Trojan horse and Windows Vista

Dell / Inspiron 531
June 17, 2009 at 12:35:14
Specs: Windows Vista
I am running windows vista and originally used McAfee antivirus but now use AVG. My AVG states that I have a few Trojan Horses but when I try to eliminate them it says the vault is full even though it shows as empty. McAfee did not show any infections at all but would keep telling me that I needed to reload McAfee. I am at witts end and need help. Can anyone help me?

See More: Trojan horse and Windows Vista

Report •


#1
June 17, 2009 at 13:21:08
Post the name of virus and file name/location AVG detected.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
June 17, 2009 at 14:05:05
c:\windows\system32\gxvxcagqhwidvtoetvynmvyrpgdvcjdgxdfaj.dll is the file and AVG said that my computer is infected with Trojan horse crypt.eml. I have tried to locate the file and can not locate it. Please help!!

Report •

#3
June 17, 2009 at 14:16:24
Follow:
Pause/stop your current AV/Spyware boot into safe mode and run:

1) Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:

# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Attach Scan log/Summary to your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.

2) Run full scan with malwarebytes.


Report •

Related Solutions

#4
June 17, 2009 at 14:30:08
i would love to go to that website but for some reason it keeps coming up as website unknown. i have been having that problem since i got this trojan problem so i think that it is messing with my internet explorer. HELP

Report •

#5
June 17, 2009 at 14:34:48
Do you want to remove it manually? For that i would require some logs.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
June 17, 2009 at 14:39:54
if you can just talk me through it i am certain that i can do it

Report •

#7
June 17, 2009 at 14:49:03
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
June 17, 2009 at 15:23:11
i hate to keep bothering you but nothing i do seems to be working. i couldnt even pm you. every time i click on a link it comes up that address unknown. HHHHHEEEELLLLLPPPP

Report •

#9
June 17, 2009 at 15:27:58
Follow this in order numbered:

1) Change your dns servers to opendns: https://www.opendns.com/start/computer/ and reboot.

2) Retry Response Number 7

3) Still doesn't work if you have another computer available download it on there and transfer it via usb. If you don't have another working compute nearby let me know.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#10
Report •

#11
June 17, 2009 at 16:01:51

DDS (Ver_09-05-14.01) - NTFSx86
Run by Sabrina at 19:00:30.78 on Wed 06/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1045 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\AERTSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe


Report •

#12
June 17, 2009 at 16:04:25
============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.earthlink.net/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
TB: {F6B40D73-1671-4A2F-BD6F-B1DD69E0F9A0} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DIMDownloading your update...1215525192975] "c:\program files\corel\corel snapfire plus\dim.exe" "c:\programdata\corel\downloads\540220149_300355\1215525192975\dim_params.xml" -Launch=3
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion deluxe 3.0\calcheck.exe
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.11,85.255.112.139
TCP: {852693A5-6A4C-4323-92CD-EFB49A44571B} = 208.67.222.222,208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\516\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-17 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-17 108552]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-17 298776]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-15 30152]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-4 16896]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-12-18 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-8-25 18912]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2007-4-10 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [2007-4-10 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [2007-4-10 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [2007-4-10 100360]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [2007-4-10 98568]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-8-23 129832]

=============== Created Last 30 ================

2009-06-17 18:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 18:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 18:14 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 18:14 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-17 18:14 <DIR> --d----- c:\programdata\avg8
2009-06-17 18:14 <DIR> --d----- c:\progra~2\avg8
2009-06-17 15:18 <DIR> --d----- c:\users\sabrina\.housecall6.6
2009-06-15 12:24 <DIR> --d----- c:\program files\Panda Security
2009-06-15 11:41 <DIR> --d----- c:\program files\True Sword 5
2009-06-14 13:19 <DIR> --d----- c:\program files\AVG
2009-06-06 15:21 <DIR> --d----- c:\programdata\SiteAdvisor
2009-06-06 15:04 <DIR> --d----- c:\programdata\McAfee
2009-06-06 14:29 <DIR> --d----- c:\programdata\Citrix
2009-06-06 14:29 <DIR> --d----- c:\progra~2\Citrix
2009-06-06 14:26 <DIR> --d----- c:\program files\Citrix
2009-06-06 14:26 61,224 a------- c:\users\sabrina\GoToAssistDownloadHelper.exe
2009-06-06 14:12 <DIR> --d----- c:\programdata\Adobe
2009-06-06 13:57 <DIR> --d----- C:\temp
2009-06-04 21:23 <DIR> --d----- c:\program files\Walmart MP3 Music Downloads
2009-06-04 16:37 <DIR> --d----- c:\users\sabrina\appdata\roaming\MusicNet
2009-06-04 16:33 483,328 a------- c:\windows\system32\actskn45.ocx
2009-06-03 13:23 <DIR> --d----- c:\program files\MyWebSearch
2009-06-03 13:23 <DIR> --d----- c:\program files\FunWebProducts

