Virus won't let me open or run any anti-virus

Thread Status:
Not open for further replies.
  1. luna

    luna New Member Bronze Member

    Joined:
    Feb 19, 2009
    Posts:
    17
    Likes Received:
    0
    Local time:
    13:59
    My System
    Loading...

    Hello, I'm not sure if this is the right place to post this, but here's my problem. I have Windows XP and had a Kaspersky trial, which expired about 2 days ago. Yesterday, something popped up on my screen where it looks like the generic install windows when you install a program. It automatically went "Next" and "Ok" and installed something by itself in about 3 seconds. I caught the name and it was called: BlueRaTech. I Googled this and only found one page that mentioned it was a virus or spyware. It's in my programs folder but only has an Uninstall option. I didn't want to click it just yet in case it might activate something. I installed other virus programs to scan, but it wouldn't load. I tried another antivirus program, but it would not start either. If I go to any anti-virus or spyware website, it blocks it. It gives always says there's a Network Interruption. But any other website is fine and I can visit, but it's just extremely slow.

    I then went in Safe Mode to uninstall it with the Add/Remove. I went in Safe Mode with Networking, but when I tried to go online, I was unable to. And when I tried to run the antivirus, I was still unable to under Safe Mode. I just had my computer fixed (for a hardware problem) 3 weeks ago, so I did not have a save point for a system restore, but I do have a lot of files and programs that I don't want to get rid of. When I restarted in normal mode, and checked my programs, it was still there. I went ahead and did the Uninstall from the submenu and it said it was removed (but I highly doubt that). My computer still is unable to scan and unable to go directly to any anti-virus/spyware websites.

    How can I clean this off my system? Thanks a lot!
  2. DCiAdmin

    DCiAdmin Well-Known Member

    Joined:
    Sep 30, 2008
    Posts:
    1,907
    Likes Received:
    274
    Local time:
    15:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Welcome Luna! We'll help you sort this out. Please use a thumb or flash drive if available to you and download these programs from another computer onto the flash. You may need to copy & rename both the installation & run executables if you've got an aggresive malware. Please do leave the original intact as the program may require to continue clean-up after a reboot.

    Run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.34
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.
    If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    =====================================================================================
    =====================================================================================

    Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.forospyware.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
    Double-click on ComboFix.exe & follow the prompts.
    If it will not run rename Combofix to xxx.exe and run that.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  3. luna

    luna New Member Bronze Member

    Joined:
    Feb 19, 2009
    Posts:
    17
    Likes Received:
    0
    Local time:
    13:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    I tried to run Malwarebytes, but it always closes once it opens. I want to run it in safe mode, but I was thinking it might not catch everything since Safe Mode doesn't run everything. Should I anyway? I didn't run ComboFix yet because I wasn't sure if I should run Malwarebytes first.

    Here's my hijackthis file as of now. It's in multiple parts since the reply won't let me post the whole thing at once:

    Part 1:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:37:03 PM, on 2/23/2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Nexon\Mabinogi\npkcmsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\Owner\Application Data\svchost.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\ThreatFire\TFTray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\Owner\Application Data\svchost.exe

    C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  4. luna

    luna New Member Bronze Member

    Joined:
    Feb 19, 2009
    Posts:
    17
    Likes Received:
    0
    Local time:
    13:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Part 2:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Official Site: Notebooks, Laptops, Desktops, All-in-Ones, Displays, Monitors, Accessories

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Firefox web browser | Faster, more secure, & customizable

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"

    O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e

    O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

    O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe

    O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe

    O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe

    O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe

    O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe

    O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe

    O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe

    O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe

    O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe

    O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe

    O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe

    O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe

    O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe

    O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe

    O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe

    O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe

    O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe

    O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe

    O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe

    O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe

    O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe

    O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe

    O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe

    O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe

    O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe

    O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe

    O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe

    O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe

    O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe

    O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe

    O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe

    O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe

    O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe

    O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe

    O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe

    O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe

    O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe

    O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe

    O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe

    O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe

    O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe

    O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe

    O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe

    O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe

    O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe

    O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe

    O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe

    O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe

    O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe

    O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe

    O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe

    O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe

    O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe

    O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe

    O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe

    O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe

    O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe

    O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe

    O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe

    O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe

    O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe

    O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257

    O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe

    O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe

    O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe

    O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe

    O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe

    O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe

    O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe

    O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe

    O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe

    O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe

    O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe

    O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe

    O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe

    O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe

    O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe

    O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe

    O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe

    O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe

    O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe

    O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe

    O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe

    O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe

    O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe

    O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe

    O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe

    O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe

    O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe

    O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe

    O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe

    O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe

    O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe

    O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe

    O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe

    O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe

    O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe

    O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe

    O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe

    O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe

    O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe

    O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe

    O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe

    O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe

    O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe

    O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe

    O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe

    O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe

    O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe

    O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe

    O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe

    O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]
  5. DCiAdmin

    DCiAdmin Well-Known Member

    Joined:
    Sep 30, 2008
    Posts:
    1,907
    Likes Received:
    274
    Local time:
    15:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Luna,

    No need to even post more HJT. YOu definitely have an infection or two or three.

    By all means, DO attempt to run Malwarebytes in Safe Mode - Safe Mode with Networking if you can.
  6. luna

    luna New Member Bronze Member

    Joined:
    Feb 19, 2009
    Posts:
    17
    Likes Received:
    0
    Local time:
    13:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Here is my current hijackthis file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:35:04 PM, on 2/23/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gateway Official Site: Notebooks, Laptops, Desktops, All-in-Ones, Displays, Monitors, Accessories
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Firefox web browser | Faster, more secure, & customizable
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    --
    End of file - 5140 bytes
  7. DCiAdmin

    DCiAdmin Well-Known Member

    Joined:
    Sep 30, 2008
    Posts:
    1,907
    Likes Received:
    274
    Local time:
    15:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Luna,

    That is a huge difference from your 1st HJT. What changed?

    I would still like you to run Malwarebytes, as well as ComboFix. Those logs would be very useful to me....
  8. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    1
    Location:
    New Jersey
    Local time:
    16:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Hello,

    I'm just following up. Do you still require assistance in removing your malware? Or can we put this one to bed?

    If you are still in need of assistance please follow the procedure located at the top of the forum.

    Regards,
    Crush
    PCHF Security Team Leader
  9. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    1
    Location:
    New Jersey
    Local time:
    16:59
    My System
    Loading...

    Re: Virus won't let me open or run any anti-v

    Hello,

    This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance

    Regards,
    Crush
    PCHF Security Team Leader
Similar Threads
Forum Title Date
System Security Virus Won't Let Me Install Antivirus Sep 30, 2012
System Security Help! anti-virus won't install Nov 18, 2011
System Security Infected PC won't run any antivirus program, what to do? Jul 28, 2011
System Security Nagging virus that just won't go away :( May 28, 2011

Thread Status:
Not open for further replies.