Antivir malware

View previous topic View next topic Go down

Antivir malware

Post by bjeans on 31st July 2010, 5:30 pm

This malware has infected my computer. (XP). I have followed the instructions and tried to download malwarebytes' anti-malware, and get the following messages when it is installing;
mbam_error_load_database(3.0) & mbam_error_expanding_variables(0,9)

This is an old e-machine (with many upgrades), and I have also tried to load th restore disks, but don't work. About ready to take it to a tech

Thanks
bjeans

bjeans
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-07-29
Gender Gender : Female
OS OS : XP
Points Points : 23308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by Crush on 31st July 2010, 7:30 pm

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
========

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by bjeans on 2nd August 2010, 1:06 am

I have done as instructed, although the path you told me to use in the start/run did not work, so I started it from the commy.exe on my desktop, it did the scan in a dos window, and my computer is still running in safe mode. Do I need to do anything further? I am sending the log file.

Thanks so much for your help!

bjeans
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-07-29
Gender Gender : Female
OS OS : XP
Points Points : 23308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by Crush on 2nd August 2010, 1:21 am

I don't see the logfile. Can you copy and paste t here please?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by bjeans on 2nd August 2010, 2:36 am

ComboFix 10-07-31.04 - Administrator 08/01/2010 19:52:38.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1683 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Commy.exe.exe
.

((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 00:33 . 2010-08-02 00:33 -------- d--h--w- c:\windows\PIF
2010-08-02 00:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 00:22 . 2010-08-02 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 00:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 00:17 . 2010-08-02 00:17 0 ----a-w- c:\windows\nsreg.dat
2010-08-02 00:17 . 2010-08-02 00:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-30 06:20 . 2010-07-30 06:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-07-30 05:59 . 2010-07-30 05:59 40440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 05:58 . 2010-07-30 05:58 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-30 04:43 . 2010-08-02 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 04:35 . 2010-07-30 04:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-30 04:31 . 2010-07-30 04:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 04:31 . 2010-07-30 04:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2010-07-13 22:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 09:10 . 2010-07-12 09:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Intuit
2010-07-12 07:06 . 2010-07-12 07:06 49744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-12 01:07 . 2010-07-12 01:07 975136 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-07-12 01:07 . 2010-07-12 01:07 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-07-12 01:07 . 2010-07-12 01:07 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll
2010-07-12 01:07 . 2010-07-12 01:07 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll
2010-07-11 23:07 . 2010-07-22 03:14 3500 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys
2010-07-11 21:26 . 2010-07-11 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-07-11 21:26 . 2010-07-11 21:26 -------- d-----w- c:\program files\Intuit
2010-07-11 21:24 . 2010-07-11 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-07-11 21:24 . 2010-07-11 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2010-07-11 21:20 . 2010-07-11 21:20 -------- d-----w- c:\windows\Intuit
2010-07-05 05:57 . 1997-04-23 12:44 31232 ----a-w- c:\windows\H2REMOVE.EXE
2010-07-05 01:50 . 2010-07-05 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-07-05 01:49 . 2004-07-26 21:56 12800 ----a-w- c:\windows\system32\Wing32.dll
2010-07-05 01:33 . 2010-07-05 01:48 -------- d-----w- C:\Downloads
2010-07-05 01:16 . 2010-07-05 01:17 -------- d-----w- c:\program files\boot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 05:44 . 2010-06-28 01:15 -------- d-----w- c:\program files\3DO
2010-07-30 04:23 . 2010-02-28 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-12 09:10 . 2010-02-14 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-07-12 03:43 . 2008-09-16 05:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 21:28 . 2010-02-14 15:56 -------- d-----w- c:\program files\Common Files\Intuit
2010-06-27 05:23 . 2010-06-27 05:22 644043114 ----a-w- c:\program files\Heroes_of_might_and_magic2_vf.Rar.zip
2010-06-27 03:20 . 2010-06-27 03:18 683089920 ----a-w- C:\homm2.bin
2010-06-24 19:36 . 2008-09-21 02:02 -------- d-----w- c:\program files\Common Files\Peach
2010-06-24 19:34 . 2010-06-24 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Aatrix Software
2010-06-24 19:33 . 2008-08-22 03:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 18:58 . 2010-06-24 18:58 -------- d-----w- c:\program files\Pervasive Software
2010-06-24 18:58 . 2010-06-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Pervasive Software
2010-06-24 18:57 . 2010-06-24 18:57 9926 ----a-w- c:\windows\PriorPervasive.reg
2010-06-24 18:57 . 2010-06-24 18:57 740 ----a-w- c:\windows\PSODBCEI.reg
2010-06-24 18:57 . 2010-06-24 18:57 740 ----a-w- c:\windows\PSODBCCI.reg
2010-06-24 18:57 . 2010-06-24 18:57 470 ----a-w- c:\windows\PSOA.reg
2010-06-24 18:56 . 2010-06-24 18:56 -------- d-----w- c:\program files\Sage
2010-06-24 18:39 . 2010-06-24 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-06-24 18:39 . 2010-06-24 18:37 -------- d-----w- c:\program files\Raxco
2010-06-24 07:07 . 2010-06-24 06:21 -------- d-----w- c:\program files\iFinger
2010-06-14 14:31 . 2008-08-22 09:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 18:55 . 2009-02-27 00:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 01:00 . 2008-08-22 03:47 -------- d-----w- c:\program files\QuickTime
2010-06-04 01:00 . 2008-08-22 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-04 00:52 . 2010-02-25 00:25 -------- d-----w- c:\program files\Common Files\Apple
2010-06-04 00:50 . 2009-03-08 19:55 -------- d-----w- c:\program files\Google
2010-06-04 00:45 . 2010-06-04 00:45 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-06-04 00:45 . 2010-06-04 00:45 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-06-04 00:41 . 2009-09-20 01:28 -------- d-----w- c:\program files\TaxCut05
2010-06-04 00:40 . 2010-06-04 00:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-06-04 00:37 . 2010-06-04 00:37 -------- d-----w- c:\program files\Microsoft Works
2010-06-04 00:34 . 2010-06-04 00:34 -------- d-----w- c:\program files\Lavasoft
2010-06-04 00:34 . 2010-06-04 00:18 -------- d-----w- c:\program files\Lavasoft(2)
2010-06-04 00:34 . 2009-01-27 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-04 00:34 . 2010-06-04 00:18 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}(2)
2010-06-03 23:47 . 2008-09-10 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-27 16:44 . 2010-05-27 16:44 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-05-06 10:41 . 2006-03-02 07:28 916480 ----a-w- c:\windows\system32\wininet.dll
2001-08-23 12:00 . 2001-08-23 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-03 23:56 50688 -csh--w- c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-03 23:56 1028096 -csha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2005-10-15 10:48 57344 -csh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-03 23:56 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-03 23:56 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-03 23:56 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-03 23:56 84992 -csh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-03 23:56 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2008-08-22 53248]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-09 524632]
"BtcMaestro"="c:\program files\HP USB Multimedia Keyboard\KMaestro.exe" [2007-10-23 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VTtrayp"="VTtrayp.exe" [2008-08-22 163840]
"PeachtreePrefetcher.exe"="c:\program files\Sage\Peachtree\PeachtreePrefetcher.exe" [2010-04-10 29480]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-5-18 1154848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/27/2009 7:45 PM 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1029456]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [6/6/2008 1:03 PM 435488]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\Sage\Peachtree\SmartPostingService2011.exe [4/10/2010 2:32 PM 43816]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:48]
.
.
------- Supplementary Scan -------
.
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ks3hnaf6.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 08/01/2010 at 19:34:22.


Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1\DOWNLO~1\RKILL.COM


Rkill completed on 08/01/2010 at 19:34:25.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 08/01/2010 at 19:35:42.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Administrator\My Documents\Downloads\rkill.scr


Rkill completed on 08/01/2010 at 19:35:44.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 08/01/2010 at 19:36:28.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Administrator\My Documents\Downloads\rkill.exe


Rkill completed on 08/01/2010 at 19:36:30.


c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-uhqujsox - c:\documents and settings\Betty\Local Settings\Application Data\ebbddrtsa\pdqnaqktssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-01 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-287218729-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,c9,75,95,57,4b,b6,4b,ba,58,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,c9,75,95,57,4b,b6,4b,ba,58,ef,\

[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1476)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-01 19:59:35
ComboFix-quarantined-files.txt 2010-08-02 00:59

Pre-Run: 20,008,763,392 bytes free
Post-Run: 20,095,488,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 03D01239B824953CDAF3E59891AA1DE9

bjeans
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-07-29
Gender Gender : Female
OS OS : XP
Points Points : 23308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by Crush on 2nd August 2010, 2:44 am

Hi,

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log in your reply

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Antivir Malware

Post by bjeans on 3rd August 2010, 1:31 am

I have already tried to download this software to the XP computer, and get the error messages as identified in the first message. I now cannot get on the internet with the XP computer, even though the wireless connection shows it is OK (not with IE or Firefox). I have downloaded this file to a disk here on my computer, and then tried to run it on the XP computer, but still get the same error messages.

Thanks!

bjeans
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-07-29
Gender Gender : Female
OS OS : XP
Points Points : 23308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir malware

Post by Crush on 3rd August 2010, 9:17 pm

See here:
[You must be registered and logged in to see this link.]

Do any of the workarounds work for you?

I'm currently on vacation so my replies will be slower than normal

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum