Home > Antivirus Pro > Antivirus Pro 2010 Malware. Ran DDS Log.

Antivirus Pro 2010 Malware. Ran DDS Log.

It would be very wise to backup all of your data/files onto a removable drive just in case. Thanks. - Eric Back to top #6 oldman960 oldman960 Forum God Classroom Teacher 14,710 posts Posted 05 September 2009 - 02:27 PM Hi modena2904, Thanks. If you have problems create a thread in the forum, please.Don't post your log into other user's topic, create a new one. Please include a link to this thread with your request. news

Sheen. It has done this 2 time(s). Do Not copy the word CODE http://forums.whatthetech.com/Need_Help_Complete_Removal_AntiVirus_Pro_2010_t106730.html KillAll:: Collect::[4] c:\documents and settings\Katie\Local Settings\Application Data\jecuviwy.dat c:\windows\type.com c:\documents and settings\Eric\Local Settings\Application Data\kirure.dat c:\windows\xidusoveh.com c:\windows\system32\covatuhe.dat c:\windows\yqujup.com c:\windows\oqadyzi.com c:\program files\Common Files\ycefe.db c:\documents and settings\All Users\Application Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. http://www.bleepingcomputer.com/forums/t/260590/antivirus-pro-2010-malware-ran-dds-log/

Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! C:\Windows\Temp\_avast5_\unp102160609.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast!

SystemLook 30.07.11 by jpshortstuff Log created at 19:09 on 15/11/2011 by hp Administrator - Elevation successful Invalid Context: regHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems:filefind*winsrv.dll* -= EOF =- Back to top #6 JonTom JonTom Trusted Malware E: is CDROM () G: is CDROM () H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== C:\Windows\login.exe (Trojan.Downloader) -> Delete on reboot. If one is compromised, are all of them? 10 replies Howdy!

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{CE313A2C-1D74-44D0-8468-FD24A759C19F} -> Success! Back to top #5 dougv dougv Advanced Member Members 111 posts Posted 10 June 2010 - 08:07 PM oops, for some reason, it truncated my last message. A: is Removable C: is FIXED (NTFS) - 586 GiB total, 129.113 GiB free. Do not use your laptop for the time being.

Back to top #12 dougv dougv Advanced Member Members 111 posts Posted 11 June 2010 - 07:56 PM hey Blade, the system is running much better now, thanks. Do not go to any websites other than this forum or those I guide you to for downloads.You will want to print out or copy these instructions to Notepad for offline Rebooted. Please use "Reply to this topic" -button while replying.

Both providers have support forums that help with configuration related questions.Just a final reminder for you. https://forums.spybot.info/showthread.php?58277-Major-malware-problem-that-will-not-go-away HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvpc (Trojan.Agent) -> Quarantined and deleted successfully. RP1478: 10/20/2011 - Scheduled Checkpoint RP1479: 10/21/2011 12:00:01 AM - Scheduled Checkpoint RP1480: 10/22/2011 12:19:00 AM - Scheduled Checkpoint RP1481: 10/23/2011 1:05:35 AM - Scheduled Checkpoint RP1482: 10/25/2011 12:11:40 AM - Click the red Moveit!

The following corrective action will be taken in 120000 milliseconds: Restart the service. 11/11/2011 6:49:18 AM, Error: Service Control Manager [7034] - The ES lite Service for program management. navigate to this website C:\Windows\Temp\_avast5_\unp102167105.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Did you intentionally get 64 bit programs? c:\Users\hp\AppData\Local\usereventnetm\cvteventdlg.dll (IPH.Trojan.Blueinit.W7) -> Quarantined and deleted successfully.

After reboot, CF completed and displayed the log. Ask a question and give support. Follow that with update and rescan with Malwarebytes, 5. More about the author For more info, check this webpage out.

It disabled all my programs, including internet explorer and task manager. R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504] R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656] R2 BCUService;Browser Configuration Utility Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes

My housemate had a disc with a few apps on it and I got the Avast from there.

Oct 15, 2010 #13 MrSheen TS Rookie Topic Starter That's just the name of the PC that Windows 7 asked for when I installed it. All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Infected by Windows Antivirus Pro and Pc Antispyware2010 Privacy Policy Contact Us Back to Top Malwarebytes Community I check this: {mad dog}\setup_ais_eng.exe. In a very basic sense, they are used to locate webpages.

Oct 9, 2010 #3 Bobbye Helper on the Fringe Posts: 16,335 +36 Okay, that handled the Mbam entries. It is. Please use "Reply to this topic" -button while replying. http://avissoft.net/antivirus-pro/antivirus-pro-2010-i-think.php I switched it off and stopped using it.

Join 91117 other members! Please use "Reply to this topic" -button while replying. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Learn how to protect Yourself Threads will be closed if no response after 5 days.

Provided removal instructions are meant to be used in the correspondent user's case only. c:\Users\hp\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XNE302G8\file[1].exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully. Back to top #16 dougv dougv Advanced Member Members 111 posts Posted 15 June 2010 - 06:16 PM hey Blade, I erased those 2 files, uninstalled Combofix, and I'll do the Sorry if this is all a bit vague.

Next un-check Hide protected operating system files. = Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or http://www.forospyware.com/sUBs/ddsDisable any script blocker if your antivirus/antimalware has it.Then You should update and rescan with Malwarebytes, checking the line for removal. This will ensure your computer has always the latest security updates available installed on your computer. Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

It looks as though the SystemLook script did not run as planned. This seems to have fixed it. Also Internet Explorer or Google Chrome won't open.   Share this post Link to post Share on other sites Maurice Naggar    Staff Moderators 16,648 posts Location: USA Interests: Security, Windows, Copy the entries in the Codebox below> Paste in the Custom Scan box.

c:\Users\hp\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2J42BF98\file[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. Error code: [email protected] 09/10/2010 12:22:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 09/10/2010 12:21:55, We will need this log, too, so remember where you've saved it!If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to Provided removal instructions are meant to be used in the correspondent user's case only.

I didn't run the Remove option in MalwareBytes. c:\Users\hp\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully. . That may cause it to stall** **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. GMER won't run on 64bit either, as well as HijackThis.