Malware Simply Called "Antivirus Software"

M

mustardgas

New Member
Hi.

I posted on here a couple weeks back complaining about malware called "Vista Defender Pro" which practically took over my whole pc. Now I have new malware called "Antivirus Software" which is even worse. The pop ups are relentless, and I can't access ANYTHING on my pc. I can neither do an update on Malwarebytes (which seems necessary since a scan with the current version I have is not effective), nor uninstall malwarebytes to make room for a fresh version.

Last time I posted, the problem was quickly resolved. But someone on here (John35 or something like that) asked that I post my malwarebytes log/download hijackthis and post the latter's log. I didn't post the log of either. Was it crucial that I do so in order to avoid this current problem?

Please help.

Thanks.
-m
 
Respital

Respital

Active Member
mustardgas said:
Hi.

I posted on here a couple weeks back complaining about malware called "Vista Defender Pro" which practically took over my whole pc. Now I have new malware called "Antivirus Software" which is even worse. The pop ups are relentless, and I can't access ANYTHING on my pc. I can neither do an update on Malwarebytes (which seems necessary since a scan with the current version I have is not effective), nor uninstall malwarebytes to make room for a fresh version.

Last time I posted, the problem was quickly resolved. But someone on here (John35 or something like that) asked that I post my malwarebytes log/download hijackthis and post the latter's log. I didn't post the log of either. Was it crucial that I do so in order to avoid this current problem?

Please help.

Thanks.
-m
Click to expand...

This is absolutely crucial, we need these in order to further look into your system to determine any other problems and possibles fixes. Please post both of those in your next reply.
 
M

mustardgas

New Member
I'd be happy to post them, but how can I now? The virus has completely hijacked my system. No matter what I try to get at, a message pops up saying "something.exe is infected," or something to that effect. What should I do?
 
Respital

Respital

Active Member
mustardgas said:
I'd be happy to post them, but how can I now? The virus has completely hijacked my system. No matter what I try to get at, a message pops up saying "something.exe is infected," or something to that effect. What should I do?
Click to expand...

I recommend you run ComboFix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
NOTE: IF COMBOFIX FAILS TO RUN TRY RENAMING THE FILE TO 'ANYTHING.EXE' WITHOUT THE QUOTES

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

How to run a scan and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

In your next reply i will need:
  • The ComboFix log
  • A HiJackThis log
  • An update on how your computer is running
 
M

mustardgas

New Member
I can't download any of this onto my own computer, because my computer is completely hijacked. Right now I'm using my roommate's computer, which is clean. Should I download the programs you suggested onto my roommate's computer, then transfer them onto mine via flash drive? And if I do that, won't the virus still block the new programs? Should I save the programs to my flash drive, then wait until uploading them onto my own computer before installing them?
 
deanj20

deanj20

New Member
I removed this from a clients computer about a month ago. What a pain in the ass. You will need to boot into Safe Mode with Networking, and then do what Respital suggested. To enter Safe Mode with Networking, reboot the computer, and press F8 repeatedly until you get a black and white menu with several options, and choose Safe Mode with Networking. Then you should be able to follow the directions previously posted. :D

Post back and let us know.
 
M

mustardgas

New Member
I can't seem to connect to the internet while in safe mode. Is that normal? In any case, without the internet, I can't download what Respital recommends. Besides, even if I could download those things while in safe mode, will they carry over into normal mode?
 
Respital

Respital

Active Member
mustardgas said:
I can't download any of this onto my own computer, because my computer is completely hijacked. Right now I'm using my roommate's computer, which is clean. Should I download the programs you suggested onto my roommate's computer, then transfer them onto mine via flash drive? And if I do that, won't the virus still block the new programs? Should I save the programs to my flash drive, then wait until uploading them onto my own computer before installing them?
Click to expand...

Go ahead and do this.
 
johnb35

johnb35

Administrator
Staff member
If you can't get anything to run even in safe mode, try downloading and running Rkill, it will temporarily disable any active process running on your system, and then run malwarebytes and hijackthis. Download rkill here.

http://www.technibble.com/rkill-repair-tool-of-the-week/

Once you download and run this tool, DO NOT reboot the system as it will activate the malware again.

If you have a flash drive then save combofix to it and then boot to safe mode on your computer and then run it.
 
