[TraceeMack]

Hi,
I'm having a big issue with my CPU. Yesterday I clicked on a site and got a ton of virus. I got a little dialog box from my expired XP antivirse telling me i had 27 infections. I ran AVG on the CPU and left it alone...last time I checked on it, it was still scanning and found a lot of the virus.. my mother then restarted the computer ,without me knowing at the time and now AVG will not run. Every time I click on it a box comes up and ask me which program I would like to open it up with to run. Running it normally now I don't get any of the dialog boxes warning that my CPU is infected like yesterday,but when I run it in safe mode those dialog boxes are showing up warning me that something is running in the back ground and my info is at risk.

[Essexboy]

Hi lets try this shall we - two programmes to download

First : Download the attached zip file to your desktop and extract the file
You will then have Logon.exe on your desktop

Second : download RKill.com to your desktop


With both files on your desktop double click Logon.exe a dialogue will open asking which programme to run, browse to and select Rkill.com
You will get a confirmation dialogue coming up Ok it
Your computer should then logoff, if not, do so your self
Then relogon and Rkill should run before anything else

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

FINALLY

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[TraceeMack]

Ok i did the first and 2nd step, but when after Downloading the Malwarebytes' Anti-Malware a box still comes up asking me what program I want to use to open it.

Here is the log file from running rkill:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as everybody else on 03/03/2010 at 9:17:55.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Desktop\rkill.com


Rkill completed on 03/03/2010 at 9:18:07.

[Essexboy]

Could you rename MBAM to Firefox and then run

[TraceeMack]

I tried and the same prompt came up. When I run the Firefox browser, I have to choose Firefox from the list of programs and that's how i get the browser to come up. When I renamed MBAM to firefox it still asked me to select the program to run it.

[Essexboy]

OK lets try this - Run the logon.exe that you previously downloaded
Once open navigate to Program files\malwarebytes\Firefox (or MBAM if you named it back)
Then do the same as before

What programme do you select to open firefox ?

[TraceeMack]

MBAM isnt under my program files yet since I cant run installation. I tried to run the logon.exe and select the MBAM.exe when it ask what program I'd like to use but I cant ok it.


I select Firefox to open Firefox.

[Essexboy]

OK when you try to instal MBAM and it asks for the programme to use select firefox to see if that works

If not we will need to work outside of windows

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
  
• Double-click on the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system.
  
• Right click the file and select send to : select the USB drive.
  
• Confirm that it has copied to the USB drive by selecting it
  
• You can backup any files that you wish from this OS
  
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Actually prior to running that - lets try this

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

Quote

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the Windows Registry Editor Version 5.00.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Then try MBAM again

If you are unable to open notepad then download the attached file and rename to fix.reg

[TraceeMack]

The things in your last post worked and I was able to install... here is the log from mbam

Quote

Malwarebytes' Anti-Malware 1.44
Database version: 3824
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/4/2010 10:32:49 AM
mbam-log-2010-03-04 (10-32-49).txt

Scan type: Quick Scan
Objects scanned: 162249
Time elapsed: 1 hour(s), 18 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 29
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccsoj0eea7 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccsoj0eea7 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twunk_32x.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhccsoj0eea7 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\rhccsoj0eea7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\Application Data\rhccsoj0eea7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\rhccsoj0eea7\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhccsoj0eea7\rhccsoj0eea7.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\everybody else\update.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shamez\update.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Windows_update.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTfoguruwwdy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

[Essexboy]

Ok I will now move that to the top of my try first list

That killed a lot of it - so time now to kill the rest

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
  
• Double-click on OTS.exe to start the program.
  
• Check the box that says Scan All Users
  
• Under Additional Scans check the following:
  • Reg - Shell Spawning
    
    
  • File - Lop Check
    
    
  • File - Purity Scan
    
    
  • Evnt - EvtViewer (last 10)
  
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
  
• Under the reply panel is the Attachments Panel
  
• Browse for the attachment file you want to upload, then click the green Upload button
  
• Once it has uploaded, click the Manage Current Attachments drop down box
  
• Click on to insert the attachment into your post

[TraceeMack]

here is the OTS as requested

 OTS.Txt (189.22K)
Number of downloads: 80

[Essexboy]

There are remnants of Norton and AVG antivirus on your system which will be slowing it down - so I will remove those as well. What problems do you have now ?

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe
YY -> avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe
YY -> avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe
YY -> avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe
YY -> avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe
YY -> avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe
YY -> ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
YY -> aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[Win32 Services - Safe List]
YY -> (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe
YY -> (LiveUpdate Notice) LiveUpdate Notice [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
YY -> (CLTNetCnService) Symantec Lic NetConnect service [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
YY -> (Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
YY -> (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[Driver Services - Safe List]
YY -> (AvgTdiX) AVG Free Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys
YY -> (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys
YY -> (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys
YY -> (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
YY -> (SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SymIM.sys
YY -> (SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SymIM.sys
YY -> (SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS
YY -> (SYMFW) SYMFW [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMFW.SYS
YY -> (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMIDS.SYS
YY -> (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
YY -> (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
YY -> (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMDNS.SYS
YY -> (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090606.039\NAVEX15.SYS
YY -> (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090606.039\NAVENG.SYS
YY -> (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090528.001\SymIDSCo.sys
YY -> (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS
YY -> (SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
YY -> (COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys
YY -> (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys
YY -> (SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys
YY -> (SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys
YY -> (symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1608217916-889915427-2107848346-1007\] > -> 
YY -> HKEY_USERS\S-1-5-21-1608217916-889915427-2107848346-1007\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG9\Firefox [C:\PROGRAM FILES\AVG\AVG9\FIREFOX]
YY -> HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search]
YN -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1608217916-889915427-2107848346-1007\] > -> HKEY_USERS\S-1-5-21-1608217916-889915427-2107848346-1007\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe]
YY -> "ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"]
[Files/Folders - Modified Within 30 Days]
NY ->  91 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  5 C:\Documents and Settings\everybody else\Desktop\*.tmp files -> C:\Documents and Settings\everybody else\Desktop\*.tmp
NY ->  367 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  3 C:\Documents and Settings\everybody else\My Documents\*.tmp files -> C:\Documents and Settings\everybody else\My Documents\*.tmp
NY ->  262 C:\Documents and Settings\everybody else\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\everybody else\Local Settings\Temp\*.tmp
NY ->  2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp
[Files - No Company Name]
NY ->  fix.reg -> C:\Documents and Settings\everybody else\Desktop\fix.reg
NY ->  Logon.exe -> C:\Documents and Settings\everybody else\Desktop\Logon.exe
NY ->  rkill.com -> C:\Documents and Settings\everybody else\Desktop\rkill.com
NY ->  Logon.zip -> C:\Documents and Settings\everybody else\Desktop\Logon.zip
[File - Lop Check]
NY ->  AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
NY ->  avg9 -> C:\Documents and Settings\All Users\Application Data\avg9
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[TraceeMack]

I have a new problem with my cpu now lol
I ran the fix left my cpu on..someone used my cpu said it ask to restart and now Im unable to connect to the internet on that cpu. I know its not the modem or anything because im able to connect my other cpu to the internet

[Essexboy]

What error do you get when you try to connect ?

Two things to do

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

THEN

Lets check some settings on your system:

• Enter your Control Panel and double-click on Network Connections
  
• Then right click on your Default Connection
  
  • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  
  
• Left click on Properties
  
• Double-Click on the Internet Protocol (TCP/IP) item
  
• Select the radio dial that says Obtain DNS Servers Automatically
  
• Press OK twice to get out of the properties screen
  
• Restart the computer

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

ipconfig /flushdns (The space between g and / is needed)
regsvr32 netshell.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll
Exit

Restart the computer.