PDA

View Full Version : VirusRemover2008


Ranshiin
22-10-08, 23:34
Okay, I am quite sick of this thing. It won't go away no matter what programs I use to get rid of it. It isn't detected on AVG 8.0, I've deleted it with AVG Spyware, and I've deleted it with SpyHunter and this thing still keeps coming back for more. Here are screenshots of it in the order it "attacks". I keep closing out the boxes and more pop up. Any help would be greatly appreciated.


http://i46.photobucket.com/albums/f113/TravisWood/Screen1.jpg

http://i46.photobucket.com/albums/f113/TravisWood/Screen2.jpg

http://i46.photobucket.com/albums/f113/TravisWood/Screen3.jpg

http://i46.photobucket.com/albums/f113/TravisWood/Screen4.jpg

http://i46.photobucket.com/albums/f113/TravisWood/Screen5.jpg

http://i46.photobucket.com/albums/f113/TravisWood/screen6.jpg

EscondeR
23-10-08, 05:06
Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report.

For the low start:

1. Press CTRL+ALT+DEL and kill the following processes:

VirusRemover2008_Setup_Free_en[3].exe
VirusRemover2008_Setup_Free_en[2].exe
VirusRemover2008_Setup_Free_en[1].exe
VRM2008.exe
VRM_Free[1].exe
%ProgramFiles%\VirusRemover2008\VRM2008.exe

2. Then look for and delete those files and folders:

VirusRemover2008_Setup_Free_en[3].exe
VirusRemover2008_Setup_Free_en[2].exe
VirusRemover2008_Setup_Free_en[1].exe
VirusRemover2008.lnk
VRM2008.exe
VRM_Free[1].exe
VirusRemover 2008
%UserProfile%\Application Data\MicrosoftInternet Explorer\Quick Launch\VirusRemover2008.lnk
%UserProfile%\Application Data\MozillaFirefox\Profiles\s1jqw0bz.default\cook ies.sqlite
%UserProfile%\Desktop\VirusRemover2008.lnk
%UserProfile%\Desktop\Viruses.bdt
%ALLUSERSPROFILE%\Start Menu\Programs\VirusRemover2008\VirusRemover2008.ln k
%ALLUSERSPROFILE%\Start Menu\Programs\VirusRemover2008
%ProgramFiles%\VirusRemover2008\Viruses.bdt
%ProgramFiles%\VirusRemover2008\VRM2008.exe
%ProgramFiles%\VirusRemover2008

3. Run Regedit and delete the following keys:

All that contain "VirusRemover2008"

HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\Curre ntVersion\Uninstall\VirusRemover2008
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\Curre ntVersion\Run\“VirusRemover2008″
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}
HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008
HKEY_CURRENT_USER\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}
HKEY_CURRENT_USER\Software\VirusRemover2008

spikejones
23-10-08, 11:01
and use a decent web browser where they don't exploit those pop-up loopholes. something like mozilla firefox, opera, or safari.

also turn off the messenger service:
go to start -> run -> type "services.msc" w/o quotes and then press enter


find the service labelled "Messenger", right click it, choose properties.

stop the service and change startup status to "disabled"

click apply and then ok.

Ranshiin
23-10-08, 11:02
I got to get to college in ten minutes so I only had enough time to run the report. I'll get the other steps when I get home in about four hours.




---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"AVG Anti-Spyware guard"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVG Anti-Spyware Guard
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\guard.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour
Publisher:
any network service that explicitly depends on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wltrysvc
Program path & name:
c:\windows\system32\wltrysvc.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVG Anti-Spyware Driver
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\guard.sys"
Enabled: [V]


Program:
"AVG7 Clean Driver"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgAsCln
Program path & name:
"c:\windows\system32\drivers\avgascln.sys"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdiX
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]


