17 replies to this topic

[Lechnek]

I have been impressed with the responsiveness and thoroughness of these posts. I hope you can help me as well.

I have a virus/malware called "Protection System". It prevents running malware bytes, spybot s&d, hjt. I can run adaware and mcafee, but they do not fix the problem. I followed manual instructions for removal (stop the process, unregister dlls, delete files and registry entries). As soon as I do that, I can no longer access the internet. I then run the command form a command prompt (netsh winsock reset). This re-established internet connectivity. I thought my problem was solved, but as soon as connectivity is back, "Protection System" comes right back, so something must still be on here to re-install once internet is restored.

I had hoped to post a hjt log, but that won't run either. I do notice when I try to run hjt, malwarebytes, or sbybot, they show up in the running processes, but the application never starts.

Any help or guidence would be greatly appreciated.

I am in the US eastern time zone and will be out of town all day tomorrow (Sat. the 19th). I will check back as soon as I can later tonight, or first thing on Sunday.

Thanks in advance.

[JSntgRvr]

Hi, Lechnek

Welcome.

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Note: Allow enough time for this application to finish.

[Lechnek]

Thanks. I tried several times to run in normal mode, but the system would either lockup or even one time rebooted after about 20-30 minutes. I ran in safe mode and here is the log from that, I hope this helps:

Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-26 00:39:42 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll ()

[1] 2004-08-04 03:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 215040 C:\WINDOWS\$NtUninstallKB902400_0$\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 226304 C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-26 00:39:43 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 582656 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll ()

[1] 2004-08-04 03:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 582656 C:\WINDOWS\$NtUninstallKB902400_0$\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 625664 C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-26 00:39:43 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll ()

[1] 2004-08-04 03:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 100864 C:\WINDOWS\$NtUninstallKB902400_0$\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 110592 C:\WINDOWS\system32\clbcatex.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-26 00:39:43 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll ()

[1] 2004-08-04 03:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 468480 C:\WINDOWS\$NtUninstallKB902400_0$\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:50 498688 C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-26 00:39:43 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll ()

[1] 2004-08-04 03:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 56832 C:\WINDOWS\$NtUninstallKB902400_0$\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 60416 C:\WINDOWS\system32\colbact.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-26 00:39:44 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll ()

[1] 2004-08-04 03:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 186880 C:\WINDOWS\$NtUninstallKB902400_0$\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 195072 C:\WINDOWS\system32\Com\comadmin.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 03:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe ()

[1] 2008-04-13 20:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:15 9728 C:\WINDOWS\system32\Com\comrepl.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-26 00:39:44 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 1172992 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll ()

[1] 2004-08-04 03:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 1172992 C:\WINDOWS\$NtUninstallKB902400_0$\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 1267200 C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-26 00:39:45 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll ()

[1] 2004-08-04 03:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 495616 C:\WINDOWS\$NtUninstallKB902400_0$\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:51 539648 C:\WINDOWS\system32\comuid.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:06:43 253952 C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 225280 C:\WINDOWS\$NtUninstallKB828741$\es.dll ()

[1] 2004-08-04 03:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 225280 C:\WINDOWS\$NtUninstallKB902400_0$\es.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:45 243200 C:\WINDOWS\$NtUninstallKB950974_0$\es.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\system32\dllcache\es.dll (Microsoft Corporation)

[1] 2008-07-07 16:26:58 253952 C:\WINDOWS\system32\es.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

[1] 2005-07-25 19:46:57 7680 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\migregdb.exe (Microsoft Corporation)

[1] 2005-07-25 19:42:35 8704 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 6656 C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe ()

[1] 2002-08-29 08:00:00 6656 C:\WINDOWS\$NtUninstallKB902400_0$\migregdb.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:25 7680 C:\WINDOWS\ServicePackFiles\i386\migregdb.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-26 00:39:46 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 426496 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 359936 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll ()

[1] 2004-08-04 03:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 359936 C:\WINDOWS\$NtUninstallKB913580_0$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 428032 C:\WINDOWS\system32\dllcache\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 428032 C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-26 00:39:47 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 956416 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll ()

[1] 2004-08-04 03:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 869376 C:\WINDOWS\$NtUninstallKB913580_0$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 956928 C:\WINDOWS\system32\dllcache\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 956928 C:\WINDOWS\system32\msdtctm.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-26 00:39:47 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 161280 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll ()

[1] 2004-08-04 03:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 151040 C:\WINDOWS\$NtUninstallKB913580_0$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 161792 C:\WINDOWS\system32\dllcache\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 161792 C:\WINDOWS\system32\msdtcuiu.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-26 00:39:47 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll ()

[1] 2004-08-04 03:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 61440 C:\WINDOWS\$NtUninstallKB913580_0$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 66560 C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-26 00:39:47 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 15:42:42 91136 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll ()

[1] 2004-08-04 03:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 83968 C:\WINDOWS\$NtUninstallKB913580_0$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 91648 C:\WINDOWS\system32\dllcache\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 10:23:32 91648 C:\WINDOWS\system32\mtxoci.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-01-14 01:07:42 1284608 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 15:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:48 1285120 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:12 1120256 C:\WINDOWS\$NtUninstallKB824146$\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:43 1172992 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll ()

[1] 2004-08-04 03:56:44 1281536 C:\WINDOWS\$NtUninstallKB873333$\ole32.dll (Microsoft Corporation)

[1] 2005-01-14 04:55:50 1285120 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 1281536 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:43 1172992 C:\WINDOWS\$NtUninstallKB902400_0$\ole32.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:12 1120256 C:\WINDOWS\I386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:02 1287168 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2007-07-09 09:16:16 582656 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 581120 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 504320 C:\WINDOWS\$NtUninstallKB824146$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:45 532480 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll ()

[1] 2003-08-25 21:53:45 532480 C:\WINDOWS\$NtUninstallKB902400_0$\rpcrt4.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 504320 C:\WINDOWS\I386\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 584704 C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-01-14 01:07:42 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 15:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 397824 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 06:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 397824 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 202752 C:\WINDOWS\$NtUninstallKB824146$\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:40 260608 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll ()

[1] 2004-08-04 03:56:44 395776 C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll (Microsoft Corporation)

[1] 2005-01-14 04:55:50 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2003-08-25 21:53:40 260608 C:\WINDOWS\$NtUninstallKB902400_0$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2003-07-05 22:14:14 202752 C:\WINDOWS\I386\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:48 401408 C:\WINDOWS\system32\dllcache\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:48 401408 C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-26 00:39:49 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 00:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-26 00:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll ()

[1] 2004-08-04 03:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 90624 C:\WINDOWS\$NtUninstallKB902400_0$\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:07 101376 C:\WINDOWS\system32\txflog.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 03:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll ()

[1] 2008-04-13 20:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 03:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2002-08-29 08:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2008-04-13 20:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-13 20:12:45 265728 C:\WINDOWS\system32\h323.tsp ()



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 03:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll ()

[1] 2008-04-13 20:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:54 614912 C:\WINDOWS\system32\h323msp.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

[1] 2004-08-04 03:56:49 768512 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation)

[1] 2002-08-29 08:00:00 742400 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe ()

[1] 2008-04-13 20:12:21 769024 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 769024 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 03:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 435200 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll ()

[1] 2008-04-13 20:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:55 331264 C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 08:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 05:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 06:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 671744 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll ()

[1] 2004-08-04 03:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 671744 C:\WINDOWS\$NtUninstallKB885835_0$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 21:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 08:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:49 729088 C:\WINDOWS\system32\dllcache\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 08:10:49 729088 C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2004-08-04 03:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-13 20:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:58 57344 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 03:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 968192 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll ()

[1] 2008-04-13 20:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:59 997376 C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 03:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll ()

[1] 2008-04-13 20:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$hf_mig$\KB921883\SP2GDR\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 08:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:53:28 339456 C:\WINDOWS\$hf_mig$\KB958644\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\$hf_mig$\KB958644\SP3GDR\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 309248 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll ()

[1] 2004-08-04 03:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 309248 C:\WINDOWS\$NtUninstallKB921883_0$\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 11:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 337408 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 08:28:27 332288 C:\WINDOWS\$NtUninstallKB958644_0$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:01 337408 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\system32\dllcache\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 12:34:24 337408 C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 03:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll ()

[1] 2008-04-13 20:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2002-08-29 08:00:00 548864 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll ()

[1] 2008-04-13 20:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 16:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:44 144896 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2002-08-29 08:00:00 136704 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll ()

[1] 2004-08-04 03:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:54:55 144896 C:\WINDOWS\system32\dllcache\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:54:55 144896 C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll

[1] 2004-08-04 03:56:36 2897920 C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll (Microsoft Corporation)

[1] 2003-03-06 20:27:38 526848 C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll ()

[1] 2003-03-06 20:27:38 526848 C:\WINDOWS\$NtUninstallKB908531_0$\xpsp2res.dll (Microsoft Corporation)

[1] 2006-03-21 21:28:49 594944 C:\WINDOWS\$NtUninstallKB923191_0$\xpsp2res.dll (Microsoft Corporation)

[2] 2008-04-13 14:38:37 757248 C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 14:38:36 732160 C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 14:38:37 757248 C:\WINDOWS\system32\mui\041b\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\system32\mui\041e\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 14:38:36 732160 C:\WINDOWS\system32\mui\0424\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 13:39:24 2897920 C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)





Finished!

[JSntgRvr]

Hi, Lechnek

Please read and follow all these instructions very carefully.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
    
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
  
• Please do not rename Combofix to other names, but only to the one indicated.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" .

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

[Lechnek]

JSntgRvr,

I am having serious problems now. I cannot get the computer to stay up and when it does, explorer.exe will not run. I am able to get a dos prompt but when I try to run explorer.exe I get the error access denied. Also, I see the processes running, there are processes called b.exe and c.exe running.

I was able to restart in safe mode with networking but still no explorer.exe. I am able to launch firefox via a dos prompt to get to this forum, but I am afraid I can't follow these instructions, or if I could download combofix in safe mode or not.

Any more suggestions? In the mean time I will continue to restart in normal mode and see if I can follow your instructions.

Thanks again.

[Lechnek]

JSntgRvr,

Ok, Now I can't even stay booted in safe mode. It boots, but no task bar, or start button. I can get to dos via the task manager, but then it just keeps shutting down.

While shutting down it attempts to end a program called 494d195aoefe4e5oadbcbzoa1123eeda. I have no idea what that means.

I am not booted using a knopix unix cd. I am not familiar with unix at all, but at least I can get to a firefox browser now.

I am afraid that I am going to have to use my windows recovery disks, but that is a huge pain and I have a lot of data that I cannot affor d to lose. Anyway, I may not be able to run anything under windows anymore as the machine just won't stay booted and/or I only get a blue screen with no start button/task bar.

Any help is greatly appreciated.

[Lechnek]

Lechnek, on Sep 20 2009, 01:47 PM, said:

JSntgRvr,

Ok, Now I can't even stay booted in safe mode. It boots, but no task bar, or start button. I can get to dos via the task manager, but then it just keeps shutting down.

While shutting down it attempts to end a program called 494d195aoefe4e5oadbcbzoa1123eeda. I have no idea what that means.

I am now booted using a knopix unix cd. I am not familiar with unix at all, but at least I can get to a firefox browser now.

I am afraid that I am going to have to use my windows recovery disks, but that is a huge pain and I have a lot of data that I cannot affor d to lose. Anyway, I may not be able to run anything under windows anymore as the machine just won't stay booted and/or I only get a blue screen with no start button/task bar.

Any help is greatly appreciated.

[JSntgRvr]

Hi, Lechnek

Can you download Combofix and run it while able to boot with the Unix CD? I am also unfamiliar with Unix.

There is a Rescue CD download from AVIRA that will scan a system that is unable to boot.

The Avira AntiVir Rescue System is a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.

http://dl.antivir.de...cd/rescuecd.exe

Once you’ve booted up your computer with Avira Rescue System, you get a boot option to either boot from hard drive or AntiVir Rescue System. Press the number 2 on your keyboard to boot into AntiVir Rescue System. It will start loading linux and you get to select either deutsch or english. Next, drivers will be loaded, and when it completes, the Rescue System main menu will show.

• To scan a computer, select the second option “Scan” and hit enter.
  
• Scan all files.
  
• Select the option to try to repair infected files.
  
• If Rescue System is unable to repair infected files, select the option to rename the files.

The open command at the main menu will launch Linux console, not DOS command prompt. Unless you’re familiar with Linux commands, I wouldn’t recommend you selecting that option. If you’ve accidentally got into the linux console, press CTRL+F1 simultaneously to go back to Rescue System Main Menu.

If able to boot after this, then we may be able to run other tools to clean the computer.

Keep me posted.

[Lechnek]

Hi JSntgRvr,

I am back on Firefox using Knoppix (it is Linux not unix, sorry for the confusion there).

Anyway, I tried rebooting to Windows xp but this time I shut off autorestart on system failure and got the blue screen with the following error:

Win32k.sys:2 PAGE_FAULT_IN_NOPAGED_AREA, with other dump info. Not sure if this has anything to do with the virus or not. However, it appears that I can't get to windows at all now. I am not sure how to download/create a Cd as described above using Linux. I am going to keep digging and will check back on this post from work tomorrow. Maybe I can get someone from work to make me a CD for me as you describe and try that in the next day or two.

Thanks so much for your help so far.

[JSntgRvr]

Here is another option using Dr. Web Cureit:

http://www.freedrweb.com/livecd/

You computer is infected with a Trojan that affects file permissions. If these options are unable to remove it, you will need to reformat and reinstall.

[Lechnek]

JSntgRvr, on Sep 20 2009, 09:25 PM, said:

Here is another option using Dr. Web Cureit:

http://www.freedrweb.com/livecd/

You computer is infected with a Trojan that affects file permissions. If these options are unable to remove it, you will need to reformat and reinstall.

Thanks for this link. Question. You said to use Cureit, but I think you mean livecd? I am not sure how to download it? Can I simply copy from the link listed and then paste to my desktop (on another computer), then burn it to CD? When I click on download from this site, it asks if I want to use coreFTP, when I say no, it just brings up a window with a list of files? I assume I need file minDrWebLiveCD-5.0.0.iso. When I check that file, is shows as only 35 bytes. In the folder 20090921042001, there is a much larger file with the same name. I am just a little confused on which file I need to burn to the cd?

Thanks.

[JSntgRvr]

Go to this link:

ftp://ftp.drweb.com/pub/drweb/livecd/

There will be a list of files. I believe these are already included in the .iso file, which is the last lik on the page.

This is the .iso file:

ftp://ftp.drweb.com/pub/drweb/livecd/minD...iveCD-5.0.0.iso

For more instructions read here:

ftp://ftp.drweb.com/...d/LiveCD-en.pdf

[Lechnek]

Thanks. I am at work and a friend downloaded this to a cd for me. I will try it when I get home later today and post the results. If this doesn't work, I am going to attempt to copy my data files to an external hard drive using either this new cd or my knoppix cd and reformat my drive. But that is a last resort if this doesn't work. I also found this link with other image (iso) files that claim to do similiar things. http://www.raymond.cc/blog/archives/2008/1...st-rescue-disk/

I may try one of these if the DR Web LIVE CD doesn't work. Do you have any experience with these. I think you mentioned one of them in a previous post.

[JSntgRvr]

Not much. I'll be happy to see one of these utilities remove what is blocking Windows.

[Lechnek]

Well, the DrWebliveCD booted successfully, but I wasn't able to complete a scan. The scan would start but it appeared to stall or time out or something and the scan process would become non responsive. I could reboot back to the dr. web live cd and start the scan again, but only to get the same results. I am going to try the other rescue link from AVIRA that you posted previously and see what happens. I think these rescue CDs are good options.

If this one doesn't work, I will work on getting the data off the disk drive and reformat, but I won't have time to do that until later in the week.

Thanks again, and I will keep you posted one way or the other.

[JSntgRvr]

Lechnek, on Sep 22 2009, 09:20 AM, said:

Well, the DrWebliveCD booted successfully, but I wasn't able to complete a scan. The scan would start but it appeared to stall or time out or something and the scan process would become non responsive. I could reboot back to the dr. web live cd and start the scan again, but only to get the same results. I am going to try the other rescue link from AVIRA that you posted previously and see what happens. I think these rescue CDs are good options.

If this one doesn't work, I will work on getting the data off the disk drive and reformat, but I won't have time to do that until later in the week.

Thanks again, and I will keep you posted one way or the other.

I believe getting the data off the disk and reformat is the best option. Try this:

If you do not have the XP installation CD, download an alternate Recovery Console.

• Please download BurnAtOnce and save it to your desktop. Click on Downloads, then on burnatonce 0.99.5
  
  • Install it by double-clicking on the file bao0995.exe that you downloaded.
    
  • Click Next, accept the license agreement, and click Next until the button says "Install". Click "Install" to finish.
  
  
• Download the rc.iso file.
  
• Save it to your desktop.
  
• Put a blank CD in your computer’s burner.
  
• Right-click on the file rc.iso, and select "burnatonce" from the menu.
  
• Confirm that the box under the menu at the top says "rc.iso".
  
• Click the "Write" button.
  
• When the disk finishes, eject the CD.
  
• Configure the computer to start from the CD-ROM or DVD-ROM drive. For information about how to do this, see your computer documentation, or contact your computer manufacturer.
  
• Insert the Image of rc.iso that you copied to CD into your CD-ROM or DVD-ROM drive, and then restart your computer.
  
• When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
  
• You will be prompted with the following options:
  

  Quote

  A. To setup Windows XP, press Enter.
  B. To repair Windows XP installation using recovery console, press R.
  
  Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.
  
  
• You will be presented with the following:
  
  
  

  Quote

  Microsoft Windows® Recovery Console
  
  The Recovery Console provides system repair and recovery functionality.
  Type EXIT to quit the Recovery Console and restart the computer.
  
  1: C:\WINDOWS
  
  Which Windows Installation would you like to log onto
  (To cancel, press ENTER)?
  
  
• Press the number 1 on your keyboard and hit Enter.
  
  
• At the command prompt, what does appear, C:\Windows or just C:\?

Type Exit to restart the computer.

[Lechnek]

Hi JSntgRvr,

I didn't have time to work on this last night when I got home. I was able to create the recovery disk from AVIRA but I just didn't get to it to try it last night. Just wanted to give you an update and I will try this one later tonight. If I have to try and get the data off the machine before I recover, it will take me most of the weekend to do that. I will keep you posted and I just wanted to thank you for all of your help to this point.

[JSntgRvr]

You are Welcome!