Jump to content

AVcare PCAntispyware, uninstalls combofix, cnt run malw,


Recommended Posts

Thank you for your wonderful forum.

I have, to my knowledge AV Care and PC Antispyware fake antivirus programs installed, at least those are the icons on my desk top now. I have been scanning your forum for the past week trying to get this thing off of my PC without having to bother any one with the issue.

I have tried all the prescribed methods for trying to enable malware and combofix to run. Now combo fix uninstalls itself and when I rename the malware file it will start the scan and then disappear but when I go back to re run the scan, it gives me an access denied. Google is hijacked and I cannot open pdf files from my emails in outlook. I am certain that is just the tip of the iceberg, other programs are probably infected. Please help.

Thank you

Link to post
Share on other sites

I appreciate your help, thank you so much!!!

I install the program and get a desktop icon, double click, then a dos window appears. It does not create a report or maybe i did not let it run long enough??? It seemed like it would have just kept on going. I had to copy from the Dos screen in order to paste what is below, but it never acutually gave me a report in a txt file or anything like that, and it never really stopped, so I figured something was wrong. Infact it is still going right now, it will stop at Cannot Access: C:\windows\...... exe then it will start up again. Has been going for about 20 minutes now???

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB961373\KB961373

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB963027-IE7\KB963027-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969897-IE7\KB969897-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB970238\KB970238

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_32\GAC_32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA

P2BFC.tmp\ZAP2BFC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporar

y ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-12 07:57:42 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (

Microsoft Corporation)

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

()

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Mic

rosoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoi

nt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKU

s

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4

cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867

bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb

4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f

273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89a

c515590995374843d78\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d749

37d47b86f91637bd134\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652

da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33

978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877

b3f91e09ddc873eafd6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\82c738ec00f0f

07f8ea182bc95439593\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a30

70aa22efa6c72b3f657\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9b9c80e2f055c

e97c0f0b65924ea9f29\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b212

11a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1

418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c4ef6b3b8c831

d4c05216d73b034eec4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73e

d7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f649

80a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41

b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba57

09df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c0148109

6f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da

369070f93700f340c57\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2a

dc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\

Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\attrib.exe

[1] 2004-08-12 07:55:52 11264 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe (Mi

crosoft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\ServicePackFiles\i386\attrib.exe (Micro

soft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\system32\attrib.exe ()

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Deskt

op

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Fav

orites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\

My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHo

od

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\Pri

ntHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\cscript.exe

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe (

Microsoft Corporation)

[1] 2004-08-12 07:56:37 98304 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe (Mic

rosoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\ServicePackFiles\i386\cscript.exe (Mic

rosoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\SoftwareDistribution\Download\1201b6f7

4bae1015eceeea43baed9814\sp3gdr\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\cscript.exe ()

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\dllcache\cscript.exe (Microso

ft Corporation)

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-12 07:57:11 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Micr

osoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\system32\dumprep.exe ()

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-12 07:57:17 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (

Microsoft Corporation)

[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Mic

rosoft Corporation)

[1] 2008-04-14 05:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corpor

ation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\findstr.exe

[1] 2004-08-12 07:57:23 27136 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\ServicePackFiles\i386\findstr.exe (Micr

osoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\system32\findstr.exe ()

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\ping.exe

Link to post
Share on other sites

Thank you so much for your help. What you all do here is greatly appreciated!!!

I had to copy and past the following log. I never actually got a txt file or anything like that. The following log was from a Dos screen. I hope that is OK.

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA

P2BFC.tmp\ZAP2BFC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporar

y ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-12 07:57:42 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (

Microsoft Corporation)

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

()

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Mic

rosoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoi

nt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKU

s

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4

cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867

bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb

4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f

273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89a

c515590995374843d78\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d749

37d47b86f91637bd134\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652

da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33

978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877

b3f91e09ddc873eafd6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\82c738ec00f0f

07f8ea182bc95439593\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a30

70aa22efa6c72b3f657\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9b9c80e2f055c

e97c0f0b65924ea9f29\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b212

11a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1

418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c4ef6b3b8c831

d4c05216d73b034eec4\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73e

d7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f649

80a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41

b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba57

09df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c0148109

6f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da

369070f93700f340c57\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2a

dc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\

Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\attrib.exe

[1] 2004-08-12 07:55:52 11264 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe (Mi

crosoft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\ServicePackFiles\i386\attrib.exe (Micro

soft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\system32\attrib.exe ()

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D

ata\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Deskt

op

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Fav

orites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting

s\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\

My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHo

od

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\Pri

ntHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\cscript.exe

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe (

Microsoft Corporation)

[1] 2004-08-12 07:56:37 98304 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe (Mic

rosoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\ServicePackFiles\i386\cscript.exe (Mic

rosoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\SoftwareDistribution\Download\1201b6f7

4bae1015eceeea43baed9814\sp3gdr\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\cscript.exe ()

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\dllcache\cscript.exe (Microso

ft Corporation)

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-12 07:57:11 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Micr

osoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\system32\dumprep.exe ()

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-12 07:57:17 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (

Microsoft Corporation)

[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Mic

rosoft Corporation)

[1] 2008-04-14 05:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corpor

ation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\findstr.exe

[1] 2004-08-12 07:57:23 27136 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe (M

icrosoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\ServicePackFiles\i386\findstr.exe (Micr

osoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\system32\findstr.exe ()

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\ping.exe

[1] 2004-08-12 08:03:32 17920 C:\WINDOWS\$NtServicePackUninstall$\ping.exe (Micr

osoft Corporation)

[1] 2008-04-14 05:42:32 17920 C:\WINDOWS\ServicePackFiles\i386\ping.exe (Microso

ft Corporation)

[1] 2008-04-14 05:42:32 17920 C:\WINDOWS\system32\ping.exe ()

Cannot access: C:\WINDOWS\system32\route.exe

[1] 2004-08-12 08:04:24 19968 C:\WINDOWS\system32\dllcache\route.exe (Microsoft

Corporation)

[1] 2004-08-12 08:04:24 19968 C:\WINDOWS\system32\route.exe ()

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished! Press any key to exit...

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of Win32kDiag.

Please save this file to your Desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with Notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Win32Diag Log

Log file is located at: C:\Documents and Settings\Dell\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\$hf_mig$\KB952004\KB952004

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB952004\KB952004

Found mount point : C:\WINDOWS\$hf_mig$\KB953838\KB953838

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB953838\KB953838

Found mount point : C:\WINDOWS\$hf_mig$\KB958690\KB958690

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB958690\KB958690

Found mount point : C:\WINDOWS\$hf_mig$\KB959426\KB959426

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB959426\KB959426

Found mount point : C:\WINDOWS\$hf_mig$\KB960225\KB960225

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960225\KB960225

Found mount point : C:\WINDOWS\$hf_mig$\KB960803\KB960803

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960803\KB960803

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Found mount point : C:\WINDOWS\$hf_mig$\KB961371\KB961371

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961371\KB961371

Found mount point : C:\WINDOWS\$hf_mig$\KB961371-v2\KB961371-v2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961371-v2\KB961371-v2

Found mount point : C:\WINDOWS\$hf_mig$\KB961373\KB961373

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961373\KB961373

Found mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Found mount point : C:\WINDOWS\$hf_mig$\KB963027-IE7\KB963027-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB963027-IE7\KB963027-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Found mount point : C:\WINDOWS\$hf_mig$\KB969897-IE7\KB969897-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB969897-IE7\KB969897-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB970238\KB970238

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB970238\KB970238

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Found mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\GAC_32\GAC_32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\GAC_32\GAC_32

Found mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BFC.tmp\ZAP2BFC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BFC.tmp\ZAP2BFC.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-12 07:57:42 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d74937d47b86f91637bd134\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5457b20e4d74937d47b86f91637bd134\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9b9c80e2f055ce97c0f0b65924ea9f29\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9b9c80e2f055ce97c0f0b65924ea9f29\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c4ef6b3b8c831d4c05216d73b034eec4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c4ef6b3b8c831d4c05216d73b034eec4\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Cannot access: C:\WINDOWS\system32\attrib.exe

Attempting to restore permissions of : C:\WINDOWS\system32\attrib.exe

[1] 2004-08-12 07:55:52 11264 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\ServicePackFiles\i386\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:14 12288 C:\WINDOWS\system32\attrib.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Cannot access: C:\WINDOWS\system32\cscript.exe

Attempting to restore permissions of : C:\WINDOWS\system32\cscript.exe

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe (Microsoft Corporation)

[1] 2004-08-12 07:56:37 98304 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:16 139264 C:\WINDOWS\ServicePackFiles\i386\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\sp3gdr\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 03:07:23 135168 C:\WINDOWS\system32\dllcache\cscript.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-12 07:57:11 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:20 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-12 07:57:17 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Cannot access: C:\WINDOWS\system32\findstr.exe

Attempting to restore permissions of : C:\WINDOWS\system32\findstr.exe

[1] 2004-08-12 07:57:23 27136 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\ServicePackFiles\i386\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:22 27136 C:\WINDOWS\system32\findstr.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Cannot access: C:\WINDOWS\system32\ping.exe

Attempting to restore permissions of : C:\WINDOWS\system32\ping.exe

[1] 2004-08-12 08:03:32 17920 C:\WINDOWS\$NtServicePackUninstall$\ping.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:32 17920 C:\WINDOWS\ServicePackFiles\i386\ping.exe (Microsoft Corporation)

[1] 2008-04-14 05:42:32 17920 C:\WINDOWS\system32\ping.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\route.exe

Attempting to restore permissions of : C:\WINDOWS\system32\route.exe

[1] 2004-08-12 08:04:24 19968 C:\WINDOWS\system32\dllcache\route.exe (Microsoft Corporation)

[1] 2004-08-12 08:04:24 19968 C:\WINDOWS\system32\route.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Link to post
Share on other sites

Combofix Log

ComboFix 09-08-27.02 - Dell 08/27/2009 14:21.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.341 [GMT -6:00]

Running from: c:\documents and settings\Dell\Desktop\Combo-pix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\djos.exe

c:\documents and settings\All Users\Application Data\ekaxomobot.dll

c:\documents and settings\All Users\Application Data\ekilaqaq.pif

c:\documents and settings\All Users\Application Data\fodosul.dll

c:\documents and settings\All Users\Documents\dywybanil.exe

c:\documents and settings\All Users\Documents\faky.reg

c:\documents and settings\All Users\Documents\icogew.dll

c:\documents and settings\All Users\Documents\owuqacisi._dl

c:\documents and settings\Dell\Application Data\eninan.lib

c:\documents and settings\Dell\Application Data\foxetik._sy

c:\documents and settings\Dell\Application Data\labim._dl

c:\documents and settings\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk

c:\documents and settings\Dell\Application Data\mutezasym.com

c:\documents and settings\Dell\Application Data\ohyrihoh.lib

c:\documents and settings\Dell\Application Data\tibakuze.reg

c:\documents and settings\Dell\Application Data\vajyjyt.dl

c:\documents and settings\Dell\Application Data\wazarehala.dll

c:\documents and settings\Dell\Application Data\wiaserva.log

c:\documents and settings\Dell\Application Data\ykemaci.vbs

c:\documents and settings\Dell\Desktop\PC_Antispyware2010.lnk

c:\documents and settings\Dell\Local Settings\Application Data\avabawi.exe

c:\documents and settings\Dell\Local Settings\Application Data\efojob.reg

c:\documents and settings\Dell\Local Settings\Application Data\etipu.dll

c:\documents and settings\Dell\Local Settings\Application Data\fegemaxufe.sys

c:\documents and settings\Dell\Local Settings\Application Data\goquc.inf

c:\documents and settings\Dell\Local Settings\Application Data\nidov.scr

c:\documents and settings\Dell\Local Settings\Application Data\ykis.ban

c:\documents and settings\Dell\Local Settings\Application Data\yvonykaniq.bat

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\dobyk.bat

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\fydocy.com

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\igor.scr

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\ivepa.dat

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\rihile.lib

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\uluheqiwi.exe

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\vezeqytuf.com

c:\documents and settings\Dell\Local Settings\Temporary Internet Files\xejypemo.sys

c:\documents and settings\Dell\Start Menu\Programs\PC_Antispyware2010

c:\documents and settings\Dell\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk

c:\documents and settings\Dell\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk

c:\program files\Common Files\dovo.ban

c:\program files\Common Files\eraxuleza.exe

c:\program files\Common Files\gegimunilo.exe

c:\program files\Common Files\isiw.pif

c:\program files\Common Files\niwelymybe.reg

c:\program files\PC_Antispyware2010

c:\program files\PC_Antispyware2010\AVEngn.dll

c:\program files\PC_Antispyware2010\data\daily.cvd

c:\program files\PC_Antispyware2010\htmlayout.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg

c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

c:\program files\PC_Antispyware2010\pthreadVC2.dll

c:\program files\PC_Antispyware2010\Uninstall.exe

c:\program files\PC_Antispyware2010\wscui.cpl

c:\windows\apyfuv.reg

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\elicoze.ban

c:\windows\evyr.bat

c:\windows\Installer\19d08cfd.msi

c:\windows\jiwa._dl

c:\windows\liwy._dl

c:\windows\maquqyzuqo.ban

c:\windows\msa.exe

c:\windows\ruriky.inf

c:\windows\system32\_scui.cpl

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\cyxobunym.ban

c:\windows\system32\dano.bat

c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\UACodlpjwrpkh.sys

c:\windows\system32\jypu.bat

c:\windows\system32\obedica.vbs

c:\windows\system32\UACacxylahnwn.dll

c:\windows\system32\UAChputyhxvcu.db

c:\windows\system32\uacinit.dll

c:\windows\system32\UACknoyumgcml.dll

c:\windows\system32\UACrjpeufoqel.dat

c:\windows\system32\UACtkerqcseey.dll

c:\windows\system32\UACtkxkdqxnwn.dll

c:\windows\system32\wisdstr.exe

c:\windows\system32\ycavykul.ban

c:\windows\zikapowe._dl

C:\yihw.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))

.

2009-08-26 15:33 . 2009-08-26 15:33 15062 ----a-w- c:\windows\pynekijy.dat

2009-08-21 21:06 . 2009-08-21 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-08-20 20:50 . 2009-08-20 20:50 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes

2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-20 17:55 . 2009-08-21 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 21:09 . 2009-08-19 21:09 14545 ----a-w- c:\windows\system32\huqo.com

2009-08-19 21:09 . 2009-08-19 21:09 10591 ----a-w- c:\program files\Common Files\hajega.dat

2009-08-19 20:00 . 2009-08-19 20:00 -------- d-----w- c:\documents and settings\Dell\Application Data\Logs

2009-08-19 19:51 . 2009-08-19 19:56 -------- d-----w- c:\program files\AV Care

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 19:33 . 2008-10-11 04:36 -------- d-----w- c:\program files\Eset

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\program files\NOS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

"AV Care"="c:\program files\AV Care\AvCare.exe" [2009-08-11 1765376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-21 949376]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Dell\Start Menu\Programs\Startup\

dmaupd32.exe [2008-4-14 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10/10/2008 10:37 PM 15424]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 14:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)

c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3832)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Eset\nod32krn.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-27 14:37 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-27 20:37

Pre-Run: 32,990,027,776 bytes free

Post-Run: 33,491,791,872 bytes free

211 --- E O F --- 2009-02-21 19:51

Link to post
Share on other sites

  • Staff

Hi,

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select No.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=22603
Collect::
c:\windows\pynekijy.dat
c:\windows\system32\huqo.com
c:\program files\Common Files\hajega.dat

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

-screen317

Link to post
Share on other sites

Thank you for your continued help.

ComboFix 09-08-27.A3 - Dell 08/28/2009 12:23.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.275 [GMT -6:00]

Running from: c:\documents and settings\Dell\Desktop\Combo-pix.exe

Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\program files\Common Files\hajega.dat

file zipped: c:\windows\pynekijy.dat

file zipped: c:\windows\system32\huqo.com

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\hajega.dat

c:\windows\pynekijy.dat

c:\windows\system32\huqo.com

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

2009-08-21 21:06 . 2009-08-21 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-08-20 20:50 . 2009-08-20 20:50 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes

2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-20 17:55 . 2009-08-21 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 20:00 . 2009-08-19 20:00 -------- d-----w- c:\documents and settings\Dell\Application Data\Logs

2009-08-19 19:51 . 2009-08-19 19:56 -------- d-----w- c:\program files\AV Care

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 19:33 . 2008-10-11 04:36 -------- d-----w- c:\program files\Eset

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\program files\NOS

.

((((((((((((((((((((((((((((( SnapShot@2009-08-27_20.33.54 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

"AV Care"="c:\program files\AV Care\AvCare.exe" [2009-08-11 1765376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-21 949376]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Dell\Start Menu\Programs\Startup\

dmaupd32.exe [2008-4-14 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10/10/2008 10:37 PM 15424]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-28 12:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)

c:\windows\system32\imon.dll

.

Completion time: 2009-08-28 12:29

ComboFix-quarantined-files.txt 2009-08-28 18:29

ComboFix2.txt 2009-08-27 20:37

Pre-Run: 33,415,491,584 bytes free

Post-Run: 33,367,556,096 bytes free

105 --- E O F --- 2009-02-21 19:51

Upload was successful

Link to post
Share on other sites

  • Staff

Hi,

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Again, I can't thank you or malwarebytes enough for your assistance and knowledge in this forum.

I have a quick question. I supposedly have a pretty good anti-virus program installed on my computer??? What is the use of programs such as Norton, McAfee, AVG, etc... if they can't stop or clean viruses such as the ones we see on this forum? It seems like the individuals who program these viruses are one step ahead of legitimate antivirus software?

I will continue to your instructions and post the results on my next reply, just wanted to know your thoughts on the subject.

Thank you

Link to post
Share on other sites

F-Secure Online Scan

Scanning Report

Tuesday, September 1, 2009 10:22:43 - 15:22:10

Computer name: DELL-A76DBADE2B

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

27 malware found

TrackingCookie.Questionmarket (spyware)

  • System (Disinfected)

TrackingCookie.2o7 (spyware)

  • System (Disinfected)

TrackingCookie.Advertising (spyware)

  • System (Disinfected)

TrackingCookie.Atdmt (spyware)

  • System (Disinfected)

Rogue:W32/AVCare (spyware)

  • System (Disinfected)

TrackingCookie.Adtech (spyware)

  • System (Disinfected)

TrackingCookie.Doubleclick (spyware)

  • System (Disinfected)

TrackingCookie.Revsci (spyware)

  • System (Disinfected)

TrackingCookie.Zanox (spyware)

  • System (Disinfected)

TrackingCookie.Adbrite (spyware)

  • System (Disinfected)

TrackingCookie.Webtrends (spyware)

  • System (Disinfected)

TrackingCookie.Mediaplex (spyware)

  • System (Disinfected)

Trojan-Downloader:W32/FraudLoad.FJ (spyware)

  • System (Disinfected)

TrackingCookie.Statcounter (spyware)

  • System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

  • System (Disinfected)

Rootkit.TDss.AA (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028641.SYS (Renamed & Submitted)

Trojan.TDss.WB (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028643.DLL (Renamed & Submitted)

Trojan.TDss.WT (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028645.DLL (Renamed)

Trojan:W32/Agent.LOO (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028668.EXE (Renamed & Submitted)

Gen:Trojan.Heur.Jq2@vrYBcmgix (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028698.EXE (Renamed & Submitted)

Trojan.Downloader.FakeAlert.CF (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028700.EXE (Renamed & Submitted)

Trojan-Downloader:W32/Renos.gen!C (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028706.EXE (Renamed & Submitted)

Trojan.Downloader.LoadAdv.ACG (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028716.EXE (Renamed & Submitted)

Trojan.Dropper.Kobcka.Gen.1 (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028718.DLL (Renamed & Submitted)

Gen:Trojan.Heur.lq2@vDidpxkix (virus)

  • C:\SYSTEM VOLUME INFORMATION\_RESTORE{CEE7840D-1F46-4ACD-ADFE-FC6F53DF2DC1}\RP253\A0028715.EXE (Renamed & Submitted)

Trojan-Downloader:W32/FraudLoad.FJ (virus)

  • C:\PROGRAM FILES\AV CARE\PP.EXE (Not cleaned)

Rogue:W32/AVCare.A (virus)

  • C:\PROGRAM FILES\AV CARE\AVCARE.EXE (Not cleaned)

Statistics

Scanned:

  • Files: 29753
  • System: 2629
  • Not scanned: 11

Actions:

  • Disinfected: 15
  • Renamed: 10
  • Deleted: 0
  • Not cleaned: 2
  • Submitted: 9

Files not scanned:

  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
  • C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
  • C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\KILLTHIS.EXE
  • C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\PTFIX.EXE.EXE
  • C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\PL.EXE.EXE

Options

Scanning engines: Scanning options:

  • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
  • Use advanced heuristics

  • Copyright
Link to post
Share on other sites

SecurityCheck.exe checkup.txt

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

NOD32 antivirus system

NOD32 antivirus system

``````````````````````````````

Anti-malware/Other Utilities Check:

Windows Defender

Java 6 Update 7

Out of date Java installed!

Adobe Reader 9

``````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MsMpEng.exe is disabled!

Eset nod32krn.exe

Eset nod32kui.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

  • Staff
I have a quick question. I supposedly have a pretty good anti-virus program installed on my computer??? What is the use of programs such as Norton, McAfee, AVG, etc... if they can't stop or clean viruses such as the ones we see on this forum? It seems like the individuals who program these viruses are one step ahead of legitimate antivirus software?
An interesting question and one we've been asking for years. Yes the criminals have been ahead of us-- they have money and political sway in countries with corrupt governments.

Which is why MBAM was developed; we're trying to take a proactive approach here.

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Delete this folder if it exists:

C:\PROGRAM FILES\AV CARE

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java™ 6 Update 7

Restart your computer.

Get the latest version of Java.

Restart your computer and let me know what issues remain.

-screen317

Link to post
Share on other sites

When I tried to unstill Java 6 update 7 i got an error message saying "Error applying transforms. Verify that the specified transform paths are valid."

I also deleted the program file for av care but av care is still listed in the add and remove programs list where the java 6 update 7 is located. Should I try to uninstall there also??

Thank you,

Link to post
Share on other sites

  • Staff

Hi,

Please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Restart your computer.

Download this Registry Search by Bobbi Flekman, save it, and extract regsearch.exe to the Desktop. You will use it in a moment.

Doubleclick regsearch.exe to start it. In the top window, enter AV CARE as the search string on the first line. Make sure all the option boxes are checked, and click "Ok". Notepad will be opened with text in it (the file will be saved to the Desktop as well as RegSearch.txt). Post this text in your next reply.

-screen317

Link to post
Share on other sites

I hope you had a great weekend.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Sep 08 08:44:38 2009

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

Link to post
Share on other sites

  • Staff

Hi,

Uninstall AV Care from Add or Remove Programs.

After that, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Folder::

C:\Program Files\AV Care

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\AV Care]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AV Care]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Care]

[-HKEY_USERS\S-1-5-21-1606980848-113007714-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AV Care]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

See if you can install Java now.

-screen317

Link to post
Share on other sites

ComboFix 09-09-08.09 - Dell 09/09/2009 10:53.3.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.199 [GMT -6:00]

Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))

.

2009-09-03 21:20 . 2009-09-03 21:20 -------- d-----w- c:\windows\Installer

2009-09-03 21:18 . 2009-09-03 21:18 -------- d-----w- C:\Combo-pix

2009-09-01 16:22 . 2009-09-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-08-21 21:06 . 2009-08-21 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-08-20 20:50 . 2009-08-20 20:50 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes

2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-20 17:55 . 2009-08-21 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 20:00 . 2009-08-19 20:00 -------- d-----w- c:\documents and settings\Dell\Application Data\Logs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 19:33 . 2008-10-11 04:36 -------- d-----w- c:\program files\Eset

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-07-30 20:00 . 2008-10-11 04:25 -------- d-----w- c:\program files\NOS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-21 949376]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Dell\Start Menu\Programs\Startup\

dmaupd32.exe [2008-4-14 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10/10/2008 10:37 PM 15424]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-09 11:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Dell\LOCALS~1\Temp\Perflib_Perfdata_888.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)

c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3732)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-09 11:03

ComboFix-quarantined-files.txt 2009-09-09 17:03

ComboFix2.txt 2009-08-28 18:32

Pre-Run: 33,537,052,672 bytes free

Post-Run: 33,712,447,488 bytes free

97 --- E O F --- 2009-02-21 19:51

Link to post
Share on other sites

From the Start Menu >>> All Programs.... Some of the program incons are the small white box, blue header with the 3 dots. They seem to be functioning just fine though?

Same thing happens for attachements on emails, or if I try to attach a document, the incons for the programs don't seem to want to appear. They all have the small box with colors but seem to function ok.

Java 6 update 16 is in my add/remove program list but no icon in the bottom right by the time box?

Thank you for your continued help.

Link to post
Share on other sites

  • Staff

Could you take a screenshot of All Programs so I can see what it looks like?

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
Your antivirus is out of date. Did it expire?? If so, let me know and I can set you up with a great free antivirus.
Java 6 update 16 is in my add/remove program list but no icon in the bottom right by the time box?
There should only be a Java icon in the taskbar when a Java application is running.

-screen317

Link to post
Share on other sites

  • 2 weeks later...

Sorry, I have been away for a while. I don't really know how to take a screen shot. The programs function but the icons are as if the computure doesn't know what the program are.

I would very much like you to give me some suggestions for a good antivirus program. Can I delete the outdated one? It did not do much to help me anyway.

Thank you,

Link to post
Share on other sites

  • Staff
I would very much like you to give me some suggestions for a good antivirus program. Can I delete the outdated one? It did not do much to help me anyway.
Yes, uninstall the outdated one.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!

AntiVir

AVG

Let me know when you finish that and we'll take it from there.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.