Program:
"I8k Fan I/O"
Publisher:
"(Not verified) Christian Diefer"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
fanio
Program path & name:
"c:\windows\system32\drivers\fanio.sys"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Logon Provider"
Publisher:
"(Not verified) Broadcom Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
BCMLogon
Program path & name:
"c:\windows\system32\bcmlogon.dll"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"ATI Desktop Control Panel"
Publisher:
"(Not verified) ATI Technologies Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ATIPTA
Program path & name:
"c:\program files\ati technologies\ati control panel\atiptaxx.exe"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Wireless Network Tray Applet"
Publisher:
"(Not verified) Dell Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Broadcom Wireless Manager UI
Program path & name:
"c:\windows\system32\wltray.exe"
Enabled: [V]


Program:
"DirectCD Application"
Publisher:
"(Not verified) Roxio"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AdaptecDirectCD
Program path & name:
"c:\program files\roxio\easy cd creator 5\directcd\directcd.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
IUpd721
Program path & name:
c:\documents and settings\user\local settings\temp\winvsnet.exe"
Enabled: [V]


Program:
"AVG Anti-Spyware"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
!AVG Anti-Spyware
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe"
Enabled: [V]


Program:
"SpyHunter3"
Publisher:
"(Not verified) Enigma Software Group USA LLC."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpyHunter Security Suite
Program path & name:
"c:\program files\enigma software group\spyhunter\spyhunter3.exe"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Microsoft .NET IE SECURITY REGISTRATION"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll"
Enabled: [V]


Program:
"Screen Locker"
Publisher:
"(Not verified) BaroufaSoft"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Matrix Screen Locker.lnk
Program path & name:
"c:\program files\baroufasoft\matrix screen locker\matrix.exe"
Enabled: [V]


Program:
"Dell Inspiron/Latitude/Precision fan control"
Publisher:
"(Not verified) Christian Diefer"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
i8kfangui
Program path & name:
"c:\program files\i8kfangui\i8kfangui.exe"
Enabled: [V]


Program:
"DNA"
Publisher:
"(Verified) BitTorrent Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
"c:\program files\dna\btdna.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"AVG Anti-Spyware shellexecutehook"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
AVG Anti-Spyware 7.5
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"DirectCD Shell Extention DLL"
Publisher:
"(Not verified) Roxio"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Adaptec DirectCD Shell Extension
Program path & name:
"c:\program files\roxio\easy cd creator 5\directcd\shellex.dll"
Enabled: [V]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"MyInProcServer Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iPhone
Program path & name:
c:\program files\xilisoft\ipod rip\iphoneexplorer.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellLink for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Icon Handler for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]

Sharon_14
23-10-08, 12:02
I had my take with "Anti"Virus 2009, I feel sorry for you!

Ranshiin
23-10-08, 15:04
I tried all of the steps you have listed and I did not find anything.


Edit: Yet, it's back again...and I can't find any of the processes or files with it on again.

http://i46.photobucket.com/albums/f113/TravisWood/Screen-1.jpg

EscondeR
23-10-08, 16:59
1. Download Autoruns (http://technet.microsoft.com/ru-ru/sysinternals/bb963902(en-us).aspx).
2. Reboot your PC in Safe Mode (F8 at boot and select from menu).
3. Run Autoruns.exe, wait till it finishes scanning, then go to Everything tab and kill the following entries (right click and select Delete):


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
IUpd721
Program path & name:
c:\documents and settings\user\local settings\temp\winvsnet.exe"
Enabled: [V] - Virus!


