954,229 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
2 Years Ago
0

Can't access any anti-virus url

As the title says, I can't access any anti-virus website, or Microsoft update, as well as getting random popups. I suspected the Conficker worm, so have ran two different removal tools (one from Symantic, one from Grisoft), as well as Microsoft's Malicious Software Removal tool, with no results reported and no change. The affected computer had Norton installed, which reported nothing. I removed Norton and installed AVG 8.5 (free version). It reported 37 problems found and repaired, but the problem still persists. I'll include a log of what it reported below. Tried to install Malwarebyte's Antimalware, and it won't even install; I double-click it, and nothing ever happens. This computer is a friend's, so I unfortunately have no idea where he may have been with it or what he may have been doing with it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:52 AM, on 8/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cub91.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=%s
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4487 bytes


AVG log (infections):

"C:\WINDOWS\explorer.exe (1612)";"Trojan horse Generic12.CASA";"Reboot is required to finish the action"
"C:\WINDOWS\instsp2.exe";"Trojan horse Downloader.Generic8.ABWY";"Moved to Virus Vault"
"C:\WINDOWS\system32\cviilz.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\deyagehu.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\dmgivq.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\fulefoze.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\guyohimu.dll";"Trojan horse Generic13.AMVO";"Moved to Virus Vault"
"C:\WINDOWS\system32\huyowoza.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\huyowoza.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\jorukiyi.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\nezogeju.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"c:\windows\system32\refobaju.dll";"Trojan horse Generic13.ARFX";"Moved to Virus Vault"
"c:\windows\system32\refobaju.dll";"Trojan horse Generic13.ARFX";"Moved to Virus Vault"
"C:\WINDOWS\system32\ketedoti.dll";"Trojan horse Downloader.Generic8.ABWN";"Moved to Virus Vault"
"C:\WINDOWS\system32\neletato.dll";"Trojan horse PSW.Agent.ZDA";"Moved to Virus Vault"
"C:\WINDOWS\system32\nezogeju.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\suwumuwo.dll";"Trojan horse Generic13.UWD";"Moved to Virus Vault"
"C:\WINDOWS\system32\winlogon.exe (776)";"Trojan horse Generic12.CASA";"Reboot is required to finish the action"
"C:\WINDOWS\system32\wqnggx.dll";"Trojan horse Generic13.AMVO";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\nudeleze.dll";"Trojan horse Generic13.SKB";"Moved to Virus Vault"
"C:\WINDOWS\system32\pubulasi.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\refobaju.dll";"Trojan horse Generic13.ARFX";"Moved to Virus Vault"
"C:\WINDOWS\system32\sesidasu.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\suwumuwo.dll";"Trojan horse Generic13.UWD";"Moved to Virus Vault"
"C:\WINDOWS\system32\toturobe.dll";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\velivomo.dll";"Trojan horse Generic13.IPJ";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\wolsmv.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\wqnggx.dll";"Trojan horse Generic13.AMVO";"Moved to Virus Vault"
"C:\WINDOWS\system32\xqrzbs.dll";"Trojan horse Generic13.SKB";"Moved to Virus Vault"
"C:\WINDOWS\system32\yekanezu.dll";"Trojan horse Vundo.FR";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"
"C:\WINDOWS\system32\zavidegu.dll";"Trojan horse Generic12.CASA";"Moved to Virus Vault"


AVG log (warnings):

"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\tirodehete";"Found registry key with reference to infected file C:\WINDOWS\system32\zavidegu.dll";"Moved to Virus Vault"
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\tirodehete";"Found registry key with reference to infected file C:\WINDOWS\system32\zavidegu.dll";"Moved to Virus Vault"
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\tirodehete";"Found registry key with reference to infected file C:\WINDOWS\system32\zavidegu.dll";"Deleted"
"C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@doubleclick[1].txt:\doubleclick.net.1d39bd48";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\tirodehete";"Found registry key with reference to infected file C:\WINDOWS\system32\zavidegu.dll";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tirodehete";"Found registry key with reference to infected file C:\WINDOWS\system32\zavidegu.dll";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPM33fcfd75";"Found registry key with reference to infected file c:\windows\system32\refobaju.dll";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@pro-market[2].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@pro-market[2].txt:\pro-market.net.266912e2";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@pro-market[2].txt";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@media.adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@clickbank[1].txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@clickbank[1].txt";"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@bs.serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

That is one very badly infected PC. It may well be too far gone to repair.
It may be worth giving Mbam a try, download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

I've tried to install Malwarebytes, please see in my original post, where I said, :



Tried to install Malwarebyte's Antimalware, and it won't even install; I double-click it, and nothing ever happens.



BTW (and please don't take this the wrong way, I'm not trying to question your knowledge, just learn from it), what stands out to make you say that its "one badly infected PC"? Thanks!

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0
what stands out to make you say that its "one badly infected PC"?


Your logs show several trojan infections.

Trojans often steal private data so if you do any form of online banking you should change all passwords by telephone as soon as possible to be on the safe side.


Open your "My Computer" and do a search for "mbam.exe", right click on it and rename it to scanner.exe and see if it will now run.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0
Your logs show several trojan infections.


Which log are you referring to? I know the AVG log does, but it took care of all of them. Do you mean that if it found that many, it probably missed some, or do you see some in the Hijackthis log as well?

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

The AVG log shows them. The HJT log shows them in a different way as it only shows their processes.
You should see if renaming Mbam will work as I suggested in post 4 as AVG is nowhere near as good as Mbam at finding and deleting them.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

Which of the processes that HJT shows is "suspect"? Again, I'm not trying to second-guess you or anything, I'm trying to learn. Everything there looks pretty well "normal" to me.

I've finally had success with Malwarebytes, but not exactly as you suggested. My original problem was that I couldn't even get the installer to run. I tried changing the name like you suggested (I should've known to try that, as I had to do the same thing with the AVG installer), and it installed without a hitch. Then, when I tried to run it, it wouldn't run. Tried to rename mbam.exe, but it still wouldn't run. Took a chance and clicked on mbamgui.exe, and it started up fine. It's scanning now, and I'll post the results as soon as I can after it finishes, but I may be a day or two before I get a chance to. Thanks for the help so far!

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Cool. We need Mbam to do it's work before tackling what's left over with HJT.

Make sure you update Mbam and get it to remove what it finds.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

OK, mbam finished scanning, and I finally have a chance to post the log. I really need to learn how to "read" and work with the registry. I don't know how to tell what's bad and what's normal, or much about determining what entry is related to what program. Anyway, here's my mbam log:


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/11/2009 10:00:41 PM
mbam-log-2009-08-11 (22-00-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106628
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TDSSdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Stephen\Application Data\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen\Application Data\VundoFixTool\Log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen\Application Data\VundoFixTool\Settings (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Desktop\MalwareBytes AntiMalware 1.34\Keygen.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen\Local Settings\Temp\TDSS707f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1688295344-1144294106-2770861676-1006\Dc4.34\Keygen.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoexh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmaxt.sys (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\Stephen\Application Data\VundoFixTool\rs.dat (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen\Application Data\VundoFixTool\Log\2009 Mar 19 - 08_30_31 PM_484.log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen\Application Data\VundoFixTool\Settings\ScanResults.pie (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\A_VPSchedule.txt (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\VundoFixTool Scheduled Scan.job (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Delete on reboot.


I have, indeed, rebooted, but haven't tried rescanning yet. I'll try it after I submit this post.

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

OK, I rescanned with Mbam, and it shows clean now. I've also tried to access various AV websites, and Microsoft, and it works now. So, what do you think, Rik, can I call it good now?

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

If you post an HJT log I will see if there is anything left over.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

OK, here's a new HJT log (fingers crossed!):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:36 PM, on 8/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\scanner.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cub91.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=%s
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4401 bytes

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Have HJT fix the following by placing a tick in the box next to each entry.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...9&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...9&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


Close all browsers then click "fix checked" in HJT.


Reboot your pc then post a fresh HJT log.

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

Sorry it took me so long to get back, things have been a little hectic here lately. I've had HJT fix everything you said. What made you say that those items were a problem? Are they just known problems, or is it the way they are written, or what? Again, I'm not trying to second-guess you, just learn. Anyway, I've rebooted, and rescanned, and here's the latest log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:26 PM, on 8/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cub91.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 3753 bytes

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

2 entries to fix via the same method as before.

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

Both have (no file) meaning they have bee deactivated and are no longer needed.

How is your PC acting now?
If it is ok then we are all done. :)

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

It's running much better now, thanks to your help with this! Latest HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:31 AM, on 8/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cub91.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 3637 bytes

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
Show Comments
1

Your HJT log looks clean.

I recon you can now mark this thread as solved if you are happy with how your PC is running. :)

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 
2 Years Ago
0

Yep, its running good now, thanks to your help. Marked as solved, and credit given to you. Thanks for all your help!

KF4SQB
Junior Poster in Training
93 posts since Sep 2004
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

No problem at all. If you keep Mbam up to date and use it regularly you should have few if any further malware problems. :)

Rik from RCE
Nearly a Posting Maven
2,335 posts since May 2009
Reputation Points: 127
Solved Threads: 199
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed