Antivirus Pro

View previous topic View next topic Go down

Antivirus Pro

Post by desperateforgod on 24th November 2009, 4:25 am

I've tried to download the latest updates from Malwarebytes but I keep getting a window saying and error occured. Any thoughts? Oh, I can't open up a browser either. So, I'm downloading to a flashdrive from another computer and trying to run the files off the flashdrive but I'm not having too much luck. Help????

desperateforgod
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-24
OS OS : xp
Points Points : 25803
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Dr Jay on 24th November 2009, 4:29 am

Please transfer this download from a clean computer on to the infected one, and then run it as instructed.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus Pro

Post by desperateforgod on 24th November 2009, 5:05 am

ComboFix is in the middle of running and the "PEV.exe has encountered a problem and needs to close." message appears. I'm not selecting anything until I feel I must. Any thoughts?

desperateforgod
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-24
OS OS : xp
Points Points : 25803
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Dr Jay on 24th November 2009, 5:07 am

Try to run it in Safe Mode.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus Pro

Post by desperateforgod on 24th November 2009, 5:10 am

I was already in Safe Mode when the error message came up. Will I have to run the whole process over again?

desperateforgod
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-24
OS OS : xp
Points Points : 25803
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Dr Jay on 24th November 2009, 5:10 am

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus Pro

Post by desperateforgod on 24th November 2009, 5:21 am

Without doing anything the message disappeared and the blue window titled, "Find3M" says that it's almost done and to wait for the report log to pop up.....Here it is....

ComboFix 09-11-23.02 - Steve 11/23/2009 23:55.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.887 [GMT -5:00]
Running from: E:\commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steve\Local Settings\Application Data\ejldpe
c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
c:\documents and settings\Steve\Local Settings\Application Data\gxryes
c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3073028524-1786658244-3844812114-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\bcmwl5.inf
c:\windows\system32\tmp.reg

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 05:02 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 00:18 . 2009-11-24 00:18 -------- d--h--w- c:\windows\PIF
2009-11-18 17:29 . 2009-11-18 17:29 -------- d-----w- c:\documents and settings\Shann\Local Settings\Application Data\Google
2009-11-04 01:06 . 2009-11-04 01:06 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2009-11-02 12:23 . 2009-11-02 12:23 -------- d-----w- c:\documents and settings\Tammy\Local Settings\Application Data\Microsoft
2009-11-02 12:22 . 2009-11-02 12:22 -------- d-sh--w- c:\documents and settings\Shann\IECompatCache
2009-11-02 12:21 . 2009-11-02 12:21 -------- d-sh--w- c:\documents and settings\Shann\PrivacIE
2009-11-02 12:20 . 2009-11-03 02:24 -------- d-----w- c:\documents and settings\Shann\Application Data\ArcSoft
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-sh--w- c:\documents and settings\Shann\IETldCache
2009-11-02 12:14 . 2009-11-02 12:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-02 12:13 . 2009-11-02 12:13 -------- d-sh--w- c:\documents and settings\Landon\PrivacIE
2009-11-02 12:11 . 2009-11-02 12:11 -------- d-sh--w- c:\documents and settings\Landon\IETldCache
2009-11-02 01:54 . 2009-11-02 01:54 -------- d-sh--w- c:\documents and settings\Steve\PrivacIE
2009-11-02 01:50 . 2009-11-02 01:50 -------- d-sh--w- c:\documents and settings\Steve\IETldCache
2009-11-02 01:45 . 2009-11-02 01:45 -------- d-----w- c:\windows\ie8updates
2009-11-02 01:40 . 2009-11-02 01:42 -------- dc-h--w- c:\windows\ie8
2009-11-02 01:37 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-02 01:37 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-02 01:37 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-01 18:08 . 2009-11-01 18:08 -------- d-----w- c:\documents and settings\Landon\Application Data\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 04:17 . 2009-08-08 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 21:12 . 2009-06-05 00:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-18 22:57 . 2009-06-04 23:49 -------- d-----w- c:\program files\McAfee
2009-11-10 23:34 . 2004-08-26 06:09 -------- d-----w- c:\program files\Quicken
2009-11-03 12:46 . 2009-11-02 12:23 -------- d-----w- c:\documents and settings\Tammy\Application Data\ArcSoft
2009-10-27 12:46 . 2004-08-26 05:11 -------- d-----w- c:\program files\Java
2009-10-27 12:44 . 2009-09-30 11:40 152576 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-19 09:46 . 2009-07-30 20:46 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2009-10-11 02:01 . 2009-10-11 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-11 02:01 . 2009-10-11 02:01 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-10 20:35 . 2007-01-24 01:47 -------- d--h--w- c:\documents and settings\Steve\Application Data\Move Networks
2009-10-10 20:12 . 2009-10-10 20:12 -------- d-----w- c:\documents and settings\Steve\Application Data\ArcSoft
2009-10-10 19:45 . 2004-08-26 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 19:43 . 2004-12-25 07:28 -------- d-----w- c:\program files\Common Files\Real
2009-10-10 19:42 . 2005-11-26 23:08 -------- d-----w- c:\program files\QuickTime
2009-10-10 19:12 . 2005-08-21 03:35 -------- d-----w- c:\program files\OfficeUpdate11
2009-10-10 19:11 . 2006-04-12 12:59 -------- d-----w- c:\program files\Microsoft Money
2009-10-10 19:11 . 2004-08-26 05:29 -------- d-----w- c:\program files\HPQ
2009-10-10 19:11 . 2004-08-26 06:16 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-10 19:07 . 2006-10-06 01:19 -------- d-----w- c:\program files\DivX
2009-10-10 18:52 . 2005-01-27 18:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-10 13:56 . 2009-10-10 13:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-10 13:56 . 2009-10-10 13:56 -------- d-----w- c:\program files\ArcSoft
2009-10-10 13:54 . 2009-10-10 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FNET
2009-10-10 13:54 . 2009-10-10 13:54 7040 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2009-10-10 13:54 . 2009-10-10 13:54 17792 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS
2009-10-10 13:54 . 2009-10-10 13:54 -------- d-----w- c:\program files\TurboHddUsb
2009-10-10 13:51 . 2009-10-10 13:51 -------- d-----w- c:\documents and settings\Steve\Application Data\Sony Corporation
2009-10-06 01:47 . 2004-08-26 06:10 -------- d-----w- c:\program files\Sonic
2009-10-06 01:27 . 2009-10-06 01:27 -------- d-----w- c:\program files\Sony
2009-10-06 01:26 . 2009-10-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-09-29 09:35 . 2009-09-29 09:35 64000 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-29 09:35 . 2009-09-29 09:35 52288 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-29 09:35 . 2009-09-29 09:35 50688 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-29 09:35 . 2009-09-29 09:35 114688 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-22 03:23 . 2009-09-22 03:23 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-16 14:22 . 2009-06-04 23:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-06-04 23:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-06-04 23:51 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-03-25 15:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-06-04 23:46 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 23:56 . 2009-09-14 23:55 17204720 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\rp\.exe
2009-09-14 23:55 . 2009-09-14 23:55 8406648 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-14 23:55 . 2009-09-14 23:55 10309448 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-08-08 22:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-08 22:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2002-07-26 22:02 . 2008-12-14 23:29 153088 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2006-02-16 1346560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-07 4730880]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-10-10 3327488]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-01-30 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-07 323584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2004-1-29 57344]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-10-10 278528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [10/10/2009 8:54 AM 7040]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 1:50 PM 188416]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/10/2005 10:55 AM 62976]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/4/2009 6:53 PM 203280]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Steve\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Steve\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [10/10/2009 8:54 AM 17792]
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-04 16:22]

2009-06-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-04 16:22]

2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{1DCDF151-777F-417D-B7A8-4329496A3143}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\7vrkbd4x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Steve\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-atggwjqp - c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
HKCU-Run-xuburghx - c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
HKLM-Run-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
HKLM-Run-atggwjqp - c:\documents and settings\Steve\Local Settings\Application Data\ejldpe\ojaisysguard.exe
HKLM-Run-xuburghx - c:\documents and settings\Steve\Local Settings\Application Data\gxryes\oqcwsysguard.exe
AddRemove-Broadcom 802.11b Network Adapter - c:\windows\system32\BCMWLU00.exe verbose
AddRemove-Hollywood FX for Studio - c:\windows\unvise32.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-NVIDIA nForce Drivers - c:\windows\system32\nvuninst.exe Uninstall
AddRemove-Pixie 2 - c:\windows\unvise32.exe
AddRemove-proDAD-Heroglyph-2.5 - c:\program files\proDAD\Heroglyph-2.5\uninstall.exe uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-24 00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?1?3?5??p???? ???B???????????????B? ??????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-11-24 00:14
ComboFix-quarantined-files.txt 2009-11-24 05:13

Pre-Run: 31,810,183,168 bytes free
Post-Run: 33,790,844,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2DCAFB53E78442D7323FDE724CB627BF

desperateforgod
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-24
OS OS : xp
Points Points : 25803
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Pro

Post by Dr Jay on 24th November 2009, 5:24 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus Pro

Post by desperateforgod on 24th November 2009, 5:36 am

I'm sorry but it's time for bed. It appears as if everything works correctly now. Thanks so much!

desperateforgod
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-24
OS OS : xp
Points Points : 25803
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum