Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES  
Forum Quick Jump
 
New Topic Post reply to : Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES Printable version of : Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
[ << Previous Thread | Next Thread >> ]

cgamm
New Member


Date Joined Dec 2008
Total Posts : 5
  		   Posted 12-2-2008 2:26 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
I have tried to remove this(What ever it is) using my AVG antivirus with no luck.It won't let me even visit the AVG web site or any website that has anything to do with Virus removal. I surprised I was able to access this site.Computer is slow. When I try to visit these sites I'm given the message 'Page load error" or re directed to some shopping site. I followed the directions on here "Before posting" to run CCLEANER.EXE,MALEWAREBYTES.EXE etc..
I was able to run CCLEANER.EXE. After that Malewarebytes.exe locks up and is not able to install. I already had HIJACKTHIS installed on my computer so I was able to run this and get the log below.Can you help me.Please..I'm stuck.!!!!!
PLEASE HELP ME.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:04, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.DELLHDD2\Desktop\setupxv.exe
C:\DOCUME~1\OWNER~1.DEL\LOCALS~1\Temp\7zSB5.tmp\MSIStart.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1454471165-413027322-682003330-1005\..\Run: [MySpaceIM] C:\Documents and Settings\Katelyn.DELLHDD2\Application Data\MySpace\IM\bin\MySpaceIM.exe (User 'Katelyn')
O4 - HKUS\S-1-5-21-1454471165-413027322-682003330-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Katelyn')
O4 - HKUS\S-1-5-21-1454471165-413027322-682003330-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Katelyn')
O4 - Startup: Mozilla Firefox (2).lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F763C16-81D9-446D-A2E9-717828355DF0}: NameServer = 74.5.116.242,74.5.116.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F763C16-81D9-446D-A2E9-717828355DF0}: NameServer = 74.5.116.242,74.5.116.246
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7419 bytes
Back to Top
 

taz
New Member


Date Joined Dec 2005
Total Posts : 4
  		   Posted 12-2-2008 6:06 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
I'm experiencing the same problem with my system. I am running Windows XP Professional with XP 2. I am not able to go to any web sites pertaining antivirus and even install any antivirus programs such as spysweeper, hijackthis, and even run updates for nortons, etc. I've even tried to install these programs in safe mode with no success. I am at a loss and need any help.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-2-2008 6:32 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
Hello cgamm  smile
 
 
We´ll try malwarebyte again, this way ->
 
Download malwarebyte
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Save the file as setup.exe

Run the setup.exe file
When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
Go into the Malware folder in through Program Files
Rename the mbam.exe or what not file to mab.exe and run it.
Do a full computer scan
Check all and remove/fix/delete them.

Restart your computer and post the log.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

cgamm
New Member


Date Joined Dec 2008
Total Posts : 5
  		   Posted 12-3-2008 3:08 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
It was tuff to get the Malwarebytes to run, but finally was able to.Below is the log.

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

12/2/2008 8:53:03 PM
mbam-log-2008-12-02 (20-53-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 147366
Time elapsed: 1 hour(s), 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3004F1AA-91D8-40F6-A8CE-F9A1EE98B730}\RP329\A0083289.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3004F1AA-91D8-40F6-A8CE-F9A1EE98B730}\RP329\A0083286.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3004F1AA-91D8-40F6-A8CE-F9A1EE98B730}\RP329\A0083290.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3004F1AA-91D8-40F6-A8CE-F9A1EE98B730}\RP329\A0083293.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3004F1AA-91D8-40F6-A8CE-F9A1EE98B730}\RP329\A0083294.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSarxx.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnvuo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoitt.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSvoqm.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmxjt.sys (Rootkit.Agent) -> Delete on reboot.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-3-2008 9:06 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
Great smile
 
 
Unfortunately indicate the log that you have more infections, therefore please post a combofix log ->
 
 
 
Please download Combofix:
Http://download.bleepingcomputer.com/subs/combofix.exe
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drive/flash drive before running Combofix
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results". 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.  

 When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

cgamm
New Member


Date Joined Dec 2008
Total Posts : 5
  		   Posted 12-4-2008 7:11 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
Below is the Combofix log....

ComboFix 08-12-02.02 - Owner 2008-12-03 23:48:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.307 [GMT -5:00]
Running from: c:\documents and settings\Owner.DELLHDD2\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Angela\Application Data\FunWebProducts
c:\documents and settings\Angela\Application Data\FunWebProducts\Data\Angela\avatar.dat
c:\documents and settings\Angela\Application Data\FunWebProducts\Data\Angela\outfit.dat
c:\documents and settings\Angela\Application Data\FunWebProducts\Data\Angela\register.dat
c:\documents and settings\Angela\Application Data\FunWebProducts\Data\Angela\zbucks.dat
c:\documents and settings\Owner.DELLHDD2\nah_lntv.exe
c:\documents and settings\Owner.DELLHDD2\nah_log.dat
c:\windows\system32\drivers\fad.sys
c:\windows\system32\getwn32.dll
c:\windows\system32\wertyu.dll

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-02 22:26 . 2008-12-02 22:26 <DIR> d-------- c:\documents and settings\Owner.DELLHDD2\Application Data\Yahoo!
2008-12-02 18:56 . 2008-12-02 18:56 <DIR> d-------- c:\documents and settings\Owner.DELLHDD2\Application Data\Malwarebytes
2008-12-02 18:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 17:36 . 2008-12-02 17:36 <DIR> d-------- c:\documents and settings\Katelyn.DELLHDD2\Application Data\AVGTOOLBAR
2008-12-02 17:02 . 2008-12-02 17:02 <DIR> d-------- c:\documents and settings\Angela\Application Data\Yahoo!
2008-12-02 16:57 . 2008-12-02 22:26 <DIR> d-------- c:\program files\Yahoo!
2008-12-01 20:10 . 2008-12-02 18:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 20:10 . 2008-12-01 20:10 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-01 20:10 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 19:55 . 2008-12-01 19:56 <DIR> d-------- c:\documents and settings\Owner.DELLHDD2\Application Data\MalwareRemovalBot
2008-12-01 19:45 . 2008-12-01 19:45 <DIR> d-------- c:\program files\CCleaner
2008-12-01 19:10 . 2008-12-02 01:33 3,358 --a------ c:\windows\system32\tmp.reg
2008-12-01 19:07 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-01 19:07 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-01 19:07 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-12-01 19:07 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-12-01 19:07 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-01 19:07 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-12-01 19:07 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-12-01 19:07 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-12-01 19:07 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-01 19:07 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-30 16:39 . 2008-12-03 15:11 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-30 16:39 . 2008-11-30 16:39 <DIR> d-------- c:\documents and settings\Owner.DELLHDD2\Application Data\AVGTOOLBAR
2008-11-30 16:39 . 2008-11-30 16:39 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-30 16:39 . 2008-11-30 16:39 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-30 16:39 . 2008-11-30 16:39 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-30 15:06 . 2008-11-30 15:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 13:54 . 2008-11-30 13:54 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-30 13:48 . 2008-11-30 13:48 <DIR> d-------- c:\windows\ERUNT
2008-11-30 13:47 . 2008-11-30 15:29 <DIR> d-------- c:\documents and settings\Administrator
2008-11-30 13:33 . 2008-12-02 19:28 <DIR> d-------- C:\SDFix
2008-11-30 12:51 . 2008-11-30 12:51 120,872 --a------ c:\windows\system32\MSForms.TWD
2008-11-26 22:00 . 2008-11-27 14:37 <DIR> d-------- c:\documents and settings\Owner.DELLHDD2\Application Data\Move Networks
2008-11-21 18:01 . 2008-11-21 18:01 <DIR> d-------- c:\program files\Hasbro Interactive
2008-11-12 20:47 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 20:47 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 04:39 --------- d-----w c:\program files\lx_cats
2008-12-04 02:28 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-03 17:16 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-03 03:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 03:29 --------- d-----w c:\program files\Disney Micro
2008-12-03 03:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-03 02:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-02 06:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2008-12-02 06:15 --------- d-----w c:\program files\RegScrubXP
2008-11-30 21:28 --------- d-----w c:\documents and settings\Owner.DELLHDD2\Application Data\Azureus
2008-11-29 23:43 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:40 126,566,432 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-29 05:35 1,474,508 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-29 05:35 1,089,536 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-11-28 10:41 --------- d-----w c:\program files\Azureus
2008-11-26 18:02 --------- d-----w c:\documents and settings\Angela\Application Data\FaxCtr
2008-11-01 22:59 --------- d-----w c:\program files\DB CIF Cam
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:14 8,408,731 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-18 15:34 --------- d-----w c:\program files\Common Files\Remote Control Software Common
2008-10-18 15:33 --------- d-----w c:\program files\Logitech
2008-10-18 15:33 --------- d-----w c:\program files\Common Files\Remote Control USB Driver
2008-10-18 15:32 --------- d-----w c:\documents and settings\Owner.DELLHDD2\Application Data\InstallShield
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-23 23:47 98,304 ----a-w c:\windows\system32\34dialog.dll
2008-09-23 23:47 77,824 ----a-w c:\windows\system32\34dd.dll
2008-09-23 23:47 69,632 ----a-w c:\windows\system32\34TvCtrl.dll
2008-09-23 23:47 36,864 ----a-w c:\windows\system32\34ds.dll
2008-09-23 23:47 290,816 ----a-w c:\windows\system32\34dlg2.dll
2008-09-23 23:47 24,576 ----a-w c:\windows\system32\34pciurd.dll
2008-09-23 23:47 24,576 ----a-w c:\windows\system32\34i2curd.dll
2008-09-23 23:47 135,168 ----a-w c:\windows\system32\34api.dll
2008-09-23 23:47 114,688 ----a-w c:\windows\system32\34com.dll
2008-09-23 23:47 106,571 ----a-w c:\windows\system32\Prop7134.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-05 03:48 206,336 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

c:\documents and settings\Owner.DELLHDD2\Start Menu\Programs\Startup\
Mozilla Firefox (2).lnk - c:\program files\Mozilla Firefox\firefox.exe [2007-11-10 307712]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\Angela\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-30 76040]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2007-11-25 16512]
S3 Cap7134;TV TUNER PCI CARD;c:\windows\system32\DRIVERS\Cap7134.sys [2006-06-08 336128]
S3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [2008-11-01 38656]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-02 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2008-12-02 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []

2008-05-18 c:\windows\Tasks\On-Screen Keyboard.job
- c:\windows\system32\osk.exe [2008-04-13 19:12]

2008-12-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\Update.exe [2008-07-07 09:42]

2008-12-04 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-07 09:42]

2008-05-18 c:\windows\Tasks\System Information.job
- c:\progra~1\COMMON~1\MICROS~1\MSInfo\msinfo32.exe [2003-07-16 15:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner.DELLHDD2\Application Data\Mozilla\Firefox\Profiles\u1r6ax7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 01:03:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\lxcycoms.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\spool\drivers\w32x86\3\lxcytime.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-12-04 1:06:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 06:06:07

Pre-Run: 176,389,582,848 bytes free
Post-Run: 177,403,588,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

252 --- E O F --- 2008-11-13 05:31:56
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-4-2008 8:16 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
 
Please upload and  have this file scanned:
c:\windows\system32\winlogon.exe
Here
 
http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html


Post back the results

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

cgamm
New Member


Date Joined Dec 2008
Total Posts : 5
  		   Posted 12-5-2008 12:49 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
Scan taken on 04 Dec 2008 23:42:16 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-6-2008 8:30 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
Looks clean. How are things running now ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

cgamm
New Member


Date Joined Dec 2008
Total Posts : 5
  		   Posted 12-6-2008 10:27 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
I think that everything is good now. Thank you very much for all your help!!!!!!!!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-7-2008 9:25 (GMT +1)    Quote: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTESAlert an admin about: Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
My pleasure smile
 
 
  • To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
     Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.
 
 
 
Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->
Uninstall ComboFix. Delete its related folders and files.
Reset your clock settings. Hide file extensions.
Hide the system/hidden files. And resets System Restore again.
 
Also, please read this article by Tony Klein: How I got Infected in the First Place

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES Printable version of : Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES
 
Forum Information
Currently it is Friday, January 09, 2009 4:28 AM (GMT +1)
There are a total of 65.964 posts in 16.185 threads.
In the last 3 days there were 23 new threads and 96 reply posts. View Active Threads
Who's Online
This forum has 27796 registered members. Please welcome our newest member, evilfantasy.
37 Guest(s), 1 Registered Member(s) are currently online.  Details
evilfantasy
5 Latest Threads
Getting taken by multiple bad guys (5)09-01-2009 02:07:14 (Derrack)
Denial of Service Attack (6)09-01-2009 02:07:01 (elledelle)
Contacted CiD spyware/virus (2)09-01-2009 02:05:39 (oblomurg)
Vbs malware gen in phone memory card.. please help (1)09-01-2009 01:20:25 (bindujagarla)
Random pop-ups (0)09-01-2009 00:10:41 (yogendra)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard