Jump to content

Patched FM and Combofix


Recommended Posts

hi

so a couple of days back, i think it was on the 23rd someone had the same problem, and someone *expert by the name of gammo suggested that i do the following steps and one of those is to install Combofix, and i did, and at the end i got this report, can anyone please help me out.

so i thought i got rid of the problem, but its still there and every time i start my computer, AVG says that i still have the same problem, so what should i do now ?

thnx

ComboFix 10-08-24.0C - Hussein 08/26/2010 2:12.1.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1450 [GMT 2:00]

Running from: d:\documents and settings\Hussein\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\documents and settings\Hussein\Local Settings\Application Data\Windows Server

d:\documents and settings\Hussein\Local Settings\Application Data\Windows Server\flags.ini

d:\documents and settings\Hussein\Local Settings\Application Data\Windows Server\server.dat

d:\documents and settings\Hussein\Local Settings\Application Data\Windows Server\uses32.dat

d:\windows\pheasrsh.dll

d:\windows\system32\DRIVERS\ftdisk.sys . . . is infected!! . . . Failed to find a valid replacement.

Infected copy of d:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - d:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of d:\windows\explorer.exe was found and disinfected

Restored copy from - d:\windows\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))

.

2010-08-25 23:06 . 2010-08-25 23:06 63488 ----a-w- d:\documents and settings\Hussein\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-25 23:06 . 2010-08-25 23:06 52224 ----a-w- d:\documents and settings\Hussein\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-25 23:06 . 2010-08-25 23:06 117760 ----a-w- d:\documents and settings\Hussein\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-25 23:05 . 2010-08-25 23:05 -------- d-----w- d:\documents and settings\Hussein\Application Data\SUPERAntiSpyware.com

2010-08-25 23:05 . 2010-08-25 23:05 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-25 23:05 . 2010-08-25 23:05 -------- d-----w- d:\program files\SUPERAntiSpyware

2010-08-25 22:33 . 2010-04-29 13:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-08-25 22:33 . 2010-04-29 13:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-08-09 18:31 . 2010-08-09 18:31 -------- d-----w- D:\FOUND.001

2010-08-08 09:31 . 2010-08-08 09:31 -------- d-----w- d:\documents and settings\Hussein\Local Settings\Application Data\DNA

2010-08-08 09:31 . 2010-08-08 09:31 -------- d-----w- d:\program files\DNA

2010-08-08 09:31 . 2010-08-08 09:31 -------- d-----w- d:\documents and settings\Hussein\Application Data\DNA

2010-08-01 10:22 . 2010-08-01 10:22 -------- d-----w- D:\FOUND.000

2010-07-27 21:38 . 2010-08-14 17:33 27591840 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-18 07:26 . 2009-06-17 18:38 664 ----a-w- d:\windows\system32\d3d9caps.dat

2010-06-12 00:35 . 2010-05-03 18:35 57344 ----a-w- d:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-12 00:03 . 2010-06-12 00:03 56997 ----a-w- d:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-12 00:03 . 2010-06-12 00:03 56765 ----a-w- d:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-12 00:03 . 2010-06-12 00:03 57715 ----a-w- d:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-06-12 00:03 . 2010-06-12 00:03 53600 ----a-w- d:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-12 00:02 . 2010-06-12 00:02 54153 ----a-w- d:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-06-12 00:02 . 2010-06-12 00:02 54128 ----a-w- d:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-12 00:02 . 2010-06-12 00:02 54644 ----a-w- d:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-12 00:02 . 2010-06-12 00:02 54101 ----a-w- d:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-12 00:01 . 2010-05-03 18:35 1062184 ----a-w- d:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-06-12 00:01 . 2010-05-03 18:35 895256 ----a-w- d:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

.

------- Sigcheck -------

[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . 2A963B129DEF7B9B151743A3A6508F03 . 507904 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 53692B25AD0A17059DACD8DBEB08F467 . 1033728 . . [6.00.2900.5512] . . d:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe

[-] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . d:\windows\$NtServicePackUninstall$\explorer.exe

d:\windows\System32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 10:58 333192 ----a-w- d:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 11:01 1230080 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"\\HUSSEIN\EPSON Stylus DX8400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]

"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2010-08-08 323392]

"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACU"="d:\program files\Atheros\ACU.exe" [2007-05-03 376921]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]

"ATKHOTKEY"="d:\program files\ATK Hotkey\Hcontrol.exe" [2007-08-23 229376]

"SMSERIAL"="d:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]

"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]

"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

d:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 6.0 ME\Distillr\acrotray.exe [2003-10-6 217183]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-16 09:46 11952 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2009-03-19 13:10 801904 ----a-w- d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"d:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"d:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\DNA\\btdna.exe"=

"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [12/29/2008 8:38 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [12/29/2008 8:38 PM 108552]

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872]

R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656]

R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 8:38 PM 908056]

R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 8:38 PM 297752]

--- Other Services/Drivers In Memory ---

*Deregistered* - yyrvs

.

Contents of the 'Scheduled Tasks' folder

2010-08-11 d:\windows\Tasks\AppleSoftwareUpdate.job

- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-25 d:\windows\Tasks\New Task.job

- d:\windows\system32\shutdown.exe [2001-08-23 03:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab

FF - ProfilePath - d:\documents and settings\Hussein\Application Data\Mozilla\Firefox\Profiles\4269o6x6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://at.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_at&p=

FF - component: d:\documents and settings\Hussein\Application Data\Mozilla\Firefox\Profiles\4269o6x6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: d:\documents and settings\Hussein\Application Data\Mozilla\Firefox\Profiles\4269o6x6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----

d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-JustVoip - d:\program files\JustVoip.com\JustVoip\JustVoip.exe

HKCU-Run-Ipexitadumo - d:\windows\pheasrsh.dll

AddRemove-EPSON Scanner - d:\program files\epson\escndv\setup\setup.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe

AddRemove-Octoshape add-in for Adobe Flash Player - d:\documents and settings\Hussein\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-26 02:19

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yyrvs]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-2025429265-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:85,c6,8b,66,09,bd,43,b7,45,a5,e0,f7,93,07,f6,be,26,64,6c,22,4d,

9f,68,66,ba,4f,c7,62,b1,9b,1c,43,a1,6f,ab,78,41,e8,48,eb,ad,af,c5,5b,a9,50,\

"rkeysecu"=hex:e9,98,53,b8,f8,5d,72,59,63,76,56,58,a0,53,47,34

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:

Link to post
Share on other sites

Hi,

and someone *expert by the name of gammo suggested that i do the following steps and one of those is to install Combofix, and i did,

I didn't suggest that. I posted those instructions for another user, not you. :P

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert". It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

First delete your copy of ComboFix.exe from the Desktop.

Then download the latest version of ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

oh thanx for the reply my Expert :P

well, i did that, and while scanning it says that the winlogon and explorer are repaired, so i thought everything is good, but i still get that warning from AVG that these 2 files are infected and can not be removed.

I know my way around, and i thought u could give me a tip on how i did things wrong or what went wrong.

Link to post
Share on other sites

Hi,

It's hard to tell what went wrong, but it wasn't your fault. :P

Have you downloaded/run the latest version of ComboFix, like I told you to do?

If so, please post the contents of C:\ComboFix.txt in your next reply.

If not, please do so, and then post the contents of C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.