Jump to content

protection system - can't run malwarebytes, spybot, hjt


Lechnek

Recommended Posts

I have been impressed with the responsiveness and thoroughness of these posts. I hope you can help me as well.

I have a virus/malware called "Protection System". It prevents running malware bytes, spybot s&d, hjt. I can run adaware and mcafee, but they do not fix the problem. I followed manual instructions for removal (stop the process, unregister dlls, delete files and registry entries). As soon as I do that, I can no longer access the internet. I then run the command form a command prompt (netsh winsock reset). This re-established internet connectivity. I thought my problem was solved, but as soon as connectivity is back, "Protection System" comes right back, so something must still be on here to re-install once internet is restored.

I had hoped to post a hjt log, but that won't run either. I do notice when I try to run hjt, malwarebytes, or sbybot, they show up in the running processes, but the application never starts.

Any help or guidence would be greatly appreciated.

I am in the US eastern time zone and will be out of town all day tomorrow (Sat. the 19th). I will check back as soon as I can later tonight, or first thing on Sunday.

Thanks in advance.

Link to post
Share on other sites

Thanks. I tried several times to run in normal mode, but the system would either lockup or even one time rebooted after about 20-30 minutes. I ran in safe mode and here is the log from that, I hope this helps:

Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-26 00:39:42 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll ()

[1] 2004-08-04 03:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 215040 C:\WINDOWS\$NtUninstallKB902400_0$\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 226304 C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-26 00:39:43 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 582656 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll ()

[1] 2004-08-04 03:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 582656 C:\WINDOWS\$NtUninstallKB902400_0$\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 625664 C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-26 00:39:43 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll ()

[1] 2004-08-04 03:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 100864 C:\WINDOWS\$NtUninstallKB902400_0$\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 110592 C:\WINDOWS\system32\clbcatex.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-26 00:39:43 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll ()

[1] 2004-08-04 03:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 468480 C:\WINDOWS\$NtUninstallKB902400_0$\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 498688 C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-26 00:39:43 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll ()

[1] 2004-08-04 03:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 56832 C:\WINDOWS\$NtUninstallKB902400_0$\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 60416 C:\WINDOWS\system32\colbact.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-26 00:39:44 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll ()

[1] 2004-08-04 03:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 186880 C:\WINDOWS\$NtUninstallKB902400_0$\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 195072 C:\WINDOWS\system32\Com\comadmin.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 03:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe ()

[1] 2008-04-13 20:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:15 9728 C:\WINDOWS\system32\Com\comrepl.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-26 00:39:44 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 1172992 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll ()

[1] 2004-08-04 03:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 1172992 C:\WINDOWS\$NtUninstallKB902400_0$\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 1267200 C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-26 00:39:45 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll ()

[1] 2004-08-04 03:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 495616 C:\WINDOWS\$NtUninstallKB902400_0$\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 539648 C:\WINDOWS\system32\comuid.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:06:43 253952 C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 225280 C:\WINDOWS\$NtUninstallKB828741$\es.dll ()

[1] 2004-08-04 03:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 225280 C:\WINDOWS\$NtUninstallKB902400_0$\es.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$NtUninstallKB950974_0$\es.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\system32\dllcache\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\system32\es.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

[1] 2005-07-25 19:46:57 7680 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\migregdb.exe (Microsoft Corporation)

[1] 2005-07-25 19:42:35 8704 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 6656 C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe ()

[1] 2002-08-29 08:00:00 6656 C:\WINDOWS\$NtUninstallKB902400_0$\migregdb.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:25 7680 C:\WINDOWS\ServicePackFiles\i386\migregdb.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-26 00:39:46 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 426496 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 359936 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll ()

[1] 2004-08-04 03:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 359936 C:\WINDOWS\$NtUninstallKB913580_0$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 428032 C:\WINDOWS\system32\dllcache\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 428032 C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-26 00:39:47 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 956416 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll ()

[1] 2004-08-04 03:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 869376 C:\WINDOWS\$NtUninstallKB913580_0$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 956928 C:\WINDOWS\system32\dllcache\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 956928 C:\WINDOWS\system32\msdtctm.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-26 00:39:47 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 161280 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll ()

[1] 2004-08-04 03:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 151040 C:\WINDOWS\$NtUninstallKB913580_0$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 161792 C:\WINDOWS\system32\dllcache\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 161792 C:\WINDOWS\system32\msdtcuiu.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-26 00:39:47 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll ()

[1] 2004-08-04 03:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 61440 C:\WINDOWS\$NtUninstallKB913580_0$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 66560 C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-26 00:39:47 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 91136 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll ()

[1] 2004-08-04 03:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 83968 C:\WINDOWS\$NtUninstallKB913580_0$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 91648 C:\WINDOWS\system32\dllcache\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 91648 C:\WINDOWS\system32\mtxoci.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-01-14 01:07:42 1284608 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 15:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:48 1285120 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:12 1120256 C:\WINDOWS\$NtUninstallKB824146$\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:43 1172992 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll ()

[1] 2004-08-04 03:56:44 1281536 C:\WINDOWS\$NtUninstallKB873333$\ole32.dll (Microsoft Corporation)

[1] 2005-01-14 04:55:50 1285120 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 1281536 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:43 1172992 C:\WINDOWS\$NtUninstallKB902400_0$\ole32.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:12 1120256 C:\WINDOWS\I386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:02 1287168 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2007-07-09 09:16:16 582656 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 581120 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 504320 C:\WINDOWS\$NtUninstallKB824146$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:45 532480 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll ()

[1] 2003-08-25 21:53:45 532480 C:\WINDOWS\$NtUninstallKB902400_0$\rpcrt4.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 504320 C:\WINDOWS\I386\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 584704 C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-01-14 01:07:42 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 15:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 397824 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 06:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 397824 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 202752 C:\WINDOWS\$NtUninstallKB824146$\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:40 260608 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll ()

[1] 2004-08-04 03:56:44 395776 C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll (Microsoft Corporation)

[1] 2005-01-14 04:55:50 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:40 260608 C:\WINDOWS\$NtUninstallKB902400_0$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 202752 C:\WINDOWS\I386\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:48 401408 C:\WINDOWS\system32\dllcache\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:48 401408 C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-26 00:39:49 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll ()

[1] 2004-08-04 03:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 90624 C:\WINDOWS\$NtUninstallKB902400_0$\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:07 101376 C:\WINDOWS\system32\txflog.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 03:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll ()

[1] 2008-04-13 20:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 03:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2002-08-29 08:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2008-04-13 20:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-13 20:12:45 265728 C:\WINDOWS\system32\h323.tsp ()

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 03:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll ()

[1] 2008-04-13 20:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:54 614912 C:\WINDOWS\system32\h323msp.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

[1] 2004-08-04 03:56:49 768512 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 742400 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe ()

[1] 2008-04-13 20:12:21 769024 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 769024 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 03:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 435200 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll ()

[1] 2008-04-13 20:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:55 331264 C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 08:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 05:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 06:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 671744 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll ()

[1] 2004-08-04 03:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 671744 C:\WINDOWS\$NtUninstallKB885835_0$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 08:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:49 729088 C:\WINDOWS\system32\dllcache\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:49 729088 C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2004-08-04 03:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-13 20:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:58 57344 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 03:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 968192 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll ()

[1] 2008-04-13 20:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 997376 C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 03:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll ()

[1] 2008-04-13 20:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$hf_mig$\KB921883\SP2GDR\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 08:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:53:28 339456 C:\WINDOWS\$hf_mig$\KB958644\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\$hf_mig$\KB958644\SP3GDR\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 309248 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll ()

[1] 2004-08-04 03:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 309248 C:\WINDOWS\$NtUninstallKB921883_0$\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 337408 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 08:28:27 332288 C:\WINDOWS\$NtUninstallKB958644_0$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 337408 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\system32\dllcache\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 03:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll ()

[1] 2008-04-13 20:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2002-08-29 08:00:00 548864 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll ()

[1] 2008-04-13 20:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 16:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 144896 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 136704 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll ()

[1] 2004-08-04 03:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:54:55 144896 C:\WINDOWS\system32\dllcache\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:54:55 144896 C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll

[1] 2004-08-04 03:56:36 2897920 C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 20:27:38 526848 C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll ()

[1] 2003-03-06 20:27:38 526848 C:\WINDOWS\$NtUninstallKB908531_0$\xpsp2res.dll (Microsoft Corporation)

[1] 2006-03-21 21:28:49 594944 C:\WINDOWS\$NtUninstallKB923191_0$\xpsp2res.dll (Microsoft Corporation)

[2] 2008-04-13 14:38:37 757248 C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 14:38:36 732160 C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 14:38:37 757248 C:\WINDOWS\system32\mui\041b\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\system32\mui\041e\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 14:38:36 732160 C:\WINDOWS\system32\mui\0424\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)

Finished!

Link to post
Share on other sites

Hi, Lechnek :)

Please read and follow all these instructions very carefully.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" .

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Link to post
Share on other sites

JSntgRvr,

I am having serious problems now. I cannot get the computer to stay up and when it does, explorer.exe will not run. I am able to get a dos prompt but when I try to run explorer.exe I get the error access denied. Also, I see the processes running, there are processes called b.exe and c.exe running.

I was able to restart in safe mode with networking but still no explorer.exe. I am able to launch firefox via a dos prompt to get to this forum, but I am afraid I can't follow these instructions, or if I could download combofix in safe mode or not.

Any more suggestions? In the mean time I will continue to restart in normal mode and see if I can follow your instructions.

Thanks again.

Link to post
Share on other sites

JSntgRvr,

Ok, Now I can't even stay booted in safe mode. It boots, but no task bar, or start button. I can get to dos via the task manager, but then it just keeps shutting down.

While shutting down it attempts to end a program called 494d195aoefe4e5oadbcbzoa1123eeda. I have no idea what that means.

I am not booted using a knopix unix cd. I am not familiar with unix at all, but at least I can get to a firefox browser now.

I am afraid that I am going to have to use my windows recovery disks, but that is a huge pain and I have a lot of data that I cannot affor d to lose. Anyway, I may not be able to run anything under windows anymore as the machine just won't stay booted and/or I only get a blue screen with no start button/task bar.

Any help is greatly appreciated.

Link to post
Share on other sites

JSntgRvr,

Ok, Now I can't even stay booted in safe mode. It boots, but no task bar, or start button. I can get to dos via the task manager, but then it just keeps shutting down.

While shutting down it attempts to end a program called 494d195aoefe4e5oadbcbzoa1123eeda. I have no idea what that means.

I am now booted using a knopix unix cd. I am not familiar with unix at all, but at least I can get to a firefox browser now.

I am afraid that I am going to have to use my windows recovery disks, but that is a huge pain and I have a lot of data that I cannot affor d to lose. Anyway, I may not be able to run anything under windows anymore as the machine just won't stay booted and/or I only get a blue screen with no start button/task bar.

Any help is greatly appreciated.

Link to post
Share on other sites

Hi, Lechnek :)

Can you download Combofix and run it while able to boot with the Unix CD? I am also unfamiliar with Unix.

There is a Rescue CD download from AVIRA that will scan a system that is unable to boot.

The Avira AntiVir Rescue System is a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.

http://dl.antivir.de/down/vdf/rescuecd/rescuecd.exe

Once you

Link to post
Share on other sites

Hi JSntgRvr,

I am back on Firefox using Knoppix (it is Linux not unix, sorry for the confusion there).

Anyway, I tried rebooting to Windows xp but this time I shut off autorestart on system failure and got the blue screen with the following error:

Win32k.sys:2 PAGE_FAULT_IN_NOPAGED_AREA, with other dump info. Not sure if this has anything to do with the virus or not. However, it appears that I can't get to windows at all now. I am not sure how to download/create a Cd as described above using Linux. I am going to keep digging and will check back on this post from work tomorrow. Maybe I can get someone from work to make me a CD for me as you describe and try that in the next day or two.

Thanks so much for your help so far.

Link to post
Share on other sites

Here is another option using Dr. Web Cureit:

http://www.freedrweb.com/livecd/

You computer is infected with a Trojan that affects file permissions. If these options are unable to remove it, you will need to reformat and reinstall.

Thanks for this link. Question. You said to use Cureit, but I think you mean livecd? I am not sure how to download it? Can I simply copy from the link listed and then paste to my desktop (on another computer), then burn it to CD? When I click on download from this site, it asks if I want to use coreFTP, when I say no, it just brings up a window with a list of files? I assume I need file minDrWebLiveCD-5.0.0.iso. When I check that file, is shows as only 35 bytes. In the folder 20090921042001, there is a much larger file with the same name. I am just a little confused on which file I need to burn to the cd?

Thanks.

Link to post
Share on other sites

Go to this link:

ftp://ftp.drweb.com/pub/drweb/livecd/

There will be a list of files. I believe these are already included in the .iso file, which is the last lik on the page.

This is the .iso file:

ftp://ftp.drweb.com/pub/drweb/livecd/minD...iveCD-5.0.0.iso

For more instructions read here:

ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf

Link to post
Share on other sites

Thanks. I am at work and a friend downloaded this to a cd for me. I will try it when I get home later today and post the results. If this doesn't work, I am going to attempt to copy my data files to an external hard drive using either this new cd or my knoppix cd and reformat my drive. But that is a last resort if this doesn't work. I also found this link with other image (iso) files that claim to do similiar things. http://www.raymond.cc/blog/archives/2008/1...st-rescue-disk/

I may try one of these if the DR Web LIVE CD doesn't work. Do you have any experience with these. I think you mentioned one of them in a previous post.

Link to post
Share on other sites

Well, the DrWebliveCD booted successfully, but I wasn't able to complete a scan. The scan would start but it appeared to stall or time out or something and the scan process would become non responsive. I could reboot back to the dr. web live cd and start the scan again, but only to get the same results. I am going to try the other rescue link from AVIRA that you posted previously and see what happens. I think these rescue CDs are good options.

If this one doesn't work, I will work on getting the data off the disk drive and reformat, but I won't have time to do that until later in the week.

Thanks again, and I will keep you posted one way or the other.

Link to post
Share on other sites

Well, the DrWebliveCD booted successfully, but I wasn't able to complete a scan. The scan would start but it appeared to stall or time out or something and the scan process would become non responsive. I could reboot back to the dr. web live cd and start the scan again, but only to get the same results. I am going to try the other rescue link from AVIRA that you posted previously and see what happens. I think these rescue CDs are good options.

If this one doesn't work, I will work on getting the data off the disk drive and reformat, but I won't have time to do that until later in the week.

Thanks again, and I will keep you posted one way or the other.

I believe getting the data off the disk and reformat is the best option. Try this:

If you do not have the XP installation CD, download an alternate Recovery Console.

  1. Please download BurnAtOnce and save it to your desktop. Click on Downloads, then on burnatonce 0.99.5
    • Install it by double-clicking on the file bao0995.exe that you downloaded.
    • Click Next, accept the license agreement, and click Next until the button says "Install". Click "Install" to finish.

[*]Download the rc.iso file.

[*]Save it to your desktop.

[*]Put a blank CD in your computer

Link to post
Share on other sites

Hi JSntgRvr,

I didn't have time to work on this last night when I got home. I was able to create the recovery disk from AVIRA but I just didn't get to it to try it last night. Just wanted to give you an update and I will try this one later tonight. If I have to try and get the data off the machine before I recover, it will take me most of the weekend to do that. I will keep you posted and I just wanted to thank you for all of your help to this point.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.