Help needed Antivirus Sysytem Pro

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Help needed Antivirus Sysytem Pro

Post by invisible016 on 11th December 2009, 6:05 am

I have had a problem with this Anti virus System Pro earlier.But I had used MBAM which I downloaded from here and was able to remove the virus.But now it has again taken over the system and I can not do anything.The MBAM which I had installed earlier simply doesn't work.I have tried uninstalling and again reinstalling but it fails to work this time around.I have tried to use other antivirus softwares like Avira,AVG and sophos but nothing seem to work.I have also tried restore and recovery but they also do not work.I have a windows vista OS.Please help.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 11th December 2009, 2:16 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 11th December 2009, 3:57 pm

Hello.I am using mozilla firefox for browsing and it just shows me the option of save the comboFix.exe file.So I save it and it is stored in downloads.I rename it there as commy.exe and copy this file on the desktop where i run it.It always shows me the problem some files are corrupted please try to reinstall again.I tried to do this.then it showed the same problem second time.So I deleted the file once.After downloading again and following the same procedure the same problem exists.So I tried to delete it again but this time it says permission denied try again.Please tell me what to do now.And one more thing I had AVG 8.5 which I removed once I was attacked by the virus to install Avira and then sophos but now these do not install so I do not know what to do now.Please help.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 11th December 2009, 9:53 pm

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 12th December 2009, 6:37 am

Hello,
I followed the procedure and I was asked to delete and neutralize somethings which I did.However the system had to be restarted for the actions to be completed.So I restarted the system and again clicked on the KAV setup and then clicked on the report which showed me the previous results.I copied all that are present in the report in to a notepad and named it as Kas and stored on the desktop.Now,I am here by sending you the entire report.I am just going to copy and paste the things from notepad to here.Please let me know what to do next.Thank you very much for your support.

Autoscan: completed 23 minutes ago (events: 64, objects: 1352985, time: 03:36:12)
12/11/2009 7:17:11 PM Task started
12/11/2009 7:58:14 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/AppletPanel.class
12/11/2009 7:58:14 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/AppletPanel.class Postponed
12/11/2009 7:58:14 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache10381.tmp/myf/y/PayloadX.class
12/11/2009 7:58:14 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache10381.tmp/myf/y/PayloadX.class Postponed
12/11/2009 7:58:14 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/Main.class
12/11/2009 7:58:14 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/Main.class Postponed
12/11/2009 7:58:14 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache45167.tmp/myf/y/PayloadX.class
12/11/2009 7:58:14 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache45167.tmp/myf/y/PayloadX.class Postponed
12/11/2009 7:58:55 PM Detected: Packed.Win32.TDSS.aa C:\Users\farida\AppData\Local\Temp\wscsvc32.exe
12/11/2009 7:58:55 PM Untreated: Packed.Win32.TDSS.aa C:\Users\farida\AppData\Local\Temp\wscsvc32.exe Postponed
12/11/2009 8:01:56 PM Detected: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424
12/11/2009 8:01:56 PM Untreated: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424 Postponed
12/11/2009 8:01:56 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1d4c45eb-7b57536c/myf/y/PayloadX.class
12/11/2009 8:01:56 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1d4c45eb-7b57536c/myf/y/PayloadX.class Postponed
12/11/2009 8:01:58 PM Detected: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5a9c50f8-7bd31a1e
12/11/2009 8:01:58 PM Untreated: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5a9c50f8-7bd31a1e Postponed
12/11/2009 8:28:18 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/AppletPanel.class
12/11/2009 8:28:18 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/AppletPanel.class Postponed
12/11/2009 8:28:18 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/Main.class
12/11/2009 8:28:18 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/Main.class Postponed
12/11/2009 8:28:18 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache45167.tmp/myf/y/PayloadX.class
12/11/2009 8:28:18 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache45167.tmp/myf/y/PayloadX.class Postponed
12/11/2009 8:28:18 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache10381.tmp/myf/y/PayloadX.class
12/11/2009 8:28:18 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache10381.tmp/myf/y/PayloadX.class Postponed
12/11/2009 8:28:44 PM Detected: Packed.Win32.TDSS.aa C:\Users\farida\Local Settings\Temp\wscsvc32.exe
12/11/2009 8:28:44 PM Untreated: Packed.Win32.TDSS.aa C:\Users\farida\Local Settings\Temp\wscsvc32.exe Postponed
12/11/2009 8:35:15 PM Detected: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe
12/11/2009 8:35:15 PM Untreated: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe Postponed
12/11/2009 8:56:08 PM Detected: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe
12/11/2009 8:56:08 PM Untreated: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe Postponed
12/11/2009 9:00:04 PM Detected: Trojan-PSW.Win32.Papras.pg c:\Windows\essledv.exe
12/11/2009 9:00:04 PM Untreated: Trojan-PSW.Win32.Papras.pg c:\Windows\essledv.exe Postponed
12/11/2009 9:12:21 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache10381.tmp/myf/y/PayloadX.class
12/11/2009 9:12:21 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache10381.tmp/myf/y/PayloadX.class Postponed
12/11/2009 9:12:21 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/AppletPanel.class
12/11/2009 9:12:21 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/AppletPanel.class Postponed
12/11/2009 9:12:21 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/Main.class
12/11/2009 9:12:21 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\AppData\Local\Temp\jar_cache19061.tmp/Main.class Postponed
12/11/2009 9:12:21 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache45167.tmp/myf/y/PayloadX.class
12/11/2009 9:12:21 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\Local\Temp\jar_cache45167.tmp/myf/y/PayloadX.class Postponed
12/11/2009 9:12:32 PM Detected: Packed.Win32.TDSS.aa C:\Users\farida\AppData\Local\Temp\wscsvc32.exe
12/11/2009 9:12:32 PM Untreated: Packed.Win32.TDSS.aa C:\Users\farida\AppData\Local\Temp\wscsvc32.exe Postponed
12/11/2009 9:14:43 PM Detected: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424
12/11/2009 9:14:43 PM Untreated: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424 Postponed
12/11/2009 9:14:44 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1d4c45eb-7b57536c/myf/y/PayloadX.class
12/11/2009 9:14:44 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1d4c45eb-7b57536c/myf/y/PayloadX.class Postponed
12/11/2009 9:14:45 PM Detected: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5a9c50f8-7bd31a1e
12/11/2009 9:14:45 PM Untreated: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5a9c50f8-7bd31a1e Postponed
12/11/2009 9:32:11 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache10381.tmp/myf/y/PayloadX.class
12/11/2009 9:32:11 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache10381.tmp/myf/y/PayloadX.class Postponed
12/11/2009 9:32:11 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/AppletPanel.class
12/11/2009 9:32:11 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/AppletPanel.class Postponed
12/11/2009 9:32:11 PM Detected: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/Main.class
12/11/2009 9:32:11 PM Untreated: Trojan-Downloader.Java.Agent.ah C:\Users\farida\Local Settings\Temp\jar_cache19061.tmp/Main.class Postponed
12/11/2009 9:32:11 PM Detected: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache45167.tmp/myf/y/PayloadX.class
12/11/2009 9:32:11 PM Untreated: Trojan-Downloader.Java.OpenStream.ad C:\Users\farida\Local Settings\Temp\jar_cache45167.tmp/myf/y/PayloadX.class Postponed
12/11/2009 9:32:26 PM Detected: Packed.Win32.TDSS.aa C:\Users\farida\Local Settings\Temp\wscsvc32.exe
12/11/2009 9:32:26 PM Untreated: Packed.Win32.TDSS.aa C:\Users\farida\Local Settings\Temp\wscsvc32.exe Postponed
12/11/2009 9:38:30 PM Detected: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe
12/11/2009 9:38:30 PM Untreated: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe Postponed
12/11/2009 9:57:07 PM Detected: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424
12/11/2009 10:05:37 PM Cannot be deleted: Trojan-Downloader.Java.Agent.ab C:\Users\farida\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3204be02-6da7f424 Object not found
12/11/2009 10:53:23 PM Task completed
Disinfect active threats: completed 21 minutes ago (events: 4, objects: 1650, time: 00:17:24)
12/11/2009 10:37:25 PM Task started
12/11/2009 10:37:25 PM Detected: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe
12/11/2009 10:38:01 PM Cannot be deleted: Trojan-PSW.Win32.Papras.pg C:\Windows\essledv.exe Object not found
12/11/2009 10:54:49 PM Task completed



invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 12th December 2009, 8:27 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 12th December 2009, 3:13 pm

Hello,
Here is the url of the report.Please let me know what to do next.Thank you very much for your help.

[You must be registered and logged in to see this link.]

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 12th December 2009, 11:02 pm

Please download and install Malwarebytes' Anti-Malware: [You must be registered and logged in to see this link.]

Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

Files to delete using FileASSASSIN:
C:\Users\farida\AppData\Local\Temp\pft1150.tmp\avaspy_ca_32_en_4.0.0.143.exe
C:\Users\farida\AppData\Local\Temp\pft2472~tmp\license.dll
C:\Users\farida\AppData\Local\Temp\pft2472~tmp\pp\ppctlprivmsg.dll
C:\Users\farida\AppData\Local\Temp\pftE763.tmp\avaspy_ca_32_en_4.0.0.143.exe
C:\Users\farida\AppData\Local\Temp\pftEC82~tmp\license.dll
C:\Users\farida\AppData\Local\Temp\pftEC82~tmp\pp\ppctlprivmsg.dll
C:\Users\farida\AppData\Local\Temp\SIT40924.tmp\vs_setup.msi


The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.

==

Please download: HijackThis to your Desktop.
2.0.3 (Beta): [You must be registered and logged in to see this link.]
2.0.2 (Stable): [You must be registered and logged in to see this link.]
  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile.
  • Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 12th December 2009, 11:15 pm

I have installed Malwarebytes AntiMalware but once I click the icon on the desktop it just doesnot start ie nothing happens.I dont know the reason.It just doesnot work.Please help.Thank you for your support.Waiting for reply.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 13th December 2009, 12:09 am

Please copy the following in to Notepad:

Code:
@echo off
echo Cheetah Anti-Rogue, Malware removal tool > postme.txt
echo. >> postme.txt
echo by DragonMaster Jay >> postme.txt
echo. >> postme.txt
echo. >> postme.txt
echo -- Detected objects -- >> postme.txt
echo. >> postme.txt
if exist "C:\Users\farida\AppData\Local\Temp\pft1150.tmp" echo C:\Users\farida\AppData\Local\Temp\pft1150.tmp (HEURISTIC.FSA.CAR) >> postme.txt
if exist "C:\Users\farida\AppData\Local\Temp\pft2472~tmp" echo C:\Users\farida\AppData\Local\Temp\pft2472~tmp (HEURISTIC.FSA.CAR) >> postme.txt
if exist "C:\Users\farida\AppData\Local\Temp\pftE763.tmp" echo C:\Users\farida\AppData\Local\Temp\pftE763.tmp (HEURISTIC.FSA.CAR) >> postme.txt
if exist "C:\Users\farida\AppData\Local\Temp\pftEC82~tmp" echo C:\Users\farida\AppData\Local\Temp\pftEC82~tmp (HEURISTIC.FSA.CAR) >> postme.txt
if exist "C:\Users\farida\AppData\Local\Temp\SIT40924.tmp" echo C:\Users\farida\AppData\Local\Temp\SIT40924.tmp (HEURISTIC.FSA.CAR) >> postme.txt
echo. >> postme.txt
echo Objects removed >> postme.txt
del C:\Users\farida\AppData\Local\Temp\pft1150.tmp >> postme.txt
del C:\Users\farida\AppData\Local\Temp\pft2472~tmp >> postme.txt
del C:\Users\farida\AppData\Local\Temp\pftE763.tmp >> postme.txt
del C:\Users\farida\AppData\Local\Temp\pftEC82~tmp >> postme.txt
del C:\Users\farida\AppData\Local\Temp\SIT40924.tmp >> postme.txt
echo. >> postme.txt
echo. >> postme.txt
echo System File Reliability >> postme.txt
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\windows\wininit.dll C:\Windows\cngaudit.dll >> postme.txt
echo. >> postme.txt
echo. >> postme.txt
echo EOF >> postme.txt
start postme.txt
exit

Then, click File > Save as...

In the file name box, enter cheetah.bat and change the Save as type to All Files. Save to the Desktop.

Then, double-click on cheetah.bat to start the program. When done, it will launch a log. Please post that log in your next reply.
==

Then post the HijackThis log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 13th December 2009, 4:17 am

Hello I followed the steps given in the post and created cheetah.bat but when I clicked the icon on the desktop a command prompt opened but nothing happened.Please tell me what to do next.Thank you.Any how here is my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:57 PM, on 12/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\ProgramData\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\farida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\farida\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Users\farida\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\farida\AppData\Local\Temp\richtx64.exe
O4 - HKCU\..\Run: [ltxwtpqc] C:\Users\farida\AppData\Local\chrotn\vaensysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: setup_9.0.0.722_12.12.2009_00-40.lnk = C:\Users\farida\Desktop\Virus Removal Tool\setup_9.0.0.722_12.12.2009_00-40\startup.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\XEClient\BIN\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11716 bytes

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 13th December 2009, 5:00 am

It will appear as if it will do nothing, but it is doing something. It works, and will post the report for your when finished. Please try again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 13th December 2009, 12:31 pm

Hello I double clicked the cheetah.bat file a command prompt opened C:\Windows\system32\cmd.exe and is open for almost 6 hours 30 min but still nothing happened.Please tell me what to do now.For how much more time this should be kept open or some mistake has been committed by me.I am unable to understand.
Thank you.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 13th December 2009, 6:38 pm

Oh. That is not good. I had no idea you were working in Safe Mode.

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):


  • Hamachi


Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\farida\AppData\Local\Temp\richtx64.exe
O4 - HKCU\..\Run: [ltxwtpqc] C:\Users\farida\AppData\Local\chrotn\vaensysguard.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: setup_9.0.0.722_12.12.2009_00-40.lnk = C:\Users\farida\Desktop\Virus Removal Tool\setup_9.0.0.722_12.12.2009_00-40\startup.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Users\farida\AppData\Local\chrotn
C:\Program Files\Hamachi

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\windows\oem02mon.exe
C:\Users\farida\AppData\Local\Temp\richtx64.exe

Please reboot your computer again, and post a new HijackThis log here in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 13th December 2009, 9:37 pm

Here is the Hijackthis log file.And I have a few more doubts my Internet explorer is not working either in safe mode with networking or in the normal mode where as mozilla firefox works really fine.And in the normal mode for every 5 mins or so a window pops up saying
Microsoft Windows
Google Installer stopped working and was closed.
When ever a session begins in normal mode the other window always opens which says
Malaware bytes can not be updated.
Please help.
Thank you very very much for your great support.Waiting for your reply.

HijackThis logfile is as follows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:40 PM, on 12/13/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 1034 bytes

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 14th December 2009, 6:15 am

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.


==

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 14th December 2009, 8:03 am

Hello Here is the log file which was generated by ESET online.Please let me know what to do next.Thank you very much for your support.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=51618fb62502764483629105723248ac
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-14 07:56:12
# local_time=2009-12-14 12:56:12 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 33199747 97380085 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186606
# found=3
# cleaned=3
# scan_time=4859
C:\Users\farida\AppData\Local\chrotn\vaensysguard.exe a variant of Win32/Kryptik.BCA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\farida\AppData\Local\Temp\2171.exe a variant of Win32/Kryptik.BCA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\farida\Desktop\New Folder\CA AV\Keygen.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 14th December 2009, 12:39 pm

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


==

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

==

Please post the CKScanner log and the Kaspersky GSI URL in your next reply. There might be more objects infected.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 14th December 2009, 3:01 pm

Hello here are the logfile and the url.Please tell me what to do next.waiting for your reply.Thank you.


http://www.getsysteminfo.com/read.php?file=34a9fc494f3e39f2d6d4d9da3723e095
CKScanner - Additional Security Risks - These are not necessarily bad
c:\ca av\keygen.zip
c:\users\farida\desktop\desktop folder\mathcad\crack\efiutlr.dll
c:\users\farida\desktop\desktop folder\mathcad\crack\mathcad.exe
c:\users\farida\desktop\desktop folder\mathcad\crack\licenses\license.dat
c:\users\farida\desktop\desktop folder\thesis work\ca av\keygen.zip
c:\users\farida\desktop\desktop folder\thesis work\ccna\netsim\boson\boson_keygen.zip
c:\users\farida\desktop\desktop folder\thesis work\ccna\netsim\boson netsim v 5.31\bosonkeygen.exe
c:\users\farida\desktop\new folder\ca av\keygen.zip
c:\users\farida\desktop\new folder\ccna\netsim\boson\boson_keygen.zip
c:\users\farida\desktop\new folder\ccna\netsim\boson netsim v 5.31\bosonkeygen.exe
c:\users\farida\desktop\yughy\esxp\savxp\crack-q.ide
c:\users\farida\downloads\sav_cd\cd_esxp\savxp\crack-q.ide
c:\users\farida\downloads\sav_cd\esxp_xml\savxp\crack-q.ide
c:\vigne work\ccna\netsim\boson\boson_keygen.zip
c:\vigne work\ccna\netsim\boson netsim v 5.31\bosonkeygen.exe
scanner sequence 3.DK.11
----- EOF -----




invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 15th December 2009, 7:22 am

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 15th December 2009, 4:51 pm

Hello.I opened internet explorer and after browsing for some time in normal mode system was again infected by Anti Virus System Pro.I do not know what to do.It is becoming really frustrating.Please Please help me.I do not know what to do.What is the solution if I should not be affected by this virus again.Please help.It iis really a very very serious problem.MBAM is not working either in safe mode or in normal mode.I clicked on the MBAM icon but nothing happens it does not open.I uninstalled the MBAM downloded it again and tried once more it still does not work.Please help.Thank you very very much for your support.I did not know about the softwares until you told me.From now on I shall be very careful about them.Thank you once more.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 15th December 2009, 10:03 pm

Please download and unzip [You must be registered and logged in to see this link.]to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hȋdden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 15th December 2009, 10:48 pm

Hello I am unable run this Icesword.When I save this file from the link it gets stored in downloads file.I cut it from there and paste it in a folder on the desktop which I named as Icesword and extract files there.When ever I click the exe tab.I get the following error message
Initialize failed error code 1073740951.

Please tell what to do.i dont know weather I will ever be ale to solve the problemThank you for your patient support.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 15th December 2009, 11:37 pm

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • hȋdden Files << Selected

  • At the bottom of the page

    • hȋdden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The
    log will be saved automatically in the same folder Sysprot.exe was
    extracted to. Open the text file and copy/paste the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 16th December 2009, 2:51 am

Hello it also did not work when I clicked on create log it showed
Failed to start service:SysProt Anti Rootkit should be run with administrative previlages.I am the administrator I dont understand what is happening.Please help I have almost run out of ways to clear the system of this virus.Any how if I close the window I get a log and this is what it had.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
No hȋdden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 16th December 2009, 5:03 am

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 16th December 2009, 6:02 am

Hello.My system gets started and then I can go into safe mode and normal mode when I press f8 before startup.So it means my computer can be booted right?I am sorry for this silly question but I wanted to know.Can I use a pendrive/USB and boot it from there or I need only a cd or dvd? And whether should I enter avira cd/dvd/pen drive in safe mode or normal mode.And will my system get affected if avira fails to make repairs etc i mean i wanted to know if i will lose the data like when I format the system?....Please help and tell me how serious is the virus that I have.... Is there a chance for me to retain my data.Because I think my entire system is infected?...Please tell me how serious is the virus I have and is there any chance to get rid of it completely and forever..Thank you very much for your support you have been a great support!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 16th December 2009, 10:07 am

Actually your computer can be booted fine, it seems. But, it seems there is an infection that is resisting removal.

Keep in mind, it can be removed. Most tech support that ask for money would have already told you to reformat and reinstall without taking as many measures as possible. I am here to tell you that we do better, and that we are free.

Please have faith in this service, for your computer will become clean and your data will be fine.

It is better to use a CD or DVD.

Now, tell me, does your documents and pictures load. Can you load them and read or look at them. Or do they say infected? This will be the biggest issue in your data.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 2:33 am

Hello I have done every thing you had told me to do.The Avira software renamed six files but still the problem persists.The SystemPro Antivirus is still there in my system and MBAM still does not work.I dont know what to do.Really this problem is driving me crazy.Any how thanks for your support.Tell me what to do next.Waiting eagerlty for a solution to this crazy crazy problem!!!!!!!!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 2:42 am

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 2:50 am

I double clicked on GMER.exe But it doesn't work same way as in case of MBAM.Tell me what I could do next.Thank you.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 3:17 am

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code:
@echo off
Copy /y gmer.exe ark.exe
Start ark.exe

Save it into the gmer folder as File name: ark.cmd
Save as type: All Files

Once done, double click ark.cmd to run it.

This should start GMER, follow the steps I have outlined earlier to save a log file, then post me the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 4:31 am

Hello here is the GMER log.Please tell me the next step.Eagerly waiting for reply.
GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-16 21:27:12
Windows 6.0.6000
Running: ark.exe; Driver: C:\Users\farida\AppData\Local\Temp\awliipod.sys


---- System - GMER 1.0.15 ----

Code 861C7A88 ZwEnumerateKey
Code 861B9A88 ZwFlushInstructionCache
Code 8619FA85 IofCallDriver
Code 861A1A86 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82827F3B 5 Bytes JMP 8619FA8A
.text ntkrnlpa.exe!IofCompleteRequest 82827FA8 5 Bytes JMP 861A1A8B
PAGE ntkrnlpa.exe!ZwEnumerateKey 82937F06 5 Bytes JMP 861C7A8C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 829E84A7 5 Bytes JMP 861B9A8C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat A6A659F6

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys (*** hȋdden *** ) 8CAB6000-8CAD2000 (114688 bytes)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTcmbtcxobcw.sys (*** hȋdden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll

---- Files - GMER 1.0.15 ----

File C:\Users\farida\AppData\Local\Temp\H8SRT80b5.tmp 681472 bytes executable
File C:\Windows\System32\drivers\H8SRTcmbtcxobcw.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\h8srtcfg.dat 655 bytes
File C:\Windows\System32\H8SRTmqggembqxn.dat 196 bytes
File C:\Windows\System32\H8SRTqjxovfnfmm.dll 40960 bytes executable
File C:\Windows\System32\H8SRTtifcqsnspy.dll 23040 bytes executable
File C:\Windows\Temp\H8SRTb73d.tmp 201 bytes
File C:\Windows\Temp\H8SRTdd82.tmp 194 bytes

---- EOF - GMER 1.0.15 ----

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 6:36 am

Found it. Hooray!

We need to use GMER to delete a service and remove the file:

  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan.

  • Click on the > > > tab to open the menus


  • Click on the Services tab


  • Scroll down until you find the following Service (Note: This may be highlighted in red)

    H8SRTd

  • Click on the Service Name to Highlight it, then right click and choose Delete...

  • Click OK at the first confirmation dialog to remove the service
  • Click OK to the second confirmation dialog to remove the file
  • Click OK to exit the program

Let me know of any problems you encountered.

==

Then we will proceed with deletion of all the bad files.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 6:54 am

Hello deleted the file you asked using GMER.Now please tell me how to proceed.Is the problem sorted out?Thank you very very much.Waiting for a reply.bye.....

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 11:39 am

Please re-scan with GMER, and post a new log. See what to do next. My Buddy


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 3:44 pm

Hello,Scanned again with GMER and here is the logfile.Please tell me what to do next.Eagerly waiting for reply.

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-17 08:39:55
Windows 6.0.6000
Running: ark.exe; Driver: C:\Users\farida\AppData\Local\Temp\awliipod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\H8SRTpsujssrtev.sys (*** hȋdden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpsujssrtev.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpsujssrtev.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTmxxjywoqqc.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll

---- EOF - GMER 1.0.15 ----

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 8:58 pm

Time to kill it all at once:

Please open Command Prompt, Start, search CMD and right-click on it and select Run as Administrator.

Enter in the following, pressing enter after each line:

sc stop H8SRTd

sc delete H8SRTd

exit


==

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying

Code:
Registry Keys to delete:
[HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys]
[HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys]

Files to delete:
C:\windows\system32\drivers\H8SRTpsujssrtev.sys
C:\windows\system32\H8SRTmxxjywoqqc.dll
C:\windows\system32\drivers\H8SRTcmbtcxobcw.sys
C:\windows\system32\H8SRTtifcqsnspy.dll
C:\windows\system32\H8SRTmqggembqxn.dat
C:\windows\system32\H8SRTqjxovfnfmm.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh GMER log .


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 9:38 pm

Hello I went to the start tab and from there went to accessories and saw the command prompt right clicked and opened as System administrator and typed the first command and it says the following

[SC] Open Service FAILED 1060:
The specified service does not exist as an installed service.

Anyhow I did a search from the start tab for CMD and found cmd.exe and followed the same procedure as above the result was the same the same statement was displayed.Am I doing some think wrong.Please help.What should I do next i dont understand why it gives me this statment .Please Please help.!!!!!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 3:45 am

Please download ComboFix from here: [You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 5:28 am

Hello.Here is the Combofix log file.Please tell me what to do next and how long will it take to get rid of this virus.Eagerly waiting for reply.

ComboFix 09-12-17.01 - farida 12/17/2009 22:03:25.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.1485 [GMT -7:00]
Running from: c:\users\farida\Desktop\commy.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-965788493-1340469518-1114669241-500
c:\windows\Cursors\aero_link.cur
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTmqggembqxn.dat
c:\windows\system32\H8SRTqjxovfnfmm.dll
c:\windows\system32\H8SRTtifcqsnspy.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 05:13 . 2009-12-18 05:16 -------- d-----w- c:\users\farida\AppData\Local\temp
2009-12-18 05:13 . 2009-12-18 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 03:23 . 2009-12-17 03:23 93056 ----a-w- C:\awliipod.sys
2009-12-15 18:34 . 2009-12-15 18:34 -------- d-----w- c:\users\farida\AppData\Local\qnrwxe
2009-12-15 15:48 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 15:48 . 2009-12-15 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 15:48 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 04:05 . 2009-12-13 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-12 06:08 . 2009-12-12 06:39 7168 ----a-w- c:\windows\system32\drivers\utm0odq4.sys
2009-12-11 23:43 . 2009-12-15 18:53 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-11 23:42 . 2009-10-22 19:54 37392 ----a-w- c:\windows\system32\drivers\00686842.sys
2009-12-11 23:42 . 2009-10-10 05:31 311312 ----a-w- c:\windows\system32\drivers\0068684.sys
2009-12-11 23:42 . 2009-09-25 23:59 128016 ----a-w- c:\windows\system32\drivers\00686841.sys
2009-12-11 02:28 . 2009-12-11 02:28 -------- d-----w- c:\program files\Sophos
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\CA
2009-12-10 05:57 . 2009-12-14 06:54 -------- d-----w- c:\users\farida\AppData\Local\chrotn
2009-12-10 02:56 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:56 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-05 19:53 . 2009-12-05 19:53 -------- d-----w- C:\Cache
2009-11-25 14:25 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-31 15:39 . 2007-10-31 15:39 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-27 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"googletalk"="c:\users\farida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Update"="c:\users\farida\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"cdloader"="c:\users\farida\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"fpxfgdhs"="c:\users\farida\AppData\Local\qnrwxe\kdllsysguard.exe" [2009-12-15 250624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-31 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
R4 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
S0 00686842;00686842 Boot Guard Driver;c:\windows\system32\DRIVERS\00686842.sys [2009-10-22 37392]
S1 00686841;00686841;c:\windows\system32\DRIVERS\00686841.sys [2009-09-25 128016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-11 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nȯne REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\farida\AppData\Roaming\Mozilla\Firefox\Profiles\hotdei75.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\farida\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

AddRemove-QualNet - c:\qualnet\4.0\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-17 22:16
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\STacSV.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WerCon.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-17 22:19:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 05:19

Pre-Run: 27,318,857,728 bytes free
Post-Run: 33,135,480,832 bytes free

- - End Of File - - 344050E5666CC302737F1962084C656E

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 10:16 am

ComboFix is our main tool, and is a powerhouse. We are glad to have it back, as it was down for a couple of days. Now your machine is looking much cleaner. Awesome (sparkly)
A few more infections to clean, then a final check is all that will be needed.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\awliipod.sys
    c:\windows\system32\drivers\utm0odq4.sys
    c:\windows\system32\drivers\00686842.sys
    c:\windows\system32\drivers\0068684.sys
    c:\windows\system32\drivers\00686841.sys

    Folder::
    c:\users\farida\AppData\Local\qnrwxe
    c:\users\farida\AppData\Roaming\mjusbsp
    c:\cygwin

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"=-
    "fpxfgdhs"=-

    Driver::
    BrlAPI
    00686841
    00686842

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 2:54 pm

Hello.Here is the Combofix logfile.Please tell me what to do next.

ComboFix 09-12-17.01 - farida 12/18/2009 7:12.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.1596 [GMT -7:00]
Running from: c:\users\farida\Desktop\commy.exe
Command switches used :: c:\users\farida\Desktop\CFscript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\awliipod.sys"
"c:\windows\system32\drivers\0068684.sys"
"c:\windows\system32\drivers\00686841.sys"
"c:\windows\system32\drivers\00686842.sys"
"c:\windows\system32\drivers\utm0odq4.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\awliipod.sys
c:\users\farida\AppData\Local\qnrwxe
c:\users\farida\AppData\Local\qnrwxe\kdllsysguard.exe
c:\users\farida\AppData\Roaming\mjusbsp
c:\users\farida\AppData\Roaming\mjusbsp\_911offline.html
c:\users\farida\AppData\Roaming\mjusbsp\_shuttingdown.html
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\install.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\big.skn
c:\users\farida\AppData\Roaming\mjusbsp\cdloader2.exe
c:\users\farida\AppData\Roaming\mjusbsp\closeWindow.png
c:\users\farida\AppData\Roaming\mjusbsp\in00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\setup.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\in00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\Loader.gif
c:\users\farida\AppData\Roaming\mjusbsp\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\magicJack.exe
c:\users\farida\AppData\Roaming\mjusbsp\magicJackLoader.exe
c:\users\farida\AppData\Roaming\mjusbsp\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\mainBannerOffline.html
c:\users\farida\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
c:\users\farida\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\small.skn
c:\users\farida\AppData\Roaming\mjusbsp\st00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\st00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\st00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\TjIpSys.dll
c:\users\farida\AppData\Roaming\mjusbsp\TjVista.dll
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\install.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\setup.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\install1.exe
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\install1.ini
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\setup1.exe
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\setup1.ini
c:\users\farida\AppData\Roaming\mjusbsp\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\WarningNoDeviceFound.gif
c:\users\farida\AppData\Roaming\mjusbsp\wroffline.html
c:\users\farida\AppData\Roaming\mjusbsp\wroffline1.html
c:\windows\system32\drivers\0068684.sys
c:\windows\system32\drivers\00686841.sys
c:\windows\system32\drivers\00686842.sys
c:\windows\system32\drivers\utm0odq4.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_00686841
-------\Legacy_00686842
-------\Service_00686841
-------\Service_00686842
-------\Service_BrlAPI
-------\Legacy_setup_9.0.0.722_12.12.2009_00-40drv
-------\Service_setup_9.0.0.722_12.12.2009_00-40drv
-------\Service_utm0odq4


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 14:21 . 2009-12-18 14:24 -------- d-----w- c:\users\farida\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 14:10 . 2009-12-18 14:10 -------- d-----w- C:\32788R22FWJFW
2009-12-13 04:05 . 2009-12-13 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-11 23:43 . 2009-12-15 18:53 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-11 02:28 . 2009-12-11 02:28 -------- d-----w- c:\program files\Sophos
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\CA
2009-12-10 05:57 . 2009-12-14 06:54 -------- d-----w- c:\users\farida\AppData\Local\chrotn
2009-12-10 02:56 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:56 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-05 19:53 . 2009-12-05 19:53 -------- d-----w- C:\Cache
2009-11-25 14:25 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-14 02:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-11 11:28 . 2009-02-15 04:31 -------- d-----w- c:\users\farida\AppData\Roaming\Hamachi
2009-12-11 04:49 . 2008-11-19 02:47 6324 ----a-w- c:\users\farida\AppData\Local\d3d9caps.dat
2009-12-11 03:29 . 2009-12-11 02:29 37 ----a-w- c:\windows\value.tmp
2009-12-11 03:29 . 2009-12-11 02:29 377512 ----a-w- c:\windows\tempreg.tmp
2009-12-11 03:29 . 2009-12-11 02:23 127 ----a-w- c:\windows\sophos.tmp
2009-12-09 22:36 . 2009-12-05 21:02 439816 ----a-w- c:\users\farida\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-06 13:39 . 2007-10-31 15:52 -------- d-----w- c:\program files\Google
2009-11-15 09:42 . 2008-02-03 15:03 -------- d-----w- c:\program files\Picasa2
2009-11-11 07:28 . 2009-11-11 07:28 247280 ----a-w- c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-03 13:01 . 2009-12-10 02:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 12:57 . 2009-12-10 02:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 10:37 . 2009-12-10 02:57 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 09:17 . 2009-11-02 06:20 -------- d-----w- c:\program files\wkdhgo
2009-11-02 09:04 . 2009-11-02 09:04 -------- d-----w- c:\users\farida\AppData\Roaming\Malwarebytes
2009-11-02 09:04 . 2009-11-02 09:04 -------- d-----w- c:\programdata\Malwarebytes
2009-10-31 16:11 . 2007-11-10 09:49 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-27 15:05 . 2009-12-10 02:57 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-10 02:57 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-10 02:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 14:59 . 2009-12-10 02:57 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-10 02:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-10 02:57 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-10-18 14:27 . 2007-11-07 18:40 101856 ----a-w- c:\users\farida\AppData\Local\GDIPFONTCACHEV1.DAT
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-31 15:39 . 2007-10-31 15:39 76 --sh--r- c:\windows\CT4CET.bin
2007-10-31 23:25 . 2007-10-31 23:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-27 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"googletalk"="c:\users\farida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Update"="c:\users\farida\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-31 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [1/17/2009 1:41 PM 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [1/17/2009 1:41 PM 41680]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/31/2007 4:25 PM 179712]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [12/17/2008 11:56 AM 81360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2009 8:32 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nȯne REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\farida\AppData\Roaming\Mozilla\Firefox\Profiles\hotdei75.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\farida\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-18 07:26
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2160)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\windows\system32\WerCon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\STacSV.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-18 07:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 14:32

Pre-Run: 35,357,618,176 bytes free
Post-Run: 33,410,383,872 bytes free

- - End Of File - - 95B0CEDCAA47BE2C84911399E847F73C

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 10:35 pm

Good. Now time to clean up. Smile

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 10:52 pm

Hello.Here is the checkup.txt report.What should be done next to get rid of that virus.



Results of screen317's Security Check version 0.99.1
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) SE Runtime Environment 6
Java 2 SDK, SE v1.4.2_16
Java 2 Runtime Environment, SE v1.4.2_16
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 11:02 pm

It is gone. Is your computer still a little slow?

Please do this:

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Please consider updating to Windows Vista Service Packs 1 and 2 (SP2).
Windows Vista Service Pack 1 and 2 contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please let me know how everything went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 19th December 2009, 3:22 am

Hello, I have followed the steps you had advised for adobe reader.I have not done windows update as yet.I have a doubt like will some applications not work if I upgrade to windows vista SP2.Is it free? And I have sophos and avira antivirus premium edition and am not able to decide which one to have.And one more thing can you please tell me how to avoid that hell of a virus In future......Any how thank you very very very much for your support.I have no words to tell how helpful you were through out.Let me know if I have to do anything more....I hope I have got rid of this virus.Once I was able to clear that using MBAM.But my system was again attacked by the same virus and MBAM could not solve neither cud any of the antivirus.Please tell me is it a recurring phenomena and how to avoid that dreaded virus.THANKS ONCE AGAIN.WAITING FOR YOUR REPLY.HAVE A GREAT DAY....

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 19th December 2009, 6:21 am

Vista SP1 and SP2 are free. They help to improve the functionality of your computer. They will not prevent you from running any programs, so no worries on that.

I am just going to give you all recommendations and hopefully it will help.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 20th December 2009, 2:27 am

Hello.Thank you very very much for your help.You have been a great great support during entire process of removing the dreaded virus.And thank you very very much for all the tips you have provided to avoid virus and malawares in future.Every thing is fine except that internet explorer is having some problems.Like when I access videos etc form youtube it takes a lot of time to start but mozilla and opera work fine,so its not that big a problem.But I am worried if some thing is wrong with internet explorer.Thankyou once again for your support.You guys are really awesome..........................

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 20th December 2009, 10:07 am

This should fix IE (optional):
Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

For YouTube buffering issues, right-click on every video you watch, and click Settings. Then, uncheck Enable Hardware Acceleration.

Then, while in your YouTube account, hover over your name in the top right hand corner and click Account.

Click Playback Setup on the left. Then, fill in the circle on the left of the following phrase: I have a slow connection. Never play higher-quality video.
Click Save Changes.

Did this help?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum