Author Topic: Virus disabling all security, scans, please help!! (Read 4149 times)

Leaf · « **on:** November 02, 2011, 05:10:43 PM »

Hi there. My Avira auto guard has switched itself off and is unable to get back on. I try to scan with it but I receive multiple error messages.

I thought maybe uninstall-reinstall but then it turns out the latest version isn't compatible with my system so I downloaded Avast instead. The same thing has happened with it, it's auto guard has shut and won't open and it won't scan properly.

TrendMicro house doctor won't open. The only thing that works is SpyBot which got rid of a trojan but it hasn't really improved my situation.

Even HijackThis won't work so I can't even post one of them. And to make matters harder I have a search engine redirect virus, too.

I'm utterly clueless. Please can someone help me!

Edit - also in task manager 'svchost.exe' has ridiculously high mem usage (over 300k)

Dr Jay · « **Reply #1 on:** November 03, 2011, 06:06:34 AM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Leaf · « **Reply #2 on:** November 03, 2011, 08:00:51 AM »

Thanks a lot for the reply, DragonMaster Jay.

Here's the log:

ComboFix 11-11-03.01 - UserXP 11/03/2011 13:36:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1012.756 [GMT 0:00]
Running from: c:\documents and settings\UserXP\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\92764206.ini
c:\documents and settings\UserXP\Application Data\PriceGong
c:\documents and settings\UserXP\Application Data\PriceGong\Data\1.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\a.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\b.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\c.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\d.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\e.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\f.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\g.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\h.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\i.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\J.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\k.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\l.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\m.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\n.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\o.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\p.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\q.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\r.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\s.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\t.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\u.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\v.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\w.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\x.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\y.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\z.xml
c:\documents and settings\UserXP\Start Menu\Programs\1964.lnk
c:\windows\$NtUninstallKB6897$\1168079883
c:\windows\$NtUninstallKB6897$\257550935\@
c:\windows\$NtUninstallKB6897$\257550935\L\loipyrpm
c:\windows\$NtUninstallKB6897$\257550935\loader.tlb
c:\windows\$NtUninstallKB6897$\257550935\U\@00000001
c:\windows\$NtUninstallKB6897$\257550935\U\@000000c0
c:\windows\$NtUninstallKB6897$\257550935\U\@000000cb
c:\windows\$NtUninstallKB6897$\257550935\U\@000000cf
c:\windows\$NtUninstallKB6897$\257550935\U\@80000000
c:\windows\$NtUninstallKB6897$\257550935\U\@800000c0
c:\windows\$NtUninstallKB6897$\257550935\U\@800000cb
c:\windows\$NtUninstallKB6897$\257550935\U\@800000cf
c:\windows\1474976015
c:\windows\system32\
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\lowsec
c:\windows\system32\UACkylvjkibeftbmppqb.db
c:\windows\$NtUninstallKB6897$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCMSTUB
-------\Legacy_UACd.sys
-------\Service_f59ea57
-------\Service_UACd.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 11:18 . 2011-11-03 11:18   102400   ----a-w-   c:\windows\RegBootClean.exe
2011-11-03 11:18 . 2011-11-03 11:18   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-11-03 11:07 . 2011-06-21 04:09   200976   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-02 23:31 . 2011-11-02 23:37   --------   d-----w-   C:\ea3a44c8c715befe6d44a5
2011-11-02 23:29 . 2011-11-02 23:29   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\windows\system32\XPSViewer
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\program files\MSBuild
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\program files\Reference Assemblies
2011-11-02 23:27 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-02 23:27 . 2008-07-06 12:06   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-02 23:27 . 2008-07-06 12:06   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-02 23:27 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2011-11-02 23:27 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2011-11-02 23:27 . 2008-07-06 10:50   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-02 23:27 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-02 23:27 . 2011-11-02 23:28   --------   d-----w-   C:\e0e0ec9797bb6e1d6c
2011-11-02 23:27 . 2008-07-06 12:06   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2011-11-02 23:27 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2011-11-02 23:18 . 2011-11-03 10:46   --------   d-----w-   C:\dd6e76892436c82b6336baa1b437
2011-11-02 22:49 . 2011-11-03 13:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-02 22:49 . 2011-11-02 22:49   --------   d-----w-   c:\program files\AVAST Software
2011-11-02 22:26 . 2011-11-02 22:26   --------   d-----w-   c:\windows\system32\KB905474
2011-11-02 22:24 . 2011-11-02 22:24   --------   d-----w-   c:\program files\MSXML 6.0
2011-11-02 22:14 . 2011-11-02 22:14   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-02 22:11 . 2011-11-02 22:11   --------   d-----w-   c:\program files\MSXML 4.0
2011-11-02 22:09 . 2011-11-02 22:24   --------   d-----w-   c:\windows\system32\CatRoot_bak
2011-11-02 21:59 . 2008-06-13 13:10   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2011-11-02 21:59 . 2010-05-06 10:41   599040   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2011-11-02 21:59 . 2010-05-06 10:41   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-02 21:59 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-11-02 21:58 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe
2011-11-02 21:58 . 2009-10-23 14:27   3555328   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2011-11-02 21:58 . 2008-08-14 09:51   138368   -c----w-   c:\windows\system32\dllcache\afd.sys
2011-11-02 21:58 . 2009-12-31 16:14   352640   -c----w-   c:\windows\system32\dllcache\srv.sys
2011-11-02 21:58 . 2008-05-01 14:30   331776   -c----w-   c:\windows\system32\dllcache\msadce.dll
2011-11-02 21:57 . 2009-06-21 22:04   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2011-11-02 21:56 . 2010-02-24 12:31   454016   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-11-02 21:56 . 2010-06-14 14:30   743936   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-11-02 21:53 . 2009-06-05 07:42   655872   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2011-11-02 21:53 . 2009-11-21 16:36   470528   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2011-11-02 21:50 . 2008-10-15 16:57   332800   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2011-11-02 21:49 . 2009-07-31 04:57   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2011-11-02 21:49 . 2008-04-21 10:02   215552   -c----w-   c:\windows\system32\dllcache\wordpad.exe
2011-10-30 12:11 . 2011-11-03 10:05   --------   d-sh--w-   c:\documents and settings\UserXP\Local Settings\Application Data\0f59ea57
2011-10-30 10:01 . 2011-11-02 07:54   --------   d-----w-   c:\documents and settings\UserXP\Application Data\MediaWmplay
2011-10-09 16:01 . 2011-11-02 20:44   --------   d-----w-   c:\documents and settings\UserXP\Application Data\Umovu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 13:54 . 2011-04-10 17:00   218688   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-03 11:18 . 2011-04-05 19:21   20992   ----a-w-   c:\windows\system32\libusbd-nt.exe
2011-10-16 09:31 . 2011-05-26 10:07   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 21:44 . 2011-04-05 17:43   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51   3911776   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51   3911776   ----a-w-   c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKLM\~\startupfolder\C:^Documents and Settings^UserXP^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43   69632   ----a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40   53248   ------w-   c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-12 20:27   133104   ----atw-   c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 07:00   166424   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 07:00   141848   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 07:00   137752   ----a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35   94208   ----a-w-   c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 06:39   16862720   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 21:49   148888   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 01:32   1044480   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/10/2011 5:00 PM 218688]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/5/2011 7:02 PM 33792]
S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [8/29/2009 8:49 AM 241792]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys --> c:\windows\system32\Drivers\cam1690.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/14/2010 12:59 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/14/2010 12:59 PM 8456]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/12/2009 10:06 PM 96856]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;\??\c:\program files\MAGIX\Samplitude_10_SE\mxasio.sys --> c:\program files\MAGIX\Samplitude_10_SE\mxasio.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-02 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\UserXP\Application Data\Mozilla\Firefox\Profiles\kklodkg8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-{A78E3A29-141E-D17E-F14A-470BBB3C36AD} - c:\documents and settings\UserXP\Application Data\Nymekos\atrycoe.exe
AddRemove-LibUSB-Win32_is1 - c:\documents and settings\UserXP\Desktop\LibUSB-Win32-0.1.10.1\unins000.exe
AddRemove-My ScreenCam - c:\progra~1\MYSCRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 13:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\libusbd-nt.exe
.
**************************************************************************
.
Completion time: 2011-11-03 13:59:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-03 13:59
.
Pre-Run: 80,291,270,656 bytes free
Post-Run: 83,088,691,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 89C837FA33A397959261353CF4BB002D

Dr Jay · « **Reply #3 on:** November 04, 2011, 12:14:34 PM »

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Computer Hope Forum

News:

Author Topic: Virus disabling all security, scans, please help!! (Read 4149 times)

Leaf

Virus disabling all security, scans, please help!!

Dr Jay

Re: Virus disabling all security, scans, please help!!

Leaf

Re: Virus disabling all security, scans, please help!!

Dr Jay

Re: Virus disabling all security, scans, please help!!