[Essexboy]

Could you post the MBAM log on completion please along with an update

[Advertisements]

If I try to run combofix it says there are remnants of AVG left. I uninstalled AVG and then ran the AVG removal tool but Combofix says its still there. How can I get rid of all of it?

[jvonhorn]

If I try to run combofix it says there are remnants of AVG left. I uninstalled AVG and then ran the AVG removal tool but Combofix says its still there. How can I get rid of all of it?

[jvonhorn]

I will post the MBAM log

[jvonhorn]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6775

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/5/2011 12:32:54 PM
mbam-log-2011-06-05 (12-32-54).txt

Scan type: Quick scan
Objects scanned: 162348
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiMjvSkpKyOa (Rogue.Agent.SA) -> Value: yiMjvSkpKyOa -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\cmdlperf.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\d3d9capsn.dll (Trojan.CryptVI) -> Quarantined and deleted successfully.

[Essexboy]

Why did you try to run combofix ?

What problems do you have at the moment ?

[jvonhorn]

I had tried earlier to run it...wouldn't run...said AVG waS installed...can you help?

[jvonhorn]

I am getting some delayed typing and redirects from the browser..MBAM has nothing

[Essexboy]

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.