WiredWX Hobby Weather ToolsLog in

 


descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Folks,

First of, thank you very much for what you do. Yesterday my home computer got attacked by this malware and McAfee can't catch it. I need your help, please.

I've read some threads here that give the instructions on what to download to have the malware removed. However, the antivirus system pro won't let my browser open in any other window than its own site or other sites, mostly porn.

How do I download your fix if the malware won't let me?

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Downladed malwarebytes to a CD. Just in case...

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Well talking about hih=jack this.. Seems bethforseth hijacked my thread but it's cool. It seems he was having the same problem I was.

I was able to install and run Malwarebytes. It caught the infected items but the malware never went away and didn't let me open the logs, nor connect to the web to come to this site to look for a solution. So what did I do? SYSTEM RESTORE. I hate doing that but I had no other way out.

Thanks, anyway...

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Can you try DDS?

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
What is DDS?

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
I posted the instructions like 3 posts up.

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyThe notepad

more_horiz
DDS (Ver_09-11-23.01) - NTFSx86
Run by HP_Administrator at 6:10:08.53 on Mon 11/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.461 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18Z0T\dds[1].scr

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyTemp01

more_horiz
IFEO: image file execution options
IFEO: apitrap.dll
IFEO: ASSTE.dll
IFEO: AVSTE.dll
IFEO: Cleanup.dll
IFEO: cqw32.exe
IFEO: divx.dll
IFEO: divxdec.ax
IFEO: DJSMAR00.dll
IFEO: DRMINST.dll
IFEO: enc98.EXE
IFEO: EncodeDivXExt.dll
IFEO: EncryptPatchVer.dll
IFEO: front.exe
IFEO: fullsoft.dll
IFEO: GBROWSER.DLL
IFEO: htmlmarq.ocx
IFEO: htmlmm.ocx
IFEO: install.exe
IFEO: ishscan.dll
IFEO: ISSTE.dll
IFEO: javai.dll
IFEO: jvm.dll
IFEO: jvm_g.dll
IFEO: main123w.dll
IFEO: mngreg32.exe
IFEO: msci_uno.dll
IFEO: mscoree.dll
IFEO: mscorsvr.dll
IFEO: mscorwks.dll
IFEO: msjava.dll
IFEO: mso.dll
IFEO: NAVOPTRF.dll
IFEO: NeVideoFX.dll
IFEO: NPMLIC.dll
IFEO: NSWSTE.dll
IFEO: photohse.EXE
IFEO: PMSTE.dll
IFEO: ppw32hlp.dll
IFEO: printhse.EXE
IFEO: prwin8.EXE
IFEO: ps80.EXE
IFEO: psdmt.exe
IFEO: qfinder.EXE
IFEO: qpw.EXE
IFEO: salwrap.dll
IFEO: setup.exe
IFEO: setup32.dll
IFEO: sevinst.exe
IFEO: symlcnet.dll
IFEO: tcore_ebook.dll
IFEO: TFDTCTT8.DLL
IFEO: ua80.EXE
IFEO: udtapi.dll
IFEO: ums.dll
IFEO: vb40032.dll
IFEO: vbe6.dll
IFEO: wpwin8.EXE
IFEO: xlmlEN.dll
IFEO: xwsetup.EXE
IFEO: Your Image File Name Here without a path
- ntsd -d
IFEO: _INSTPGM.EXE

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyTemp00

more_horiz
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f000000020000000400010001000000000000000000000000000000440000000100560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e0066006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065007300690067006e0065007200200037002e0030000000000088003400010043006f006d00700061006e0079004e0061006d006500000000005300650061006700610074006500200053006f00660074007700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae00450001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280063002900200031003900390031002d003100390039001000000000000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500320030002e0032002e0030002e003100300037003000000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b00200033000000230054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000200334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400f003000000000400f00300003f0000000000000004000100010000000000000000000000000000007e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a02000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000036000b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c0054007200610064000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000180334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd0300003f00000000000000040001000100000000000000000000000000000078020000010053007400720069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c00540072006100640065006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000cc060000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006b002000340000002300

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100010001000c000000010001000c00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e0066006f00000080010000010030003400300039003000340042003000000040002000010043006f006d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d006500000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002e0030003000310032000000380014000100500072006f006400750063007400560065007200730069006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f00000000000000040000000100000000000000000000000000000012020000010053007400720069006e006700460069006c00650049006e0066006f000000ee010000010030003400300039003000340062003000000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f0070006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006c00650053006f00660074002c00200049006e0063002e002000200041006c006c00200052006900670068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000000000000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000e4060000010053007400720069006e006700460069006c00650049006e0066006f00000060030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000004080000010053007400720069006e006700460069006c00650049006e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000a600410001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000180434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b002000330000002400

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f00000000000000040000000100000000000000000000000000000064020000010053007400720069006e006700460069006c00650049006e0066006f00000040020000010030003400300039003000340062003000000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f00720065006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000002c0006000100460069006c006500560065007200730069006f006e000000000038002e00300032003800000046001300010049006e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800000000000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a000000000000000000040001000100000000000000000000000000000098020000010053007400720069006e006700460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d0061006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e0000000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100000000000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll
CheckAppHelp REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f000000000000000400000001000000000000000000000000000000dc020000010053007400720069006e006700460069006c00650049006e0066006f000000b8020000010030003400300039003000340062003000000066002700010043006f006d006d0065006e0074007300000042007500730069006e00650073007300200049006e00740065006c006c006900670065006e006300650020006f006e0020004500760065007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720070006f0072006100740065006400000060001c000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f0067006e006f0073002000470065006e006500720069006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100000000000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path
Debugger REG_SZ ntsd -d
GlobalFlag REG_SZ 0x000010F0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f00000000000000010001000100000000000000000000000000000004020000010053007400720069006e006700460069006c00650049006e0066006f000000e0010000010030003400300039003000340045003400000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100460069006c0065004400650073006300720069007000740069006f006e000000000049004e005300540041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e000000300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e00300030003100000030000800010049006e007400650072006e0061006c004e0061006d006500000049004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007200690067006800740000002800000001004c006500670061006c00540072006100640065006d00610072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800000000000000

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Is this what you're taling about?

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionANTIVIRUS SYSTEM PRO. HELP, PLEASE! EmptyRe: ANTIVIRUS SYSTEM PRO. HELP, PLEASE!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum