Help needed Antivirus Sysytem Pro

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 16th December 2009, 5:03 am

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 16th December 2009, 6:02 am

Hello.My system gets started and then I can go into safe mode and normal mode when I press f8 before startup.So it means my computer can be booted right?I am sorry for this silly question but I wanted to know.Can I use a pendrive/USB and boot it from there or I need only a cd or dvd? And whether should I enter avira cd/dvd/pen drive in safe mode or normal mode.And will my system get affected if avira fails to make repairs etc i mean i wanted to know if i will lose the data like when I format the system?....Please help and tell me how serious is the virus that I have.... Is there a chance for me to retain my data.Because I think my entire system is infected?...Please tell me how serious is the virus I have and is there any chance to get rid of it completely and forever..Thank you very much for your support you have been a great support!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 16th December 2009, 10:07 am

Actually your computer can be booted fine, it seems. But, it seems there is an infection that is resisting removal.

Keep in mind, it can be removed. Most tech support that ask for money would have already told you to reformat and reinstall without taking as many measures as possible. I am here to tell you that we do better, and that we are free.

Please have faith in this service, for your computer will become clean and your data will be fine.

It is better to use a CD or DVD.

Now, tell me, does your documents and pictures load. Can you load them and read or look at them. Or do they say infected? This will be the biggest issue in your data.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 2:33 am

Hello I have done every thing you had told me to do.The Avira software renamed six files but still the problem persists.The SystemPro Antivirus is still there in my system and MBAM still does not work.I dont know what to do.Really this problem is driving me crazy.Any how thanks for your support.Tell me what to do next.Waiting eagerlty for a solution to this crazy crazy problem!!!!!!!!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 2:42 am

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 2:50 am

I double clicked on GMER.exe But it doesn't work same way as in case of MBAM.Tell me what I could do next.Thank you.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 3:17 am

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code:
@echo off
Copy /y gmer.exe ark.exe
Start ark.exe

Save it into the gmer folder as File name: ark.cmd
Save as type: All Files

Once done, double click ark.cmd to run it.

This should start GMER, follow the steps I have outlined earlier to save a log file, then post me the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 4:31 am

Hello here is the GMER log.Please tell me the next step.Eagerly waiting for reply.
GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-16 21:27:12
Windows 6.0.6000
Running: ark.exe; Driver: C:\Users\farida\AppData\Local\Temp\awliipod.sys


---- System - GMER 1.0.15 ----

Code 861C7A88 ZwEnumerateKey
Code 861B9A88 ZwFlushInstructionCache
Code 8619FA85 IofCallDriver
Code 861A1A86 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82827F3B 5 Bytes JMP 8619FA8A
.text ntkrnlpa.exe!IofCompleteRequest 82827FA8 5 Bytes JMP 861A1A8B
PAGE ntkrnlpa.exe!ZwEnumerateKey 82937F06 5 Bytes JMP 861C7A8C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 829E84A7 5 Bytes JMP 861B9A8C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat A6A659F6

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys (*** hȋdden *** ) 8CAB6000-8CAD2000 (114688 bytes)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTcmbtcxobcw.sys (*** hȋdden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll

---- Files - GMER 1.0.15 ----

File C:\Users\farida\AppData\Local\Temp\H8SRT80b5.tmp 681472 bytes executable
File C:\Windows\System32\drivers\H8SRTcmbtcxobcw.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\h8srtcfg.dat 655 bytes
File C:\Windows\System32\H8SRTmqggembqxn.dat 196 bytes
File C:\Windows\System32\H8SRTqjxovfnfmm.dll 40960 bytes executable
File C:\Windows\System32\H8SRTtifcqsnspy.dll 23040 bytes executable
File C:\Windows\Temp\H8SRTb73d.tmp 201 bytes
File C:\Windows\Temp\H8SRTdd82.tmp 194 bytes

---- EOF - GMER 1.0.15 ----

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 6:36 am

Found it. Hooray!

We need to use GMER to delete a service and remove the file:

  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan.