Program:
"SpyHunter3"
Publisher:
"(Not verified) Enigma Software Group USA LLC."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpyHunter Security Suite
Program path & name:
"c:\program files\enigma software group\spyhunter\spyhunter3.exe"
Enabled: [V]


Program:
"Screen Locker"
Publisher:
"(Not verified) BaroufaSoft"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Matrix Screen Locker.lnk
Program path & name:
"c:\program files\baroufasoft\matrix screen locker\matrix.exe"
Enabled: [V]


Program:
"DNA"
Publisher:
"(Verified) BitTorrent Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
"c:\program files\dna\btdna.exe"
Enabled: [V]


Program:
"MyInProcServer Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iPhone
Program path & name:
c:\program files\xilisoft\ipod rip\iphoneexplorer.dll"
Enabled: [V]


4. Then perform the following:

2. Then look for and delete those files and folders:

VirusRemover2008_Setup_Free_en[3].exe
VirusRemover2008_Setup_Free_en[2].exe
VirusRemover2008_Setup_Free_en[1].exe
VirusRemover2008.lnk
VRM2008.exe
VRM_Free[1].exe
VirusRemover 2008
%UserProfile%\Application Data\MicrosoftInternet Explorer\Quick Launch\VirusRemover2008.lnk
%UserProfile%\Application Data\MozillaFirefox\Profiles\s1jqw0bz.default\cook ies.sqlite
%UserProfile%\Desktop\VirusRemover2008.lnk
%UserProfile%\Desktop\Viruses.bdt
%ALLUSERSPROFILE%\Start Menu\Programs\VirusRemover2008\VirusRemover2008.ln k
%ALLUSERSPROFILE%\Start Menu\Programs\VirusRemover2008
%ProgramFiles%\VirusRemover2008\Viruses.bdt
%ProgramFiles%\VirusRemover2008\VRM2008.exe
%ProgramFiles%\VirusRemover2008

3. Run Regedit and delete the following keys:

All that contain "VirusRemover2008"

HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\Curre ntVersion\Uninstall\VirusRemover2008
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\Curre ntVersion\Run\“VirusRemover2008″
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}
HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008
HKEY_CURRENT_USER\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}
HKEY_CURRENT_USER\Software\VirusRemover2008

Ranshiin
24-10-08, 23:17
Well, I did all of that except in step 4, again, none of those files were found. However, it's been over 24 hours since I did it and I haven't gotten the pop up since, so I guess we can assume the problem has been solved. Thanks EscondeR! I really appreciate it.

EscondeR
25-10-08, 12:50
:tmb:

Ranshiin
08-11-08, 16:30
All right, just as I thought, this sucker is back for more except now it's worse. Instead of the pop up in the screen above, it will open one pop-up window then close itself, then multiple pop-up ads will appear. My AVG will also no longer work, won't update,and my security toolbar is gone. Here's the report for you, and those other steps you've listed before,those files still do not exist.


Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"AVG Anti-Spyware guard"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVG Anti-Spyware Guard
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\guard.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour
Publisher:
any network service that explicitly depends on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wltrysvc
Program path & name:
c:\windows\system32\wltrysvc.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVG Anti-Spyware Driver
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\guard.sys"
Enabled: [V]


Program:
"AVG7 Clean Driver"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgAsCln
Program path & name:
"c:\windows\system32\drivers\avgascln.sys"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdiX
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]


Program:
"I8k Fan I/O"
Publisher:
"(Not verified) Christian Diefer"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
fanio
Program path & name:
"c:\windows\system32\drivers\fanio.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
c00E3240
Program path & name:
c:\windows\system32\c00e3240.mat"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
sys32
Program path & name:
File not found: sys32.dll"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Logon Provider"
Publisher:
"(Not verified) Broadcom Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
BCMLogon
Program path & name:
"c:\windows\system32\bcmlogon.dll"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"ATI Desktop Control Panel"
Publisher:
"(Not verified) ATI Technologies Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ATIPTA
Program path & name:
"c:\program files\ati technologies\ati control panel\atiptaxx.exe"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Wireless Network Tray Applet"
Publisher:
"(Not verified) Dell Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Broadcom Wireless Manager UI
Program path & name:
"c:\windows\system32\wltray.exe"
Enabled: [V]


Program:
"DirectCD Application"
Publisher:
"(Not verified) Roxio"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AdaptecDirectCD
Program path & name:
"c:\program files\roxio\easy cd creator 5\directcd\directcd.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"AVG Anti-Spyware"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
!AVG Anti-Spyware
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
prunnet
Program path & name:
c:\windows\system32\prun.exe"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Microsoft .NET IE SECURITY REGISTRATION"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
Lsass Service
Program path & name:
c:\documents and settings\user\application data\microsoft\windows\lsass.exe"
Enabled: [V]


Program:
"Dell Inspiron/Latitude/Precision fan control"
Publisher:
"(Not verified) Christian Diefer"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
i8kfangui
Program path & name:
"c:\program files\i8kfangui\i8kfangui.exe"
Enabled: [V]


Program:
"DNA"
Publisher:
"(Verified) BitTorrent Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
"c:\program files\dna\btdna.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
prunnet
Program path & name:
c:\windows\system32\prun.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
gadcom
Program path & name:
c:\documents and settings\user\application data\gadcom\gadcom.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"AVG Anti-Spyware shellexecutehook"
Publisher:
"(Verified) GRISOFT LTD"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
AVG Anti-Spyware 7.5
Program path & name:
"c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"DirectCD Shell Extention DLL"
Publisher:
"(Not verified) Roxio"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Adaptec DirectCD Shell Extension
Program path & name:
"c:\program files\roxio\easy cd creator 5\directcd\shellex.dll"
Enabled: [V]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellLink for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Icon Handler for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]

EscondeR
08-11-08, 22:00
1. Kill those entries with Autoruns (while in Safe Mode):


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
c00E3240
Program path & name:
c:\windows\system32\c00e3240.mat"
Enabled: [V] - VIRUS


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
sys32
Program path & name:
File not found: sys32.dll"
Enabled: [V] - VIRUS


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
prunnet
Program path & name:
c:\windows\system32\prun.exe"
Enabled: [V] - VIRUS


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
Lsass Service
Program path & name:
c:\documents and settings\user\application data\microsoft\windows\lsass.exe"
Enabled: [V] - VIRUS


Program:
"DNA"
Publisher:
"(Verified) BitTorrent Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BitTorrent DNA
Program path & name:
"c:\program files\dna\btdna.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
prunnet
Program path & name:
c:\windows\system32\prun.exe"
Enabled: [V] - VIRUS


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
gadcom
Program path & name:
c:\documents and settings\user\application data\gadcom\gadcom.exe"
Enabled: [V] - VIRUS


2. It seems the virus was deleted, but then you've managed to get a few more. Seems AVG is incapable in your case. Consider getting Zone Alarm (http://www.zonealarm.com/store/content/home.jsp) firewall and Kaspersky Antivirus (http://www.kaspersky.com).

Ranshiin
09-11-08, 00:36
Okay, I did all of step 1. While I'm waiting to see if anything else happens as well as downloading the 30-day trial of Kapersky, I wanted to ask where all of those viruses came from. Ever since we got rid of the other one, I've only been on TRF, FA, Yahoo, MSN, and my online college courses. I haven't downloaded anything at all. Any ideas on where they may have come from and why AVG isn't working for me? Is there also a free, even if it's a stripped-down version, anti-virus to use? I love Kapersky and have used it in the past on my last laptop, but I do not have the money to pay for the full version.

Edit: New problems, I had to uninstall AVG to install Kaspersky, however it's still detecting it and I can't find any AVG files or folders on my computer. What do I do now? Also, the problems are still persisting. If I try to do anything on the internet, whether it be going to this site or searching on a search engine, it will instantly get replaced by some strange ads and more pop-ups out of nowhere.

Edit again: I had to install the free version of AVG on my computer since Kaspersky still detects my old AVG and I got two viruses that won't go away no matter what I do. I can't find them on my computer, and even though I have AVG delete them after the scan, they are still there.

http://i46.photobucket.com/albums/f113/TravisWood/unridablevirus.jpg

Can these viruses also be messing with Firefox? I just downloaded it and I can't save pictures, upload things, or save web pages.