BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!  
Forum Quick Jump
 
New Topic Post reply to : HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS! Printable version of : HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
[ << Previous Thread | Next Thread >> ]

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 5/28/2009 4:30 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Hey, i've got some viruses and my computer and its disabled registry editing and crt alt delete, and i've tried to do a lot to get rid of it but everytime i try to install an antivirus it just makes an error or says it can't edit the name and rolls back the changes,


can anyone help me out?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 5/29/2009 5:49 AM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Hello  kamran500  smile
 
 
Please download combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 5/29/2009 11:46 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Ok i tried to start up combofix but no prompts came up, then a blank blue notepad sort of program came up and then an application error message by ping.exe shows up saying

'the instruction at ''0x5a0030fa'' a referenced memory at ''0x00a6b380'', the memory could not be read''. click ok to terminate program'

after i clicked ok another error message came up saying

the instruction at ''0x5a0018d6'' a referenced memory at ''0x5a01fe04'', the memory could not be ''written''. click ok to terminate program'

and then i'm left with the blank blue program.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 5/30/2009 6:33 AM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Try this scanner ->
 
 
 to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility.
When the scan has finished, two logs will open.
Copy and paste both reports in this topic.
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

 
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 6/1/2009 5:25 AM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Good grief, what have you done  shocked
 
 
The log is impossible to read.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 6/1/2009 6:22 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
lol it just came out like that on the notepad like thing, when i started up the screen saver thing you sent me
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 6/2/2009 12:59 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
I´ve deleted the log ;-)


Rigthclick on DDs.scr and rename it to DDs.com
Post new log, if it is readable


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/18/2009 10:05 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
sorry for taking so long to reply, ive been very busy
Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/18/2009 10:06 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
DDS (Ver_09-05-14.01) - NTFSx86
Run by Kamran 2 at 12:23:19.53 on Sat 07/18/2009
Internet Explorer: 7.0.5730.11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://home.alot.com/?client_id=A49E342001C9CE65005CABC1&install_time=06-05-2009:17:13&src_id=11028&camp_id=162&tb_version=2.4.2.399
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,c:\windows\system32\twext.exe,c:\windows\system32\msupdt.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MSN helper: {10c0b0c0-fc01-473b-8ebb-4376353f96e4} - bekbn.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: MS extension: {7c7efe99-c71f-48b8-8cc8-ba506ca76a33} - magks32.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic professional 7\SMSystemAnalyzer.exe"
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SYS32DLL] SYS32DLL
uRun: [Internet Antivirus Pro] "c:\program files\internet antivirus pro\IAPro.exe" /s
uRun: [SYSDLL] SYSDLL
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 4.0 suite\ulead quick-drop 1.0\Quick-Drop.exe" WINDOWCALL
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [Norton] c:\program files\asus\wlan card utilities\NorExec.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [sysldtray] c:\windows\ld08.exe
mRun: [brastia] brastia.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.runaware.com/dolphin/wficat.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141481718203
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================


==================== Find3M ====================

2009-06-03 17:44 17,408 a------- c:\windows\system32\SYSDLL.exe
2009-05-31 20:36 70,144 a------- c:\windows\system32\inform.dat
2009-05-31 20:36 42,496 a------- c:\windows\system32\bekbn.dll
2009-05-29 22:26 388,608 a------- c:\windows\system32\CF12432.exe
2009-05-29 22:10 388,608 a------- c:\windows\system32\CF9294.exe
2009-05-29 22:04 17,408 a------- c:\windows\st_1243640061.exe
2009-05-29 22:04 388,608 a------- c:\windows\system32\CF8271.exe
2009-05-28 15:12 17,408 a------- c:\windows\st_1243534364.exe
2009-05-28 15:04 15,872 a------- c:\windows\st_1243551312.exe
2009-05-28 11:13 17,408 a------- c:\windows\st_1243508593.exe
2009-05-27 13:31 34,304 a------- c:\windows\system32\magks32.dll
2009-05-27 12:47 17,408 a------- c:\windows\st_1243452725.exe
2009-05-27 11:00 124,928 a------- c:\windows\system32\sopidkc.exe
2009-05-27 11:00 158,720 a------- c:\windows\system32\tpsaxyd.exe
2009-05-27 07:14 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-05-26 23:41 17,408 a------- c:\windows\st_1243388353.exe
2009-05-26 22:30 17,408 a------- c:\windows\st_1243403935.exe
2009-05-26 21:37 23,040 a------- c:\windows\system32\file.exe
2009-05-25 17:06 14,848 a---h--- c:\windows\ld08.exe
2009-05-24 15:25 23,552 ----h--- c:\windows\romeo15.exe
2009-05-24 15:25 41,984 ----h--- c:\windows\freddy43.exe
2009-05-20 17:35 13,312 ----h--- c:\windows\pp10.exe
2009-05-19 15:33 5,453 a------- c:\windows\st_1242762082.exe
2009-05-19 15:33 5,461 a------- c:\windows\st_1242743654.exe
2009-05-19 15:23 28,672 a------- c:\program files\common files\file.exe
2009-05-19 15:23 2,270,756 a------- c:\program files\common files\InternetAntivirusPro.exe
2009-05-19 15:20 13,312 ----h--- c:\windows\pp09.exe
2009-05-19 14:35 12,800 ----h--- c:\windows\pp08.exe
2009-05-18 15:03 16,384 a------- c:\windows\st_1242673882.exe
2009-05-18 15:03 16,896 a------- c:\windows\st_1242655454.exe
2009-05-05 15:01 10,752 ----h--- c:\windows\pp06.exe
2009-05-03 12:58 4,812 a------- c:\docume~1\kamran~1\applic~1\wklnhst.dat
2009-04-22 15:33 34,304 a------- c:\windows\system32\fow64.dll
2007-12-07 19:23 92,040 a------- c:\docume~1\kamran~1\applic~1\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-04-05 18:41 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:24:02.21 ===============
Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/18/2009 10:06 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
it says the other file should be attached but i dont know how to attach it
Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/18/2009 10:31 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
should i just copy and paste the stuff that was on the attach file?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 7/19/2009 6:55 AM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
No need for attach file now.
 
  by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop
 
Start Avenger
 
--------------------------------------------------------
 
Files to delete:
c:\windows\system32\SYSDLL.exe
c:\windows\system32\inform.dat
c:\windows\system32\bekbn.dll
c:\windows\system32\CF12432.exe
c:\windows\system32\CF9294.exe
c:\windows\st_1243640061.exe
c:\windows\system32\CF8271.exe
c:\windows\st_1243534364.exe
c:\windows\st_1243551312.exe
c:\windows\st_1243508593.exe
c:\windows\system32\magks32.dll
c:\windows\st_1243452725.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\dpcxool64.sys
c:\windows\st_1243388353.exe
c:\windows\st_1243403935.exe
c:\windows\system32\file.exe
c:\windows\ld08.exe
c:\windows\romeo15.exe
c:\windows\freddy43.exe
c:\windows\pp10.exe
c:\windows\st_1242762082.exe
c:\windows\st_1242743654.exe
c:\program files\common files\file.exe
c:\program files\common files\InternetAntivirusPro.exe
c:\windows\pp09.exe
c:\windows\pp08.exe
c:\windows\st_1242673882.exe
c:\windows\st_1242655454.exe
c:\windows\pp06.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
c:\windows\system32\msupdt.exe
Folders to delete:
c:\program files\ares
c:\program files\internet antivirus pro
 
------------------------------------------------------
Copy/Paste all the text  in Bold into the main window
Click Execute
 
The Avenger will automatically do the following:
It will Restart your computer.
 
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
 
This log file will be located at  C:\avenger.txt
 
Post C:\avenger.txt in next reply.
 
 
If you can run combofix now, please do:
 
Download combofix here ->
Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.
 
 
Post that log, along with avenger txt
 
 
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/19/2009 12:10 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
i tried to start up avenger but it won't let me
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 7/19/2009 12:42 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
Rename it to anger.com and see if it will run.
 
Otherwise try this:
 
Download and run combofix here ->
Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

kamran500
New Member


Date Joined May 2009
Total Posts : 11
 
   Posted 7/19/2009 1:41 PM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
thanks for all the help my computers back to normal and everything works again now
Back to Top
 

Billy111890
New Member


Date Joined Apr 2010
Total Posts : 1
 
   Posted 4/20/2010 4:28 AM (GMT +2)    Quote: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!Alert an admin about: HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
ComboFix 10-04-18.04 - Billy Cunningham 04/19/2010 20:55:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1743 [GMT -5:00]
Running from: c:\users\Billy Cunningham\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1979162389-1941881892-3831843016-500
c:\$recycle.bin\S-1-5-21-427780325-685722781-619065541-500
c:\users\Billy Cunningham\AppData\Roaming\CyberDefender
c:\users\Billy Cunningham\AppData\Roaming\CyberDefender\Registry Cleaner\lastresults.cdr
c:\windows\system32\spool\prtprocs\w32x86\00002d18.tmp
c:\windows\system32\Thumbs.db
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 02:06 . 2010-04-20 02:07 -------- d-----w- c:\users\Billy Cunningham\AppData\Local\temp
2010-04-20 02:06 . 2010-04-20 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 23:55 . 2010-04-19 23:55 -------- d-----w- c:\windows\Sun
2010-04-19 22:47 . 2010-04-19 22:47 1721704 ----a-w- c:\programdata\TOSHIBA\TSS\Plugins\SwUpdates\Packages\5d4dcd63-0e0d-46f3-850e-c0d1ea03fb21\143450_13.13.48.os2010009a_150.exe
2010-04-19 22:44 . 2010-04-19 22:46 24579968 ----a-w- c:\programdata\TOSHIBA\TSS\Plugins\SwUpdates\Packages\ccc50d41-4e71-426e-be0a-5163de4e5d12\165734_11.30.03.TC00174800D.exe
2010-04-19 22:37 . 2010-04-19 22:37 680 ----a-w- c:\users\Billy Cunningham\AppData\Local\d3d9caps.dat
2010-04-19 16:24 . 2010-04-19 16:24 -------- d-----w- c:\program files\Google
2010-04-19 04:04 . 2010-04-19 04:04 95768 ----a-w- c:\users\Billy Cunningham\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-19 02:33 . 2010-04-19 02:33 -------- d-----w- c:\users\Billy Cunningham\AppData\Local\SDLSDWWR
2010-04-14 22:58 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 22:58 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 22:58 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 22:57 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 22:57 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 22:57 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 22:57 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 22:57 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 22:57 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 10:35 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 10:35 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 23:57 . 2009-09-05 22:41 1 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 16:27 . 2010-01-10 06:17 -------- d-----w- c:\program files\Common Files\AOL
2010-04-19 16:24 . 2009-05-04 03:34 -------- d-----w- c:\program files\Picasa2
2010-04-17 05:43 . 2009-11-10 05:31 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\vlc
2010-04-17 04:01 . 2009-09-06 00:20 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\BitTorrent
2010-04-08 16:36 . 2009-09-17 01:37 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Skype
2010-04-08 16:19 . 2009-09-17 01:40 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\skypePM
2010-03-24 18:37 . 2010-03-13 00:48 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-24 18:37 . 2010-03-13 00:48 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-13 02:12 . 2010-03-13 00:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-13 00:48 . 2010-03-13 00:48 22328 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\PnkBstrK.sys
2010-03-13 00:48 . 2010-03-13 00:48 22328 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\PnkBstrK.sys
2010-03-13 00:48 . 2009-05-04 03:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 02:53 . 2010-03-08 02:53 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Turbine
2010-03-07 19:11 . 2010-03-07 19:07 -------- d-----w- c:\programdata\PMB Files
2010-02-27 17:57 . 2010-02-27 17:57 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Unity
2010-02-24 15:16 . 2009-10-04 01:15 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 11:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 11:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 23:26 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 23:25 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 23:26 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-11 17:54 . 2009-05-04 03:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 09:26 . 2010-02-24 20:55 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-05 20:43 . 2009-09-05 20:43 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-09-05 20:42 . 2009-09-05 20:42 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-07 2937528]
"StartServiceSDLSDWWR"="c:\users\Billy Cunningham\AppData\Local\SDLSDWWR\StartService.exe" [2010-04-19 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-10 570736]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logicool SetPoint.lnk - c:\program files\Logicool\SetPoint\SetPoint.exe [2009-9-15 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):df,96,33,c6,2b,30,ca,01

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 656752]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-21 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Billy Cunningham\AppData\Roaming\Mozilla\Firefox\Profiles\ij8nzvq8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Billy Cunningham\AppData\Roaming\Mozilla\Firefox\Profiles\ij8nzvq8.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CyberDefender Registry Cleaner - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 21:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys >>UNKNOWN [0x88D858C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x89f15d24
\Driver\ACPI -> acpi.sys @ 0x8069ad68
\Driver\atapi -> ataport.SYS @ 0x828f49f4
\Driver\iaStor -> iaStor.sys @ 0x82858352
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-19 21:10:57
ComboFix-quarantined-files.txt 2010-04-20 02:10

Pre-Run: 225,030,328,320 bytes free
Post-Run: 225,316,483,072 bytes free

- - End Of File - - 8F7915E4DF8A7DA1A5105A1659580120


Help me? Or have I fixed by running combofix
Back to Top
 
New Topic Post reply to : HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS! Printable version of : HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!
 
Forum Information
Currently it is Sunday, November 23, 2014 1:52 PM (GMT +2)
There are a total of 60,769 posts in 13,349 threads.
In the last 3 days there were 0 new threads and 3 reply posts. View Active Threads
Who's Online
This forum has 36820 registered members. Please welcome our newest member, clairebutler.
5 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Will the problems never end? (4)11/21/2014 8:06:59 AM (Deb1957)
Bgscan parameters (4)11/20/2014 7:17:53 PM (janis)