M

mustardgas

New Member
I tried uploading combofix onto my computer via flash drive, but the virus instantly blocked it and stated "the file combofix.exe is infected..." blah, blah, blah. So, I can't seem to get combofix onto my computer. What do I do?
 
johnb35

johnb35

Administrator
Staff member
Download the file rkill to see if it will kill it temporarily. The link is in my previous post. Do you have another computer that you can slave this drive in and scan it using a fully updated antivirus and malwarebytes?
 
deanj20

deanj20

New Member
You should be able to access the internet in Safe Mode with Networking. Not just regular safe mode.

I tried uploading combofix onto my computer via flash drive
Click to expand...

You'll have to do this in safe mode, too. If it's the same nasty I dealt with, it doesn't run in safe mode.

Remember - Safe Mode with Networking. :D :good:
 
M

mustardgas

New Member
Combofix Log- Created During Safe Mode

ComboFix 10-04-01.02 - filmmaker 04/02/2010 20:18:39.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.3109 [GMT -5:00]
Running from: H:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1983731332-1696846115-1830654632-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\users\filmmaker\AppData\Local\Microsoft\Windows\Temporary Internet Files\0riV4.jpg
c:\users\filmmaker\AppData\Local\Microsoft\Windows\Temporary Internet Files\3lfSi23K1.jpg
c:\users\filmmaker\AppData\Local\Microsoft\Windows\Temporary Internet Files\j650Ly55.jpg
c:\users\filmmaker\AppData\Local\Microsoft\Windows\Temporary Internet Files\oNJkd.jpg
c:\users\filmmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 01:25 . 2010-04-03 01:25 -------- d-----w- c:\users\filmmaker\AppData\Local\temp
2010-04-03 01:25 . 2010-04-03 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-03 01:15 . 2010-04-03 01:16 -------- d-----w- C:\32788R22FWJFW
2010-04-02 11:38 . 2010-04-02 11:38 -------- d-----w- c:\users\filmmaker\AppData\Local\vwhnyiffe
2010-04-02 02:55 . 2010-04-02 02:59 -------- d-----w- c:\users\filmmaker\AppData\Local\nos
2010-04-02 02:55 . 2010-04-02 02:55 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-04-02 02:55 . 2010-04-02 03:18 -------- d-----w- c:\programdata\NOS
2010-04-01 19:09 . 2010-04-01 19:09 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 19:09 . 2010-04-01 19:09 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 19:09 . 2010-04-01 19:09 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 19:09 . 2010-04-01 19:09 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 19:09 . 2010-04-01 19:09 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 19:09 . 2010-04-01 19:09 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 19:09 . 2010-04-01 19:09 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 19:09 . 2010-04-01 19:09 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-01 19:09 . 2010-04-01 19:09 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 19:09 . 2010-04-01 19:09 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 19:09 . 2010-04-01 19:09 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 19:09 . 2010-04-01 19:09 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 19:08 . 2010-04-01 19:08 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 19:08 . 2010-04-01 19:08 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-31 03:09 . 2010-03-31 03:09 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-29 07:15 . 2010-03-29 07:15 -------- d-----w- c:\program files\Gabest
2010-03-26 05:25 . 2010-03-26 05:25 -------- d-----w- c:\program files\iPod
2010-03-26 05:25 . 2010-03-26 05:26 -------- d-----w- c:\program files\iTunes
2010-03-26 05:19 . 2010-03-26 05:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-22 23:58 . 2010-03-22 23:58 -------- d-----w- c:\programdata\Comodo Downloader
2010-03-22 23:56 . 2010-04-02 03:43 -------- d-----w- c:\programdata\COMODO
2010-03-22 23:52 . 2010-03-22 23:52 -------- d-----w- c:\program files\COMODO
2010-03-19 08:52 . 2010-03-19 08:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-18 10:30 . 2010-03-18 10:30 -------- d-----w- c:\users\filmmaker\AppData\Roaming\Malwarebytes
2010-03-18 10:30 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 10:30 . 2010-03-19 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 10:30 . 2010-03-18 10:30 -------- d-----w- c:\programdata\Malwarebytes
2010-03-18 10:30 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:26 . 2010-03-13 19:26 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-05 03:14 . 2010-04-01 23:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\program files\AVG
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\programdata\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 00:55 . 2009-04-19 18:08 -------- d-----w- c:\users\filmmaker\AppData\Roaming\WTablet
2010-04-02 11:45 . 2009-04-14 22:47 -------- d-----w- c:\users\filmmaker\AppData\Roaming\uTorrent
2010-04-02 11:24 . 2009-03-07 01:56 7342 ----a-w- c:\users\filmmaker\AppData\Roaming\wklnhst.dat
2010-04-02 04:06 . 2009-03-04 00:39 70488 ----a-w- c:\users\filmmaker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 02:59 . 2009-02-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 02:57 . 2009-09-14 22:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-01 01:51 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-04-01 01:51 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-04-01 00:03 . 2009-03-08 14:53 55857 ----a-w- c:\programdata\nvModes.dat
2010-03-26 05:25 . 2009-10-25 02:05 -------- d-----w- c:\program files\Common Files\Apple
2010-03-26 05:23 . 2009-03-20 01:06 -------- d-----w- c:\program files\QuickTime
2010-03-18 09:34 . 2009-03-17 02:15 8268 ----a-w- c:\users\filmmaker\AppData\Local\d3d9caps.dat
2010-03-13 19:26 . 2010-03-13 19:26 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-13 19:26 . 2010-03-13 19:26 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-13 19:26 . 2010-03-05 03:14 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:26 . 2010-03-13 19:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:26 . 2010-03-05 03:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 19:25 . 2010-03-05 03:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 09:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 16:28 . 2010-03-30 20:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 20:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 20:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-05 03:14 . 2010-03-05 16:49 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-03-05 03:14 . 2010-03-13 19:24 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-03-05 03:14 . 2010-03-13 19:24 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-02-24 15:16 . 2009-10-03 23:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-11 09:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 09:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 09:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-01 01:45 . 2009-09-14 22:26 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 01:45 . 2009-09-14 22:22 38784 ----a-w- c:\users\filmmaker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-25 12:48 . 2010-02-23 21:33 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 21:33 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 21:33 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 21:33 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 21:33 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 21:33 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 21:33 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 21:33 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 21:33 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 21:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 01:01 . 2010-01-22 01:01 1 ----a-w- c:\users\filmmaker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-22 00:16 . 2010-01-22 00:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 19:33 . 2010-01-16 19:33 1956072 ----a-w- c:\users\filmmaker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-08 19:38 . 2010-01-08 19:38 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-08 19:37 . 2010-01-08 19:37 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-02-17 07:15 . 2009-02-17 07:15 75 --sh--r- c:\windows\CT4CET.bin
2009-02-17 08:34 . 2009-02-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"edmpcdub"="c:\users\filmmaker\AppData\Local\vwhnyiffe\vdqvidftssd.exe" [2010-04-02 270592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-24 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-04-18 36864]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-04 442467]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-18 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-18 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-08-18 96800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-22 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\filmmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-2-17 53248]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-13 1207376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-17 07:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-12-04 73728]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-27 2789672]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-24 183808]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 20:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-02 20:27:23
ComboFix-quarantined-files.txt 2010-04-03 01:27

Pre-Run: 102,235,049,984 bytes free
Post-Run: 102,692,622,336 bytes free

- - End Of File - - A344EA3ADEB1E895DB5C4EBD585340CE
 
M

mustardgas

New Member
deanj20 said:
You should be able to access the internet in Safe Mode with Networking. Not just regular safe mode.



You'll have to do this in safe mode, too. If it's the same nasty I dealt with, it doesn't run in safe mode.

Remember - Safe Mode with Networking. :D :good:
Click to expand...

I did do safe mode with networking. I did a search on my roommates computer and found that you can't connect to the internet wirelessly during safe mode. My connection is wireless.
 
deanj20

deanj20

New Member
Ah. That explains it. :eek: Don't I feel helpful. :rolleyes:

Just do what johnb35 suggests. He'll get you fixed right up. ;)
 
M

mustardgas

New Member
johnb35 said:
Now, can you post a hijackthis log?
Click to expand...

I saved the HJT download to my flash, uploaded it onto my computer in safe mode, then tried opening it for the install process only to get the following message: "Illegal operation attempted on a registry key that has been marked for deletion."
 
M

mustardgas

New Member
johnb35 said:
Download the file rkill to see if it will kill it temporarily. The link is in my previous post. Do you have another computer that you can slave this drive in and scan it using a fully updated antivirus and malwarebytes?
Click to expand...

I'm not sure what you mean.
 
You must log in or register to reply here.
Top