  • Click on the > > > tab to open the menus


  • Click on the Services tab


  • Scroll down until you find the following Service (Note: This may be highlighted in red)

    H8SRTd

  • Click on the Service Name to Highlight it, then right click and choose Delete...

  • Click OK at the first confirmation dialog to remove the service
  • Click OK to the second confirmation dialog to remove the file
  • Click OK to exit the program

Let me know of any problems you encountered.

==

Then we will proceed with deletion of all the bad files.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 6:54 am

Hello deleted the file you asked using GMER.Now please tell me how to proceed.Is the problem sorted out?Thank you very very much.Waiting for a reply.bye.....

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 11:39 am

Please re-scan with GMER, and post a new log. See what to do next. My Buddy


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 3:44 pm

Hello,Scanned again with GMER and here is the logfile.Please tell me what to do next.Eagerly waiting for reply.

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-17 08:39:55
Windows 6.0.6000
Running: ark.exe; Driver: C:\Users\farida\AppData\Local\Temp\awliipod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\H8SRTpsujssrtev.sys (*** hȋdden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpsujssrtev.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpsujssrtev.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTmxxjywoqqc.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcmbtcxobcw.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtifcqsnspy.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmqggembqxn.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqjxovfnfmm.dll

---- EOF - GMER 1.0.15 ----

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 17th December 2009, 8:58 pm

Time to kill it all at once:

Please open Command Prompt, Start, search CMD and right-click on it and select Run as Administrator.

Enter in the following, pressing enter after each line:

sc stop H8SRTd

sc delete H8SRTd

exit


==

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying

Code:
Registry Keys to delete:
[HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys]
[HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys]

Files to delete:
C:\windows\system32\drivers\H8SRTpsujssrtev.sys
C:\windows\system32\H8SRTmxxjywoqqc.dll
C:\windows\system32\drivers\H8SRTcmbtcxobcw.sys
C:\windows\system32\H8SRTtifcqsnspy.dll
C:\windows\system32\H8SRTmqggembqxn.dat
C:\windows\system32\H8SRTqjxovfnfmm.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh GMER log .


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 17th December 2009, 9:38 pm

Hello I went to the start tab and from there went to accessories and saw the command prompt right clicked and opened as System administrator and typed the first command and it says the following

[SC] Open Service FAILED 1060:
The specified service does not exist as an installed service.

Anyhow I did a search from the start tab for CMD and found cmd.exe and followed the same procedure as above the result was the same the same statement was displayed.Am I doing some think wrong.Please help.What should I do next i dont understand why it gives me this statment .Please Please help.!!!!!!!

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 3:45 am

Please download ComboFix from here: [You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 5:28 am

Hello.Here is the Combofix log file.Please tell me what to do next and how long will it take to get rid of this virus.Eagerly waiting for reply.

ComboFix 09-12-17.01 - farida 12/17/2009 22:03:25.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.1485 [GMT -7:00]
Running from: c:\users\farida\Desktop\commy.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-965788493-1340469518-1114669241-500
c:\windows\Cursors\aero_link.cur
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTmqggembqxn.dat
c:\windows\system32\H8SRTqjxovfnfmm.dll
c:\windows\system32\H8SRTtifcqsnspy.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 05:13 . 2009-12-18 05:16 -------- d-----w- c:\users\farida\AppData\Local\temp
2009-12-18 05:13 . 2009-12-18 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 03:23 . 2009-12-17 03:23 93056 ----a-w- C:\awliipod.sys
2009-12-15 18:34 . 2009-12-15 18:34 -------- d-----w- c:\users\farida\AppData\Local\qnrwxe
2009-12-15 15:48 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 15:48 . 2009-12-15 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 15:48 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 04:05 . 2009-12-13 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-12 06:08 . 2009-12-12 06:39 7168 ----a-w- c:\windows\system32\drivers\utm0odq4.sys
2009-12-11 23:43 . 2009-12-15 18:53 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-11 23:42 . 2009-10-22 19:54 37392 ----a-w- c:\windows\system32\drivers\00686842.sys
2009-12-11 23:42 . 2009-10-10 05:31 311312 ----a-w- c:\windows\system32\drivers\0068684.sys
2009-12-11 23:42 . 2009-09-25 23:59 128016 ----a-w- c:\windows\system32\drivers\00686841.sys
2009-12-11 02:28 . 2009-12-11 02:28 -------- d-----w- c:\program files\Sophos
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\CA
2009-12-10 05:57 . 2009-12-14 06:54 -------- d-----w- c:\users\farida\AppData\Local\chrotn
2009-12-10 02:56 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:56 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-05 19:53 . 2009-12-05 19:53 -------- d-----w- C:\Cache
2009-11-25 14:25 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-31 15:39 . 2007-10-31 15:39 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-27 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"googletalk"="c:\users\farida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Update"="c:\users\farida\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"cdloader"="c:\users\farida\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"fpxfgdhs"="c:\users\farida\AppData\Local\qnrwxe\kdllsysguard.exe" [2009-12-15 250624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-31 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
R4 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
S0 00686842;00686842 Boot Guard Driver;c:\windows\system32\DRIVERS\00686842.sys [2009-10-22 37392]
S1 00686841;00686841;c:\windows\system32\DRIVERS\00686841.sys [2009-09-25 128016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-11 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nȯne REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\farida\AppData\Roaming\Mozilla\Firefox\Profiles\hotdei75.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\farida\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

AddRemove-QualNet - c:\qualnet\4.0\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-17 22:16
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\STacSV.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WerCon.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-17 22:19:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 05:19

Pre-Run: 27,318,857,728 bytes free
Post-Run: 33,135,480,832 bytes free

- - End Of File - - 344050E5666CC302737F1962084C656E

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 10:16 am

ComboFix is our main tool, and is a powerhouse. We are glad to have it back, as it was down for a couple of days. Now your machine is looking much cleaner. Awesome (sparkly)
A few more infections to clean, then a final check is all that will be needed.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\awliipod.sys
    c:\windows\system32\drivers\utm0odq4.sys
    c:\windows\system32\drivers\00686842.sys
    c:\windows\system32\drivers\0068684.sys
    c:\windows\system32\drivers\00686841.sys

    Folder::
    c:\users\farida\AppData\Local\qnrwxe
    c:\users\farida\AppData\Roaming\mjusbsp
    c:\cygwin

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"=-
    "fpxfgdhs"=-

    Driver::
    BrlAPI
    00686841
    00686842

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 2:54 pm

Hello.Here is the Combofix logfile.Please tell me what to do next.

ComboFix 09-12-17.01 - farida 12/18/2009 7:12.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.1596 [GMT -7:00]
Running from: c:\users\farida\Desktop\commy.exe
Command switches used :: c:\users\farida\Desktop\CFscript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\awliipod.sys"
"c:\windows\system32\drivers\0068684.sys"
"c:\windows\system32\drivers\00686841.sys"
"c:\windows\system32\drivers\00686842.sys"
"c:\windows\system32\drivers\utm0odq4.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\awliipod.sys
c:\users\farida\AppData\Local\qnrwxe
c:\users\farida\AppData\Local\qnrwxe\kdllsysguard.exe
c:\users\farida\AppData\Roaming\mjusbsp
c:\users\farida\AppData\Roaming\mjusbsp\_911offline.html
c:\users\farida\AppData\Roaming\mjusbsp\_shuttingdown.html
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\install.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\ar00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\big.skn
c:\users\farida\AppData\Roaming\mjusbsp\cdloader2.exe
c:\users\farida\AppData\Roaming\mjusbsp\closeWindow.png
c:\users\farida\AppData\Roaming\mjusbsp\in00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\setup.exe
c:\users\farida\AppData\Roaming\mjusbsp\in00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\in00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\Loader.gif
c:\users\farida\AppData\Roaming\mjusbsp\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\magicJack.exe
c:\users\farida\AppData\Roaming\mjusbsp\magicJackLoader.exe
c:\users\farida\AppData\Roaming\mjusbsp\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\mainBannerOffline.html
c:\users\farida\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
c:\users\farida\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\small.skn
c:\users\farida\AppData\Roaming\mjusbsp\st00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
c:\users\farida\AppData\Roaming\mjusbsp\st00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\st00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\TjIpSys.dll
c:\users\farida\AppData\Roaming\mjusbsp\TjVista.dll
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\install.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\setup.exe
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\splash.gif
c:\users\farida\AppData\Roaming\mjusbsp\ug00000\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\install1.exe
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\install1.ini
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\setup1.exe
c:\users\farida\AppData\Roaming\mjusbsp\Upgrade\setup1.ini
c:\users\farida\AppData\Roaming\mjusbsp\WarningMJCouldNotStart.gif
c:\users\farida\AppData\Roaming\mjusbsp\WarningNoDeviceFound.gif
c:\users\farida\AppData\Roaming\mjusbsp\wroffline.html
c:\users\farida\AppData\Roaming\mjusbsp\wroffline1.html
c:\windows\system32\drivers\0068684.sys
c:\windows\system32\drivers\00686841.sys
c:\windows\system32\drivers\00686842.sys
c:\windows\system32\drivers\utm0odq4.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_00686841
-------\Legacy_00686842
-------\Service_00686841
-------\Service_00686842
-------\Service_BrlAPI
-------\Legacy_setup_9.0.0.722_12.12.2009_00-40drv
-------\Service_setup_9.0.0.722_12.12.2009_00-40drv
-------\Service_utm0odq4


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 14:21 . 2009-12-18 14:24 -------- d-----w- c:\users\farida\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 14:10 . 2009-12-18 14:10 -------- d-----w- C:\32788R22FWJFW
2009-12-13 04:05 . 2009-12-13 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-11 23:43 . 2009-12-15 18:53 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-11 02:28 . 2009-12-11 02:28 -------- d-----w- c:\program files\Sophos
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\Common Files\Scanner
2009-12-10 16:21 . 2009-12-10 16:21 -------- d-----w- c:\program files\CA
2009-12-10 05:57 . 2009-12-14 06:54 -------- d-----w- c:\users\farida\AppData\Local\chrotn
2009-12-10 02:56 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:56 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-05 19:53 . 2009-12-05 19:53 -------- d-----w- C:\Cache
2009-11-25 14:25 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:18 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-24 20:18 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-14 02:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-11 11:28 . 2009-02-15 04:31 -------- d-----w- c:\users\farida\AppData\Roaming\Hamachi
2009-12-11 04:49 . 2008-11-19 02:47 6324 ----a-w- c:\users\farida\AppData\Local\d3d9caps.dat
2009-12-11 03:29 . 2009-12-11 02:29 37 ----a-w- c:\windows\value.tmp
2009-12-11 03:29 . 2009-12-11 02:29 377512 ----a-w- c:\windows\tempreg.tmp
2009-12-11 03:29 . 2009-12-11 02:23 127 ----a-w- c:\windows\sophos.tmp
2009-12-09 22:36 . 2009-12-05 21:02 439816 ----a-w- c:\users\farida\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-06 13:39 . 2007-10-31 15:52 -------- d-----w- c:\program files\Google
2009-11-15 09:42 . 2008-02-03 15:03 -------- d-----w- c:\program files\Picasa2
2009-11-11 07:28 . 2009-11-11 07:28 247280 ----a-w- c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-03 13:01 . 2009-12-10 02:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 12:57 . 2009-12-10 02:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 10:37 . 2009-12-10 02:57 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 09:17 . 2009-11-02 06:20 -------- d-----w- c:\program files\wkdhgo
2009-11-02 09:04 . 2009-11-02 09:04 -------- d-----w- c:\users\farida\AppData\Roaming\Malwarebytes
2009-11-02 09:04 . 2009-11-02 09:04 -------- d-----w- c:\programdata\Malwarebytes
2009-10-31 16:11 . 2007-11-10 09:49 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-27 15:05 . 2009-12-10 02:57 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-10 02:57 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-10 02:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 14:59 . 2009-12-10 02:57 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-10 02:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-10 02:57 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-10-18 14:27 . 2007-11-07 18:40 101856 ----a-w- c:\users\farida\AppData\Local\GDIPFONTCACHEV1.DAT
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-31 15:39 . 2007-10-31 15:39 76 --sh--r- c:\windows\CT4CET.bin
2007-10-31 23:25 . 2007-10-31 23:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-27 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"googletalk"="c:\users\farida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Update"="c:\users\farida\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-31 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [1/17/2009 1:41 PM 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [1/17/2009 1:41 PM 41680]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/31/2007 4:25 PM 179712]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [12/17/2008 11:56 AM 81360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2009 8:32 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nȯne REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\farida\AppData\Roaming\Mozilla\Firefox\Profiles\hotdei75.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\farida\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\farida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-18 07:26
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2160)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\windows\system32\WerCon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\STacSV.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-18 07:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 14:32

Pre-Run: 35,357,618,176 bytes free
Post-Run: 33,410,383,872 bytes free

- - End Of File - - 95B0CEDCAA47BE2C84911399E847F73C

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 10:35 pm

Good. Now time to clean up. Smile

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 18th December 2009, 10:52 pm

Hello.Here is the checkup.txt report.What should be done next to get rid of that virus.



Results of screen317's Security Check version 0.99.1
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) SE Runtime Environment 6
Java 2 SDK, SE v1.4.2_16
Java 2 Runtime Environment, SE v1.4.2_16
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 18th December 2009, 11:02 pm

It is gone. Is your computer still a little slow?

Please do this:

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Please consider updating to Windows Vista Service Packs 1 and 2 (SP2).
Windows Vista Service Pack 1 and 2 contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please let me know how everything went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 19th December 2009, 3:22 am

Hello, I have followed the steps you had advised for adobe reader.I have not done windows update as yet.I have a doubt like will some applications not work if I upgrade to windows vista SP2.Is it free? And I have sophos and avira antivirus premium edition and am not able to decide which one to have.And one more thing can you please tell me how to avoid that hell of a virus In future......Any how thank you very very very much for your support.I have no words to tell how helpful you were through out.Let me know if I have to do anything more....I hope I have got rid of this virus.Once I was able to clear that using MBAM.But my system was again attacked by the same virus and MBAM could not solve neither cud any of the antivirus.Please tell me is it a recurring phenomena and how to avoid that dreaded virus.THANKS ONCE AGAIN.WAITING FOR YOUR REPLY.HAVE A GREAT DAY....

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 19th December 2009, 6:21 am

Vista SP1 and SP2 are free. They help to improve the functionality of your computer. They will not prevent you from running any programs, so no worries on that.

I am just going to give you all recommendations and hopefully it will help.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 20th December 2009, 2:27 am

Hello.Thank you very very much for your help.You have been a great great support during entire process of removing the dreaded virus.And thank you very very much for all the tips you have provided to avoid virus and malawares in future.Every thing is fine except that internet explorer is having some problems.Like when I access videos etc form youtube it takes a lot of time to start but mozilla and opera work fine,so its not that big a problem.But I am worried if some thing is wrong with internet explorer.Thankyou once again for your support.You guys are really awesome..........................

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by Dr Jay on 20th December 2009, 10:07 am

This should fix IE (optional):
Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

For YouTube buffering issues, right-click on every video you watch, and click Settings. Then, uncheck Enable Hardware Acceleration.

Then, while in your YouTube account, hover over your name in the top right hand corner and click Account.

Click Playback Setup on the left. Then, fill in the circle on the left of the following phrase: I have a slow connection. Never play higher-quality video.
Click Save Changes.

Did this help?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Help needed Antivirus Sysytem Pro

Post by invisible016 on 4th January 2010, 2:37 pm

Hello Dragon Master Jay,
Thank you very very very much.I would like to thank you personally for the help and support which you have extended.I want to also thank the wonderful team of geekpolice.You guys made my holidays.I went to holidaying and enjoyed a lot.Thank you for being so kind patient and supportive.I can not tell you how grateful I am.I can not forget what you guys have done.Thank you very very much.Have a great new year.

invisible016
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-11-02
OS OS : vista
Points Points : 26786
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum