Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro - no safe mode, need FRST reading


  • This topic is locked This topic is locked
4 replies to this topic

#1 gr33d

gr33d

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 November 2013 - 06:29 PM

Good evening--I've been reading through a lot of posts, and it appears after an FRST scan some of the moderators will create a customized fixlist.txt to combat the specific problem. The Windows Home Premium 64-bit box has all the classic symptoms of Antivirus Security Pro with the added bonus of not being able to boot into safe mode. I can run the FRST tool, and I've attached the FRST.txt and Addition.txt results, but I can't read them very well.

 

Can anyone shed some light on next steps? Please let me know if you need any additional information!

 

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:30 AM

Posted 25 November 2013 - 10:54 PM

Hello gr33d,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
HKCU\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
() C:\ProgramData\ahrpDns3\ahrpDns3.exe
BHO-x32: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll No File
SearchScopes: HKCU - {F93F4163-A32E-4853-9B49-146E56F3DED6} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {4F035BC5-61C7-4CE7-BD72-2A4B0F0A0379} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C31B46F9-2E46-4513-A487-A561E66D9B89&apn_sauid=6B82324E-62FB-4897-B502-7051E05029B2
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}
2013-11-24 06:35 - 2013-11-25 18:05 - 00001668 _____ C:\Users\Owner\Desktop\Antivirus Security Pro.lnk
2013-11-24 06:35 - 2013-11-25 18:05 - 00000118 _____ C:\Users\Owner\Desktop\Antivirus Security Pro support.url
2013-11-22 06:03 - 2013-11-22 06:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-21 05:44 - 2013-11-22 06:06 - 00000000 ____D C:\ProgramData\ahrpDns3
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\ProgramData\ahrpDns3\ahrpDns3.exe -sm,
CHR HomePage: hxxp://mysearch.avg.com/?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com/?cid=&mid=4d3d49bc876d47d18b05fd6e91fb63a1-487549debec544122ffa7af036a0103a73480a33&lang=en&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp"]},"tabs":{"use_vertical_tabs"
2013-11-22 06:03 - 2013-11-22 06:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
C:\Users\Owner\AppData\Local\Temp\ose00000.exe



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Can you now boot into regular and safemode?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:30 AM

Posted 27 November 2013 - 03:20 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 gr33d

gr33d
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 30 November 2013 - 01:58 PM

Sorry for the sluggish response--I will be attempting this fix on Monday. Thanks for the fixlist. Please keep the post open until at least then.

 

Thanks in advance,

David



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:30 AM

Posted 05 December 2013 - 06:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users