Installation issue!

[choclabnut]

Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 3

4/10/2009 10:06:09 AM
mbam-log-2009-04-10 (10-06-09).txt

Scan type: Quick Scan
Objects scanned: 82462
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrkbsld (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85771e79-3a31-484e-be2d-c268ef3924d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85771e79-3a31-484e-be2d-c268ef3924d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bb112471-9094-471b-92b0-931a40c42b98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grandpack (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Rhonda\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\rqRKBSLD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqsgfj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uarsnsfs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfsnsrau.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rhonda\Local Settings\Temp\gettpa226.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rhonda\Local Settings\Temp\ismbar2.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marty\Local Settings\Temporary Internet Files\Content.IE5\AQ30LSFH\qw[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rhonda\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rhonda\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rhonda\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\qdrloader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.


 This is the result of the last scan that produced any results...

[CraigB]

From within the MBAM GUI you should be able to update to the latest 1.50, database version 5248. All your previous scan's are to far out of date.

[SafeSurf]

Somehow you went back to a previous version of MBAM.  To upgrade to the current version of 1.50:

Open the MBAM GUI > go to the third tab labeled "Update" and click on it > in that window on the bottom left will be a box "Check for Updates" or below that will be link in blue to "Click here to download the latest version"...let MBAM update itself and it may require a reboot.

After rebooting, open MBAM up, and go to the Update tab again while online, and Update.  Always update PRIOR to running a scan.

Now run an MBAM Full scan.  Report your log again.  Thank you.

[choclabnut]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5275

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2010 9:04:52 PM
mbam-log-2010-12-08 (21-04-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 245179
Time elapsed: 48 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Nothing was found in my system and the software won't start/load

[choclabnut]

After multiple attempts to install this program I'm trowing in the towel :'(
I've patiently followed all the suggestions and removed everything that was on this PC with out success. Thank you for your help!

[SafeSurf]

Are you having problems installing other software or just this one?  Are you being redirected to other websites?  The reason I am asking is because these could be signs of malware.  On the other hand, if you are being redirected to other websites, this would definitely be malware and you could try installing free SAS http://www.superantispyware.com/download.html instead of MBAM. 

I am willing to continue helping you, however if you prefer to put a technical ticket in instead, you can contact Avast http://www.avast.com/contact-form.php?loadStyles mentioning this thread, and in the meantime I or other Evang. will continue to support you.  Please let me know if you put in a technical ticket.  Thank you.

[choclabnut]

I had both of these programs on my PC and updated and ran each of them several times. The last couple of times that I did run them there was nothing detected.
I actually went and downloaded AVG last night. I received the same error message as I mentioned in the beginning of this posting when I tried to start the program!
I am not being redirected to any other websites during this process. It is actually downloading the program without any problems, it just won't start!

[SafeSurf]

I actually went and downloaded AVG last night. I received the same error message as I mentioned in the beginning of this posting when I tried to start the program!

Do you now have Avast and AVG on your machine?  Or did you uninstall Avast to put AVG on your machine?  I ask because you can't have 2 resident AV's on your machine at the same time as this will cause conflicts.

After you reply to the above question, I am going to have you run a diagnostic tool to see what is going on as I think you have some deeper problem in your machine.  Thank you.

[choclabnut]

If the un-installation process worked I have neither!

[SafeSurf]

A. First make sure you uninstalled AVG.  Run the AVG uninstaller tool:  http://www.avg.com/us-en/download-tools then reboot your machine.

B. Please turn on (or download - by MS) Windows Defender in your machine so you have some kind of protection, and update the definitions.  Normally I don't waste time with WD with XP's but I can't leave you without AV protection on your machine.  You can disable or uninstall it once we get Avast running.

C. Check to see if you have the Microsoft Visual C++ 2008 Redistributable Package installed on your machine - look in Add/Remove Programs to see if you have Microsoft Visual C++ 2008 Redistributable Package listed.  If not, download the file (see below for links) and reboot your machine.
- Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=766a6af7-ec73-40ff-b072-9112bab119c2
- Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update
http://www.microsoft.com/downloads/en/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c&displaylang=en
 
D. Next run the Winsockfix Utility:
- Windows XP – http://majorgeeks.com/WinSock_XP_Fix_d4372.html then reboot.

E. Since you had both AV's on your machine at the same time, I'm going to need you to uninstall Avast and do a clean install.  Which product of Avast are you trying to install (Free, Pro, AIS)?

1. Save a copy of newest version of Avast (5.0.677) for the product you need and save it to your HDD:
Free – http://files.avast.com/iavs5x/setup_av_free_eng.exe - (English only)
Free – http://files.avast.com/iavs5x/setup_av_free.exe - (multi-language version)
Pro –  http://www.avast.com/pro-antivirus#tab4
AIS –  http://files.avast.com/iavs5x/setup_ais.exe
2. Download the Avast Uninstall Utility, aswClear5.exe http://www.avast.com/uninstall-utility and save it to your HDD (it has uninstall tools for both 4.0 and 5.0).
3. Disconnect from the Internet at this time.
4. Go to Control Panel and uninstall Avast through Add/Remove Programs if possible and reboot.
5. If Step 4 fails, boot into Safe Mode (hit F8 repeatedly) and run the Avast Uninstall Tool.  Uninstall ALL previous products of Avast you had on this machine at this time.
6. Reboot.
7. Install the newest version of Avast and reboot.
8. Get Internet access and register your copy or add the license key for Free, Pro, or AIS.
9. Update the Avast definitions.

E. Next, update MBAM, and run a Quick scan.  If anything  comes back positive, please post your log (cut and paste) making sure you quarantine any infections.

Let me know if this works and if you have any questions.  Thank you.

[choclabnut]

Avast has been Installed!
Thank you "SafeSurf" for your persistence and patience.
I spent a couple hours going threw all the steps and "system restarts" and the program works!
I did a boot scan after everything was finished and Avast detected some corrupt files. When you do a boot scan are these files automatically fixed/deleted?
I'm once again Safe!

[SafeSurf]

I did a boot scan after everything was finished and Avast detected some corrupt files. When you do a boot scan are these files automatically fixed/deleted?

You are very welcome.  I knew my name would come in handy some day. 

Can you tell me when you did the boot scan, did you put the infected files into the Virus Chest (I hope)? 

I also need to know the names of the infected files.  If they are in the Chest, can you give me a screen shot?  If not, please type in the exact names and files.

Did you final MBAM scan come out clean (always update prior to scanning)?  Can you post or attach your log? 

Thank you for your patience as well. 

[choclabnut]

I didn't do anything with the infected files! I wasn't watching the PC when it was going threw the scanning process but I did notice that there were several files listed as corrupt/infected. Once the boot scan was finished it went on to open Windows without asking me what I wanted to do with the files...That was a little bit concerning!
This is why I asked the question concerning the files detected and where they go! I did go into the Avast program and look to see if there was anything quarantined...I'll have to do a little more investigating tonight.

[choclabnut]

I did a boot scan after everything was finished and Avast detected some corrupt files. When you do a boot scan are these files automatically fixed/deleted?

You are very welcome.  I knew my name would come in handy some day. 

Can you tell me when you did the boot scan, did you put the infected files into the Virus Chest (I hope)? 

I also need to know the names of the infected files.  If they are in the Chest, can you give me a screen shot?  If not, please type in the exact names and files.

Did you final MBAM scan come out clean (always update prior to scanning)?  Can you post or attach your log? 

Thank you for your patience as well. 

I went in and looked in the virus chest and it was empty!
So I went ahead and ran the boot scan again to see what the files were and if they were infected.
It came back with the same files as last night. The files were corrupted not infected. So what I did was an uninstall of the old software with the uninstaller program listed previously in this post, Finished cleaning everything else up booted the system. Then I ran MBAM after updating it. It came back Clean!
Thanks Again!

[SafeSurf]

It came back with the same files as last night. The files were corrupted not infected. So what I did was an uninstall of the old software with the uninstaller program listed previously in this post, Finished cleaning everything else up booted the system. Then I ran MBAM after updating it. It came back Clean!

When you say the "files," are these system or other files or Avast files?

After running a scan with Avast, you can click on the GUI > Scan Computer > Scan Logs > click on the individual scan you are interested in seeing the results > "View Results" button on the bottom right of the page.  But it sounds like everything is working fine now.  Glad to hear this.  

What do you use for a system cleaner?  Many of us use CCleaner, a free system optimization, privacy and cleaning tool.  There is a Slim version available as well at http://www.piriform.com/ccleaner/builds – 4th option down, which is light on your system.  It removes unused files (cache, temporary Internet files, etc.) from your system, allowing Windows to run faster and freeing up valuable hard disk space.  It also cleans traces of your online activities such as your Internet history.  Additionally it contains a fully featured registry cleaner (you can make a back up in My Documents if needed). 

I would also run a defrag to help speed up your machine periodically as well.  Puran Defrag (free) is also light on your system and has a regular and boot defrag http://www.puransoftware.com/.

To help make sure your software is kept up to date, you can also scan your machine with free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software changes so quickly these days.  Many of us scan weekly for maximum security.

These are just a few suggestions to help you in the future. 

When you feel that your issue is resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.  In the meantime, ask additional questions as needed. 

Feel free to come back any time you need help, to learn something new, or just to ask questions.  We are here 24/7 for your convenience.  Thank you for allowing me to assist you.