Trojans & Antivirus ????

suethedriver

My laptop ( vista) has AVG & Malware antivirus.
Four days ago i got infected with trojans.!!
I ran AVG full scan & nothing showed up.
I then ran full malwares scan & it found 3 trojans which i then got rid of.
All was well for a few days but then today when i turned on my laptop AVG told me i had 3 trojans ( not sure if same names )
I then ran a malware full scan which showed nothing ???? so i closed it.
I then tried to repair etc with avg but it wouldnt let me do anything just said " action interupted by user " and the only other option was to ignore & carry on ... So i turned it off !!
Are my two antivirus programs fighting each other or can anyone give me some help ( in idiot language) of what is happening & what i can do,.
Thanks.

macman

Are you talking about AntiMalwareBytes? This is a anti-spyware program, AVG is antivirus. They're not incompatible, but AVG Free edn is considered by many on this board to have poor detection rates. Suggest you uninstall AVG and use Avira (also free).
You can't run 2 antivirus at once, but MBAM is OK because it only runs when you ask it to-it doesn't run in the background.

suethedriver

They are both free ones. I dont know where to find out where thay have gone on pc but will dare to start it up & have a look.

suethedriver

Yes i understand now it is anti spyware & antivirus.
I have avira + antimalware on my main pc so will try & do it on laptop.
But surely i will have to go on internet to download avira & will opening something not be dangerous ?? as laptop still showing same message.

aliEnRIK

Did you UPDATE and run a FULL scan with malwarebytes? If not then please do so and post the ENTIRE log for us to see (even if it comes back clean)

Then ~


reboot

Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)

suethedriver

This is the logfile from four days ago.....
Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 6.0.6000
17/04/2009 20:43:19
mbam-log-2009-04-17 (20-43-19).txt
Scan type: Quick Scan
Objects scanned: 48462
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

---

This is log file today

---

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 6.0.6000
17/04/2009 20:43:19
mbam-log-2009-04-17 (20-43-19).txt
Scan type: Quick Scan
Objects scanned: 48462
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 6.0.6000
17/04/2009 20:43:19
mbam-log-2009-04-17 (20-43-19).txt
Scan type: Quick Scan
Objects scanned: 48462
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

---

This is hijack log NOW

---

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 6.0.6000
17/04/2009 20:43:19
mbam-log-2009-04-17 (20-43-19).txt
Scan type: Quick Scan
Objects scanned: 48462
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

I have now downloaded avira & am just about to uninstall avg...
Avira log

---

just done

Avira AntiVir Personal
Report file date: 21 April 2009 18:33
Scanning for 1284893 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : Sue
Computer name : SUE-PC
Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 11/03/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 11:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 06:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 05/03/2009 13:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 26/02/2009 19:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 12/02/2009 10:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 12:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 25/02/2009 14:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 04/03/2009 12:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 13:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 06:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 14:55:12
Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Start of the scan: 21 April 2009 18:33
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en[1].exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil9b.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'eNMTray.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'MediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'CardDetector.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
92 processes with 92 modules were scanned
Starting master boot sector scan:
Start scanning boot sectors:
Starting to scan executable files (registry).
C:\Program Files\PAV\pav.exe
[WARNING] The file could not be opened!
The registry was scanned ( '54' files ).

End of the scan: 21 April 2009 18:34
Used time: 00:24 Minute(s)
The scan has been done completely.
0 Scanned directories
509 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
508 Files not concerned
3 Archives were scanned
1 Warnings
0 Notes

I am now thinking that i have caused this problem as when i first got the flashing message that i had infections etc a box came up to download " personal antivirus update" which i stupidly did thinking it was to do with current installations ( icon which is now on desktop)
I am now thinking that this IS the infected item !!!!! as i cant seem to delete it or anything.... oh dear !!!!
I see pav.exe is showing on the last log......

macman

Yes, 'personal antivirus update' is almost certainly the cause of your problem.

suethedriver

is there anything i can do ???

gaming_guy

DO NOT DO THIS UNTIL THE COMPUTER IS CLEAN

you may want to install vista SP1 via windows update

aliEnRIK

Database version: 1659
Windows 6.0.6000
17/04/2009 20:43:19
mbam-log-2009-04-17 (20-43-19).txt
Scan type: Quick Scan

Please open Malwarebytes and UPDATE (Database version over 2020 I think) and FULL scan (Not QUICK as youve done)

thomas01155

That's one old version of Malwarebytes is it from last year? It updates a few times a day normally