Can't remove digital protection pop ups

View previous topic View next topic Go down

Can't remove digital protection pop ups

Post by bcd0720 on 1st May 2010, 11:43 pm

This morning my computer got the digital protection virus. I tried removing the virus using malwarebytes along with spy doctor. I followed the steps on this site and tried removing several times with no luck. The last few times that I used malwarebytes it did not even detect anything that was infected. Even when I delete the infected objects, when I restart my computer, the pop ups are back. I can't seem to find any suggestions as to what to do now. Any help would be greatly appreciated.

bcd0720
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-01
OS OS : Windows Vistas
Points Points : 24198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by Dr Jay on 2nd May 2010, 2:03 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by bcd0720 on 3rd May 2010, 12:02 am

Thank you. I am in the process of using combofix, but have 2 questions.

1. Should I run in safe mode or normal mode?

2. When trying to run in safe mode it said that Avira AntiVir is active. However, I cannot find that program on my computer and tried searching the system. Any suggestions?

Thank you!

bcd0720
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-01
OS OS : Windows Vistas
Points Points : 24198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by Dr Jay on 3rd May 2010, 3:59 am

Go ahead and run it in Normal Mode, if possible. And just continue with the scan anyway.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by bcd0720 on 3rd May 2010, 11:12 pm

I ran ComboFix. However when it was complete and I tried to open the internet to post the log, it would not open the internet. None of my programs would open. I restarted my computer and was able to access my programs. However, now I cannot find the ComboFix log to post here. Is there a way I can access it? Although I am no longer receiving the pop ups so think it has fixed the issue.

Thank you.

bcd0720
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-01
OS OS : Windows Vistas
Points Points : 24198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by Dr Jay on 4th May 2010, 3:57 am

C:\combofix.txt

Please find that and post the log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by bcd0720 on 5th May 2010, 1:25 am

ComboFix 10-05-03.03 - Brighid Duffy 05/03/2010 16:57:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.313 [GMT -5:00]
Running from: c:\users\Brighid Duffy\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3776510411-2605606160-4213564610-500

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 22:21 . 2010-05-03 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 19:19 . 2010-05-01 19:19 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-05-01 13:10 . 2010-05-01 13:10 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\Malwarebytes
2010-05-01 13:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 13:09 . 2010-05-01 13:09 -------- d-----w- c:\programdata\Malwarebytes
2010-05-01 13:09 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 13:09 . 2010-05-01 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 12:00 . 2010-05-02 00:24 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\4E6EB425B0EDFB8811C790DB2645A469
2010-04-13 21:47 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 21:47 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 21:47 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 21:47 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 21:47 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 21:47 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 21:46 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 21:46 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 21:46 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 21:46 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-13 21:46 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-13 21:46 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-13 21:46 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 21:43 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-04 01:25 . 2010-04-04 01:25 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\Intuit
2010-04-04 01:25 . 2010-04-04 01:25 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-04-04 01:08 . 2010-04-04 01:24 -------- d-----w- c:\program files\Common Files\Intuit
2010-04-04 01:08 . 2010-04-04 01:08 -------- d-----w- c:\program files\TurboTax
2010-04-04 01:07 . 2010-04-04 01:11 -------- d-----w- c:\programdata\Intuit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 21:40 . 2010-02-09 00:03 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\Skype
2010-05-03 21:39 . 2008-03-19 18:18 -------- d-----w- c:\programdata\Google Updater
2010-05-03 21:39 . 2010-02-09 00:10 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\skypePM
2010-05-03 21:38 . 2007-05-13 21:35 13401 ----a-w- c:\users\Brighid Duffy\AppData\Roaming\nvModes.dat
2010-05-02 04:56 . 2009-12-06 20:15 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\vlc
2010-05-01 23:10 . 2007-07-08 16:41 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\OpenOffice.org2
2010-05-01 16:09 . 2007-10-13 13:35 8160 ----a-w- c:\users\Brighid Duffy\AppData\Local\d3d9caps.dat
2010-05-01 11:57 . 2009-12-08 17:11 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\dvdcss
2010-04-30 00:45 . 2008-03-19 18:23 -------- d-----w- c:\program files\Spyware Doctor
2010-04-29 02:18 . 2010-01-28 00:50 86016 ----a-w- c:\users\Brighid Duffy\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-29 02:18 . 2009-07-28 02:26 81920 ----a-w- c:\users\Brighid Duffy\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-29 02:18 . 2009-07-28 02:26 303104 ----a-w- c:\users\Brighid Duffy\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-24 03:49 . 2008-07-07 02:04 -------- d-----w- c:\users\Brighid Duffy\AppData\Roaming\Image Zone Express
2010-04-15 12:05 . 2008-03-03 00:20 -------- d-----w- c:\program files\Google
2010-04-15 02:00 . 2006-12-18 19:35 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 01:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-04 01:26 . 2007-06-25 02:05 97496 ----a-w- c:\users\Brighid Duffy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-14 19:08 . 2006-12-18 19:41 -------- d-----w- c:\programdata\CyberLink
2010-03-14 19:02 . 2010-03-14 19:01 -------- d-----w- c:\program files\Microsoft LifeCam
2010-03-12 23:41 . 2010-03-12 23:41 762736 ----a-w- c:\windows\vVX3000.exe
2010-03-12 23:41 . 2010-03-12 23:41 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-03-12 23:41 . 2010-03-12 23:41 227696 ----a-w- c:\windows\vVX3000.dll
2010-03-12 23:41 . 2010-03-12 23:41 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2010-03-12 23:41 . 2010-03-12 23:41 175472 ----a-w- c:\windows\system32\cVX3000.dll
2010-03-12 23:41 . 2010-03-12 23:41 101232 ----a-w- c:\windows\VX3000.dll
2010-03-09 16:54 . 2010-03-31 14:08 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 14:07 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 14:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-03-31 14:07 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-03-31 14:07 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 14:07 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 14:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-02-24 15:16 . 2009-10-03 22:23 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 19:28 . 2010-03-06 01:34 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-20 23:54 . 2010-03-11 09:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-11 09:03 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-11 09:03 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-09 00:10 . 2010-02-09 00:10 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-04 22:51 . 2010-03-06 01:35 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2009-11-16 01:30 . 2009-11-16 01:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-06-25 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-26 185632]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-05-03 492840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Brighid Duffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-8 385024]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-9 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [2007-08-01 20632]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [2007-08-01 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [2007-08-01 76440]
R3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [2007-08-01 21656]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2007-08-01 203843]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-19 02:03]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 00:53]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 00:53]

2010-01-29 c:\windows\Tasks\Norton Security Scan for Brighid Duffy.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-01-22 22:45]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{1DE0F7A0-D148-47F2-B736-2E91BD227930}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: level2iaas.com\vpn
Trusted Zone: sonicwall.com\sslvpn
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Brighid Duffy\AppData\Roaming\Mozilla\Firefox\Profiles\hu6uefbw.default\
FF - prefs.js: browser.search.selectedEngine - Comcast Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\Brighid Duffy\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Brighid Duffy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Brighid Duffy\AppData\Roaming\Mozilla\Firefox\Profiles\hu6uefbw.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-klmdb.sys
AddRemove-AntiVir PersonalEdition Classic - c:\program files\AntiVir PersonalEdition Classic\SETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-03 17:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc236F7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5404)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2010-05-03 17:32:00
ComboFix-quarantined-files.txt 2010-05-03 22:31

Pre-Run: 65,217,318,912 bytes free
Post-Run: 68,238,888,960 bytes free

- - End Of File - - F1DCD950BA40357FF5211ECD4B891600

bcd0720
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-05-01
OS OS : Windows Vistas
Points Points : 24198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't remove digital protection pop ups

Post by Dr Jay on 5th May 2010, 2:39 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum