
Thanks for the help cybertech, below is combofix log #2.

One note: when I dragged the txt file into Combofix, it said there was a newer version available and asked if I wanted it. I said yes. It then restarted. I don't know if that affected the CFScript.txt file being ran in any way.


ComboFix 09-10-28.06 - Mitchell 10/29/2009 8:00.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.546 [GMT -5:00]
Running from: c:\documents and settings\Mitchell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mitchell\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Mitchell\Local Settings\Application Data\wubev.dat"
"C:\ldvx.exe"
"C:\vyiy.exe"
"c:\windows\Ibuvadikujik.dat"
"c:\windows\Kwosifopaniy.bin"
"c:\windows\system32\BIT8.tmp"
"c:\windows\SYSTEM32\lefopiwo.exe"
"c:\windows\wp3.dat"
"c:\windows\wp4.dat"
"c:\windows\xadymiz.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mitchell\Local Settings\Application Data\wubev.dat
C:\ldvx.exe
c:\program files\Security Central
c:\program files\Security Central\Security Central.exe
C:\vyiy.exe
c:\windows\Ibuvadikujik.dat
c:\windows\Kwosifopaniy.bin
c:\windows\system32\BIT8.tmp
c:\windows\SYSTEM32\lefopiwo.exe
c:\windows\wp3.dat
c:\windows\wp4.dat
c:\windows\xadymiz.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Malwarebytes
2009-10-28 17:28 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 17:28 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 12:15 . 2009-10-28 12:15 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\program files\NETGEAR
2009-10-28 12:15 . 2007-12-26 15:47 272128 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2009-10-28 12:15 . 2007-12-25 16:24 344064 ----a-w- c:\windows\system32\SCMLib.dll
2009-10-28 12:15 . 2007-12-18 20:46 266240 ----a-w- c:\windows\system32\WG1v2lib.dll
2009-10-28 12:15 . 2007-04-27 11:00 1069056 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 12:15 . 2006-07-27 19:26 36864 ----a-w- c:\windows\system32\RtlGina2.dll
2009-10-28 12:15 . 2005-07-20 09:53 966765 ----a-w- c:\windows\system32\acAuth.dll
2009-10-28 12:15 . 2005-01-25 19:30 143360 ----a-w- c:\windows\system32\IpLib.dll
2009-10-28 12:15 . 2009-10-28 12:15 -------- d-----w- c:\documents and settings\Mitchell\Application Data\InstallShield
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Trend Micro
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-23 18:51 . 2009-10-23 18:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-15 13:51 . 2009-10-15 13:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 12:50 . 2007-10-05 19:33 -------- d-----w- c:\program files\LogMeIn
2009-10-28 12:15 . 2004-07-30 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 15:20 . 2009-10-20 15:20 17594 ----a-w- c:\documents and settings\Mitchell\Application Data\wanehebis.dat
2009-10-13 17:30 . 2006-09-13 13:05 -------- d-----w- c:\documents and settings\Mitchell\Application Data\AdobeUM
2009-10-13 12:41 . 2007-08-08 15:45 -------- d-----w- c:\program files\Access 97 Runtime
2009-10-02 20:17 . 2009-09-02 17:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-02 12:14 . 2007-10-05 19:33 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 12:14 . 2007-10-05 19:33 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 12:14 . 2007-10-05 19:33 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-28 18:45 . 2008-09-02 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 20:06 . 2004-07-30 20:28 98472 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 12:00 . 2007-05-25 20:22 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-09 12:00 . 2007-05-25 20:22 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 21:03 . 2004-03-30 01:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 17:46 . 2009-09-02 17:46 0 ----a-w- c:\windows\nsreg.dat
2009-09-02 17:46 . 2009-09-02 17:46 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Thunderbird
2009-08-29 08:08 . 2006-06-23 15:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-03-19 22:43 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2007-08-09 11:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2007-08-09 11:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-08-09 11:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-04-17 02:45 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-03-19 22:45 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-03-19 22:34 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2007-08-09 11:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-03-19 22:45 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 1980-01-01 05:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-10-28 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 13:29 10520 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 12:14 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/14/2009 6:12 PM 231704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [10/5/2007 2:33 PM 47640]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\SYSTEM32\DRIVERS\lknuhst.sys [4/30/2008 11:37 AM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\SYSTEM32\DRIVERS\lknuhub.sys [4/30/2008 11:37 AM 37248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [10/28/2009 7:15 AM 272128]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/14/2009 6:12 PM 325128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - PCIIDEX_2
*NewlyCreated* - PROCEXP113
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jics.org/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4EF5B7A8-C522-4373-A8E7-561515415A95} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x ?e???x???x???????????????????x???X???????x???x???????????x???8???????x???x? ?????????? ???????????0????????????????D?w????????????7??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,a8,95,a7,66,f3,c0,46,83,5b,68, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,a8,95,a7,66,f3,c0,46,83,5b,68, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-29 8:06
ComboFix-quarantined-files.txt 2009-10-29 13:06
ComboFix2.txt 2009-10-28 13:01

Pre-Run: 122,247,532,544 bytes free
Post-Run: 122,188,447,744 bytes free

- - End Of File - - 3A31EC3003D9C7CD3B1C088AAB0DD321
__________________
There's always hope.....
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 10:34 AM #21
Have you tried Malwarebytes again?
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
30-Oct-2009, 10:56 AM #22
Was waiting to follow your instructions.... I just ran a quick scan and it did not find anything. Going to run a full scan now. Here is the log from the Malwarebytes Quick Scan.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/30/2009 9:51:57 AM
mbam-log-2009-10-30 (09-51-57).txt

Scan type: Quick Scan
Objects scanned: 98061
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________
There's always hope.....
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 11:04 AM #23
Ok. Post a new hijackthis log with the next malwarebytes log.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
30-Oct-2009, 11:41 AM #24
Quote:
Originally Posted by jssch View Post
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/30/2009 9:51:57 AM
mbam-log-2009-10-30 (09-51-57).txt
jssch:

You need to remember to click Update(tab) and get the definition files up-to-date BEFORE running a scan.

The current database version is 3060 and your log shows 2775.

-------------------------------------------------------------
Last edited by flavallee; 30-Oct-2009 at 01:11 PM..
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
30-Oct-2009, 01:04 PM #25
Editing this post because I just saw the previous post about updating Mbytes. So, took old log off. Will post new one asap.

Updated Mbytes and ran full scan, Here is the Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3

10/30/2009 12:59:20 PM
mbam-log-2009-10-30 (12-59-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185360
Time elapsed: 50 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System tool (Rogue.SysGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf 98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\buxuhto.exe.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\dtacmawh.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\29127627\29127627.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\55983333\55983333.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\80165020\80165020.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitchell\ntuser.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitchell\Application Data\lizkavd.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitchell\Application Data\seres.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitchell\Application Data\svcst.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Mitchell\Start Menu\Programs\Startup\scandisk.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AVEngn.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\Uninstall.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\wscui.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\ceapoe.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\svohost.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fujobila.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\AVR09.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\calc.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cpcp.cpo.vir (Backdoor.Bredavi) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gibetara.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\husugudi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lepayuje.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lijujepo.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nubobevu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\terowuko.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\viveveno.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\voladeti.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhelper.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winupdate.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yyw4l.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zanumoyu.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zazaliwu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_scui.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000026.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000028.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jijunuse.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mitchell\Desktop\Security Central.LNK (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Central.LNK (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------
HJT log after running Mbytes full scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:18 PM, on 10/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jics.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: Domain = jics.org
O17 - HKLM\System\CS3\Services\Tcpip\..\{4EF5B7A8-C522-4373-A8E7-561515415A95}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 7416 bytes
__________________
There's always hope.....
Last edited by jssch; 30-Oct-2009 at 02:11 PM..
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 02:38 PM #26
Thanks for watching my back Frank!


jssch - How are things now?
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
30-Oct-2009, 02:48 PM #27
Awesome! Just tried to crank up safe mode to see if it fixed my inability to run in that mode and it worked! Running as if everything is clear..... going to reinstall antivirus now. Any last suggestions before I do that?

I know flavallee was going to help me with something he saw in the first HJT log once you were done performing life/death surgery on me
__________________
There's always hope.....
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 03:55 PM #28
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


When flavallee is done with you, you should Clean up your PC
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
30-Oct-2009, 07:13 PM #29
jssch:

Now you see why you need to update the definition files before running a Malwarebytes scan? You went from 0 infections found to 43 infections found - and fixed.

Go here and click the green icon to download AVG Free Edition 9.0.698. Close all open windows and then install it. It'll overwrite and replace your current version. Decline to install the AVG toolbar and the Yahoo search engine. After you're prompted to restart, run the optimized scan. It'll tie up your computer for several minutes, so leave your computer alone during that time.

After AVG is all finished, start HijackThis and run a scan. Post that new updated log here, then we'll get started on trimming down the startup load.

-----------------------------------------------------------------

cybertech:

You rest and recooperate, and I'll keep watching your back.

-----------------------------------------------------------------
Last edited by flavallee; 30-Oct-2009 at 07:21 PM..
jssch's Avatar
Member with 433 posts.
  
Join Date: Nov 2000
Location: James Island, SC
02-Nov-2009, 11:46 AM #30
problem getting AVG to install/uninstall correctly
Thanks flavallee,

I went through the steps to install AVG again and am running into installation problems. I have just posted on the AVG forum as well. Here is the error message I am getting:

Local machine: installation failed
Installation:
Warning: Preparation to unload of the service avg9wd failed.
HRESULT 0x80004005
Error: Action failed for file avgwdsvc.exe: stopping service....
The requested control is not valid for this service.

I get the same message when I try to uninstall AVG from the system. I tried to uninstall thinking I needed a clean installation.
__________________
There's always hope.....
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 5 1 2 345

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 05:59 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.