==================== Find3M ====================

2009-05-06 22:52 606,848 a------- c:\windows\flashax.exe
2009-05-06 22:52 12,288 a------- c:\windows\impborl.dll
2009-04-06 14:16 102 a------- c:\users\sabrina\appdata\roaming\wklnhst.dat
2009-01-14 00:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-14 00:04 86,016 a------- c:\windows\inf\infstor.dat
2009-01-14 00:04 51,200 a------- c:\windows\inf\infpub.dat
2008-08-12 21:51 93,504 a------- c:\users\sabrina\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-07-18 22:21 174 a--sh--- c:\program files\desktop.ini
2008-07-18 22:07 665,600 a------- c:\windows\inf\drvindex.dat
2007-05-10 15:43 941,125 a------- c:\users\sabrina\PRO-ver355.exe
2006-11-14 12:14 954,184 a------- c:\users\sabrina\FREE-WRC.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-25 01:15 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-10-25 01:15 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-10-25 01:15 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-12 18:11 88 ---shr-- c:\windows\system32\29A0A5133F.sys
2009-01-12 18:11 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-08-23 12:45 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:01:22.04 ===============


Report •

#13
Report •

#14
June 17, 2009 at 16:21:02
Read: Response Number 7 Part 2. One file is missing. Also:
Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#15
Report •

#16
June 17, 2009 at 16:32:14
Follow Response Number 14 and post HijackThis log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#17
June 17, 2009 at 16:48:29
having problems with hijack this. first got blue screen and now it wont open properly.

Report •

#18
June 17, 2009 at 16:57:28
Blue screen ? What was the STOP error code?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
June 17, 2009 at 17:08:03
Problem signature
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Files that help describe the problem (some files may no longer be available)
Mini061709-01.dmp
sysdata.xml
Version.txt

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode: 1000008e
BCP1: C0000005
BCP2: 82288E24
BCP3: B5F6F39C
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Server information: c78bd084-bc31-467c-ac16-4c91dfa5d3b2


Report •

#20
June 17, 2009 at 17:15:24
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82275E24
BCP3: 81C3F39C
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini061709-04.dmp
C:\Users\Sabrina\AppData\Local\Temp\WER-58703-0.sysdata.xml
C:\Users\Sabrina\AppData\Local\Temp\WER34A.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?lin...


Report •

#21
June 17, 2009 at 17:24:37
Try to run Hijackthis in safe mode and generate a log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#22
June 17, 2009 at 17:47:18
i finally got it to work by going to hijack this website. here is the log link.
http://rapidshare.com/files/2457459...

Report •

#23
June 17, 2009 at 18:10:46
1. Rerun Hijackthis (scan only) and place checks beside the following entries

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC.

Restart make another(new) Hijackthis log and post it like before. Also try to redo Response Number 3.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#24
June 17, 2009 at 18:22:37
i did #23 but they came back after reboot. here is the new log link.

http://rapidshare.com/files/2457524...

i will try #3 again now


Report •

#25
June 17, 2009 at 19:53:06
Did you select the entries i told you and fixed them?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#26
June 17, 2009 at 20:20:39
yes and then i hit fix but they came back after reboot

Report •

#27
June 18, 2009 at 05:38:15
Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#28
June 18, 2009 at 14:00:30
should i stop the kaspersky avp from running it has been running all night and has not detected any infections. avg did show the same ones though. i am also not certain how to disable my antivirus and windows defender. kaspersky says i should finish scan on 6/20/2009 at 7:21 am.

Report •

#29
June 18, 2009 at 14:04:47
Stop the scan and follow: Response Number 27

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#30
June 18, 2009 at 14:25:39
ok i will

Report •

#31
June 18, 2009 at 15:11:18
here is combofix log link

http://rapidshare.com/files/2460733...


Report •

#32
June 18, 2009 at 15:15:43
should i enable my avg and firewall again

Report •

#33
June 18, 2009 at 15:17:27
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Please zip up C:\qoobox\quarantine and upload it to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded file.

2) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#34
June 18, 2009 at 15:33:25
i did everything except uninstall combofix. i tried but it kept saying invalid path. i dont know how to uninstall it any other way.

Report •

#35
June 18, 2009 at 15:36:36
Thanks for the files. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove the following:
1)Viewpoint Manager (Remove Only)

Then:

1) Run complete scan with http://onecare.live.com/site/en-Us/...

2) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

3) House cleaning. Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

Is your original problem fixed?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#36
June 18, 2009 at 15:41:21
so far it does seem as though it is gone. no more pop ups from avg

Report •

#37
June 18, 2009 at 19:35:23
here is malware log link

http://rapidshare.com/files/2461328...

here is super antispyware log link

http://rapidshare.com/files/2461329...

should i turn back on my avg and firewall yet?


Report •

#38
June 18, 2009 at 19:36:23
also should i uninstall these programs and delete these log files?

Report •

#39
June 18, 2009 at 19:52:01
Yes you can uninstall and delete old logs. Is your original problem solved?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#40
June 18, 2009 at 20:09:07
it looks like it is and i want to thank you so much for being so kind and considerate of someone who really didnt know what i was doing. thank you very much

Report •

#41
Report •

#42
June 24, 2009 at 09:59:58
I have an Hp with the neeew Vista program. I have a trojan horse virus, can you help me get this off?

Report •

#43
June 24, 2009 at 10:31:30
Start your own post with the problem.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question