943,520 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > A Virus has locked me out of all features of the control panel and disable AVG
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Sep 9th, 2009
0

A Virus has locked me out of all features of the control panel and disable AVG

Expand Post »
Hello,

I am attempting to help a friend remove a virus from his computer, which is running Windows XP. Upon start up, the following adds continuously pop up: Advanced Virus Remover and PC AntiSpyware 2010.

In an attempt to remove the virus I have restarted the computer in safe mode and attempted to run AVG's free anti virus, however the virus prevents the start of the scan.

In normal mode the virus also won't let me access any program in the control panel and does not allow access to the task manager.

My friend told me he once saw AVG report a win32 cryptor virus being present, but I was not able to confirm this. However, I looked up the virus and tried to follow some recommendations. The main recommendation I tried to follow was to download MBAM and rename it as winlogon.exe. Then in safe mode I tried to execute the MBAM, it opened and installed the malware and then when I try to do a quick scan it says it is preparing to scan, but then it just closes.

Also, I have been able to stop the continuous pop ups of the Advanced Virus Remover and PC Anti Spyware 2010 by installing http://live.sysinternals.com/procexp.exe and then I renamed it winlogon.exe. It does run and once I kill the process of svchosts.exe the pop ups stop, but I still cannot run anti virus software, malware, access any programs in the control panel or access the task manager.

I am sorry I can't provide any logs as you can see this thing has really locked me out of everything.

I really don't know what to do and would appreciate anyone who can help me fix my friends computer.

Thanks in advance.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Questions??? is offline Offline
22 posts
since Nov 2007
Permalink
Sep 9th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Click to Expand / Collapse  Quote originally posted by Questions??? ...
I really don't know what to do and would appreciate anyone who can help me fix my friends computer.
Thanks in advance.
I'd like to try this first:

Please download FindIt.zip and Extract the FindIt folder to your desktop.
-- Inside the folder, you'll see RunThis.bat - DoubleClick it and let it run. (10-20 seconds)
A log should pop up - please post that for me.

PP
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Sep 9th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Thanks for looking at this, here is the log you asked for:

Looking for cngaudit.dll

No matches found.


Looking for eventlog.dll

C:\240E3F~1\
eventlog.txt Mon Sep 29 2008 3:34:40p A.... 48,396 47.26 K

C:\I386\
eventlog.dll Wed Aug 4 2004 5:00:00a A.... 55,808 54.50 K

C:\WINDOWS\$NTSER~3\
eventlog.dll Wed Aug 4 2004 5:00:00a ..... 55,808 54.50 K

C:\WINDOWS\SYSTEM32\
eventlog.dll Sun Apr 13 2008 7:11:54p A.... 61,952 60.50 K

C:\WINDOWS\SERVIC~1\I386\
eventlog.dll Sun Apr 13 2008 7:11:54p ..... 56,320 55.00 K

5 items found: 5 files, 0 directories.
Total of file sizes: 278,284 bytes 271.76 K


Looking for logevent.dll

C:\WINDOWS\SYSTEM32\
logevent.dll Sun Apr 13 2008 7:11:54p A.... 56,320 55.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 56,320 bytes 55.00 K


Looking for netlogon.dll

C:\I386\
netlogon.dll Wed Aug 4 2004 5:00:00a A.... 407,040 397.50 K

C:\WINDOWS\$NTSER~3\
netlogon.dll Wed Aug 4 2004 5:00:00a ..... 407,040 397.50 K

C:\WINDOWS\SYSTEM32\
netlogon.dll Sun Apr 13 2008 7:12:02p A.... 407,040 397.50 K

C:\WINDOWS\SERVIC~1\I386\
netlogon.dll Sun Apr 13 2008 7:12:02p ..... 407,040 397.50 K

4 items found: 4 files, 0 directories.
Total of file sizes: 1,628,160 bytes 1.55 M


Looking for scecli.dll

C:\I386\
scecli.dll Wed Aug 4 2004 5:00:00a A.... 180,224 176.00 K

C:\WINDOWS\$NTSER~3\
scecli.dll Wed Aug 4 2004 5:00:00a ..... 180,224 176.00 K

C:\WINDOWS\SYSTEM32\
scecli.dll Sun Apr 13 2008 7:12:06p A.... 181,248 177.00 K

C:\WINDOWS\SERVIC~1\I386\
scecli.dll Sun Apr 13 2008 7:12:06p ..... 181,248 177.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 722,944 bytes 706.00 K
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Questions??? is offline Offline
22 posts
since Nov 2007
Permalink
Sep 10th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Click to Expand / Collapse  Quote originally posted by Questions??? ...
Thanks for looking at this, here is the log you asked for:
Great!

Let's do this next:

Please Download Win32kDiag from a linky below and save it to your Desktop. Leave it there for now.
http://ad13.geekstogo.com/Win32kDiag.exe
http://download.bleepingcomputer.com/rootrepeal

Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:


Files to move:
C:\WINDOWS\SYSTEM32\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dll


-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox , using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.

NEXT:

Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r

-- That should produce a log, as well. Please post it for me.


LASTLY:

If you already have combofix on your machine, DELETE it.

Then follow the instructions in the link below to DL a fresh Combofix and run it:
http://www.bleepingcomputer.com/comb...o-use-combofix

What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename combofix to Bunnyfix.exe and then download it to your desktop as that and follow the instructions in the linky very carefully to run Combofix and then post the Combofix log for me, after the other two I previously requested and we'll go from there.

Let me know if you run into any trouble with these steps.
I'll try to check back Wednesday evening as time permits.

Best Luck
PP
Last edited by PhilliePhan; Sep 10th, 2009 at 1:14 am. Reason: The Usual...
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Sep 10th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Thanks once again for helping me with this.

Here are the logs you requested:

Here is the first log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

The second log:

Log file is located at: C:\Documents and Settings\T\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B3.tmp\ZAP1B3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp\ZAP298.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp\ZAP2C2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZJVSAU9J\ZJVSAU9J

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\i2.current.com\i2.current.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\vox-static.liverail.com\vox-static.liverail.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\67EVVLIE\67EVVLIE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\DBWXHBYH\DBWXHBYH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\H1THVP3M\H1THVP3M

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Overrides\Overrides

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Sqm\Sqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA17.tmp\MCA17.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA1B.tmp\MCA1B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA25.tmp\MCA25.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA3C.tmp\tempinst\cntrlbin_cab\cntrlbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA3C.tmp\tempinst\cntrlres_cab\cntrlres_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA3C.tmp\tempinst\shredbin_cab\shredbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA3C.tmp\tempinst\shredcfg_cab\shredcfg_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA48.tmp\tempinst\cntrlbin_cab\cntrlbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA48.tmp\tempinst\cntrlres_cab\cntrlres_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA48.tmp\tempinst\shredbin_cab\shredbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA48.tmp\tempinst\shredcfg_cab\shredcfg_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA8F.tmp\tempinst\cntrlbin_cab\cntrlbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA8F.tmp\tempinst\cntrlres_cab\cntrlres_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCA8F.tmp\tempinst\shredbin_cab\shredbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCAB3.tmp\tempinst\cntrlbin_cab\cntrlbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCAB3.tmp\tempinst\cntrlres_cab\cntrlres_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCAB3.tmp\tempinst\shredbin_cab\shredbin_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCAB3.tmp\tempinst\shredcfg_cab\shredcfg_cab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCAEE.tmp\MCAEE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\WPDNSE\WPDNSE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

Last one:

ComboFix 09-09-09.09 - T 09/10/2009 13:11.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.219 [GMT -5:00]
Running from: c:\documents and settings\T\Desktop\Bunnyfix.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\T\LOCALS~1\Temp\csrss.exe
c:\docume~1\T\LOCALS~1\Temp\lsass.exe
c:\docume~1\T\LOCALS~1\Temp\services.exe
c:\docume~1\T\LOCALS~1\Temp\svchost.exe
c:\docume~1\T\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\T\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\Starware
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\games.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\gamesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\recipes.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\recipes.png
c:\documents and settings\All Users\Application Data\Starware\buttons\recipes_over.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\recipes_over.png
c:\documents and settings\All Users\Application Data\Starware\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Guest\Application Data\Starware
c:\documents and settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Games\GamesOptions.xml
c:\documents and settings\Guest\Application Data\Starware\Games\GamesOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml
c:\documents and settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml
c:\documents and settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
c:\documents and settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml
c:\documents and settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
c:\documents and settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml
c:\documents and settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\T\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\T\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\T\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\T\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\T\Start Menu\Advanced Virus Remover.lnk
C:\fyblb.exe
C:\hpbyv.exe
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\recycler\S-1-5-21-2383945017-8300596413-559893616-3019
c:\recycler\S-1-5-21-3713580673-0406821867-843549842-6525
c:\recycler\S-1-5-21-5694454754-7946694218-518490614-4504
c:\recycler\S-1-5-21-9550365701-4589566829-932741199-5225
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\40652b3.msi
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\msf.exe
c:\windows\msg.exe
c:\windows\msh.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchast.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\braviax.exe
c:\windows\system32\bszip.dll
c:\windows\system32\cru629.dat
c:\windows\system32\desot.exe
c:\windows\system32\drivers\hjgruiwejwfvpq.sys
c:\windows\system32\drivers\smss.exe
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\hjgruibavbdmoi.dll
c:\windows\system32\hjgruifwlwfxir.dll
c:\windows\system32\hjgruinfdruesp.dat
c:\windows\system32\hjgruisntipfuw.dat
c:\windows\system32\hjgruityxyowtu.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kungsfaqrdwjyo.dat
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\tapi.nfo
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
C:\xvhu.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\beep.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiyblrdyiu
-------\Legacy_hjgruiyblrdyiu
-------\Legacy_ANTIPPRO2009_12
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_AntipPro2009_12


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 17:36 . 2009-09-10 17:36 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-06 17:50 . 2009-09-06 17:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 04:56 . 2009-09-05 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-05 01:09 . 2009-09-05 01:09 -------- d-----w- c:\documents and settings\T\Application Data\AVG8
2009-09-03 22:01 . 2009-09-03 22:01 -------- d-----w- c:\documents and settings\T\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 22:00 . 2009-09-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 22:00 . 2009-09-06 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 20:00 . 2009-09-03 20:13 -------- d--h--w- c:\windows\PIF
2009-09-03 18:35 . 2009-09-03 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Musicmatch
2009-09-03 18:24 . 2009-09-03 18:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-03 04:18 . 2009-09-03 04:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-02 09:36 . 2009-09-06 14:32 28672 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-30 19:58 . 2009-08-30 19:59 -------- d-----w- C:\794e03f66860fe464e4d
2009-08-12 15:35 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 17:10 . 2005-09-23 17:49 -------- d-----w- c:\program files\Dl_cats
2009-09-10 02:46 . 2005-09-26 02:33 56 --sh--r- c:\windows\system32\19780A1217.sys
2009-09-10 02:46 . 2005-09-26 02:33 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 19:07 . 2005-10-22 21:17 -------- d-----w- c:\program files\Google
2009-09-05 01:13 . 2008-05-30 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 22:35 . 2009-08-06 03:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-29 15:00 . 2008-07-04 19:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 15:00 . 2008-05-30 16:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 15:00 . 2008-05-30 16:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 18:00 . 2008-09-29 00:23 -------- d-----w- c:\documents and settings\T\Application Data\Skype
2009-08-26 00:17 . 2008-09-29 00:26 -------- d-----w- c:\documents and settings\T\Application Data\skypePM
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 06:16 . 2009-05-29 12:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 07:31 . 2005-09-20 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 07:27 . 2009-07-13 20:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 21:10 . 2009-07-13 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\18585154
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 12:41 . 2005-09-20 17:39 90112 ----a-w- c:\windows\DUMP7743.tmp
2009-06-28 12:26 . 2009-06-20 01:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1EE.tmp
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1ED.tmp
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 18:30 . 2009-06-03 18:30 49152 --sha-w- c:\windows\system32\huzitala.dll
2009-06-03 18:30 . 2009-06-03 18:30 49152 --sha-w- c:\windows\system32\numisufe.dll
2009-06-03 18:30 . 2009-06-03 18:30 49152 --sha-w- c:\windows\system32\puwisuro.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aec64a76-cb0d-44b0-8bfa-5d4fa6b1dc01}]
2009-06-03 18:30 49152 --sha-w- c:\windows\system32\puwisuro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-20 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-13 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"mawilinutu"="c:\windows\system32\huzitala.dll" [2009-06-03 49152]
"winupdate.exe"="c:\windows\system32\winupdate.exe" [2009-09-10 44970]
"timemihuz"="c:\windows\system32\fugafizu.dll" [2009-09-10 88064]
"13719214"="c:\documents and settings\All Users\Application Data\13719214\13719214.exe" [2009-09-10 1065508]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\STSYSTRA.EXE [2005-03-23 339968]

c:\documents and settings\T\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-11 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-20 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{f28c266d-027f-4469-9750-124a0b484ce6}"= "c:\windows\system32\fugafizu.dll" [2009-09-10 88064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pinetajod"= {f28c266d-027f-4469-9750-124a0b484ce6} - c:\windows\system32\fugafizu.dll [2009-09-10 88064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 15:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\numisufe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPisabledHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2008 11:33 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2008 11:33 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 2:05 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 7:55 AM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [7/25/2005 10:32 PM 348352]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/29/2008 3:35 PM 33808]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 2:05 PM 908056]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [7/25/2005 10:35 PM 43392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\fugafizu.dll 88064 bytes executable
c:\windows\system32\yuniyuzi.exe 1065508 bytes executable
c:\windows\system32\zizakohe.dll 37376 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\windows\system32\huzitala.dll
c:\windows\system32\puwisuro.dll
c:\windows\system32\fugafizu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-10 13:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 18:39

Pre-Run: 47,223,386,112 bytes free
Post-Run: 50,436,280,320 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
425 --- E O F --- 2009-09-02 08:01
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Questions??? is offline Offline
22 posts
since Nov 2007
Permalink
Sep 10th, 2009
1

Re: A Virus has locked me out of all features of the control panel and disable AVG

Click to Expand / Collapse  Quote originally posted by Questions??? ...
Thanks once again for helping me with this.
Happy to help

Let's do this next:

1) DELETE your current Win32kDiag and download a fresh copy to the Desktop.
http://ad13.geekstogo.com/Win32kDiag.exe
-- Click START > RUN and then Copy&Paste all of the following text in Red into the command field:
"%userprofile%\desktop\win32kdiag.exe" -f –r
-- Please post that log for me


2) Download and run MBA-M as per the linky below and have it Remove what it finds. It should get some of what Combofix missed.
http://www.daniweb.com/forums/thread134865.html

3) Reboot.

4) DELETE your current copy of Combofix.
Download a fresh Combofix and run it as you did before and post that log for me as well.

Cheers
PP
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Sep 10th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Here are the logs:

Log file is located at: C:\Documents and Settings\T\Desktop\Win32kDiag.txt

Removing all found mount points.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B3.tmp\ZAP1B3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B3.tmp\ZAP1B3.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp\ZAP298.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp\ZAP298.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp\ZAP2C2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp\ZAP2C2.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZJVSAU9J\ZJVSAU9J

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZJVSAU9J\ZJVSAU9J

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Google

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\i2.current.com\i2.current.com

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\i2.current.com\i2.current.com

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\vox-static.liverail.com\vox-static.liverail.com

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\97Q8RDB2\vox-static.liverail.com\vox-static.liverail.com

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\67EVVLIE\67EVVLIE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\67EVVLIE\67EVVLIE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\DBWXHBYH\DBWXHBYH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\DBWXHBYH\DBWXHBYH

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\H1THVP3M\H1THVP3M

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\H1THVP3M\H1THVP3M

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Overrides\Overrides

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Overrides\Overrides

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1326613134-2500001767-4212926929-1003\S-1-5-21-1326613134-2500001767-4212926929-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Sqm\Sqm

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Sqm\Sqm

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!


Here is the combo fix log:

ComboFix 09-09-10.01 - T 09/10/2009 19:02.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.211 [GMT -5:00]
Running from: c:\documents and settings\T\Desktop\Bunnyfix.exe.exe
.

((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 21:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 17:50 . 2009-09-06 17:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 04:56 . 2009-09-05 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-03 22:01 . 2009-09-03 22:01 -------- d-----w- c:\documents and settings\T\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-09-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-09-10 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 20:00 . 2009-09-10 21:15 -------- d--h--w- c:\windows\PIF
2009-09-03 18:35 . 2009-09-03 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Musicmatch
2009-09-03 18:24 . 2009-09-03 18:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-03 04:18 . 2009-09-03 04:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-30 19:58 . 2009-08-30 19:59 -------- d-----w- C:\794e03f66860fe464e4d
2009-08-12 15:35 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 23:52 . 2008-09-29 00:23 -------- d-----w- c:\documents and settings\T\Application Data\Skype
2009-09-10 21:13 . 2005-09-23 17:49 -------- d-----w- c:\program files\Dl_cats
2009-09-10 21:06 . 2008-09-29 00:26 -------- d-----w- c:\documents and settings\T\Application Data\skypePM
2009-09-10 20:55 . 2006-09-21 15:38 40784 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 18:34 . 2009-06-10 18:34 65536 --sha-w- c:\windows\system32\pavogare.exe
2009-09-10 02:46 . 2005-09-26 02:33 56 --sh--r- c:\windows\system32\19780A1217.sys
2009-09-10 02:46 . 2005-09-26 02:33 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 19:07 . 2005-10-22 21:17 -------- d-----w- c:\program files\Google
2009-09-04 22:35 . 2009-08-06 03:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 06:16 . 2009-05-29 12:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 07:31 . 2005-09-20 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 07:27 . 2009-07-13 20:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-28 12:41 . 2005-09-20 17:39 90112 ----a-w- c:\windows\DUMP7743.tmp
2009-06-28 12:26 . 2009-06-20 01:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1EE.tmp
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1ED.tmp
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-20 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-13 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\STSYSTRA.EXE [2005-03-23 339968]

c:\documents and settings\T\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-11 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-20 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPisabledHCP Discovery Service

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 7:55 AM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [7/25/2005 10:32 PM 348352]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/29/2008 3:35 PM 33808]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [7/25/2005 10:35 PM 43392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-11 19:11
ComboFix-quarantined-files.txt 2009-09-11 00:11
ComboFix2.txt 2009-09-10 18:39

Pre-Run: 50,944,581,632 bytes free
Post-Run: 50,916,020,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
183 --- E O F --- 2009-09-02 08:01

Thanks for all your help.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Questions??? is offline Offline
22 posts
since Nov 2007
Permalink
Sep 10th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Happy to help

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe just like this.

-- Let Combofix run as before and post me that log along with a fresh MBA-M scanlog (didn't get to see that one...) and we'll see if we can wrap this up.


P
Last edited by PhilliePhan; Nov 20th, 2009 at 8:11 pm.
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006
Permalink
Sep 11th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Here you go.

ComboFix 09-09-10.01 - T 09/10/2009 21:02.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.268 [GMT -5:00]
Running from: c:\documents and settings\T\Desktop\Bunnyfix.exe.exe
Command switches used :: c:\documents and settings\T\Desktop\CFScript.txt.URL
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 00:27 . 2009-09-11 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-11 00:26 . 2009-09-11 00:26 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-11 00:26 . 2009-09-11 00:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-11 00:26 . 2009-09-11 00:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-11 00:26 . 2009-09-11 00:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-11 00:26 . 2009-09-11 00:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-11 00:25 . 2009-09-11 00:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-11 00:25 . 2009-09-11 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 00:23 . 2009-09-11 00:23 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-09-11 00:23 . 2009-09-11 00:23 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-09-11 00:23 . 2009-09-11 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 00:17 . 2009-09-11 00:17 -------- d-----w- c:\documents and settings\T\Application Data\AVG8
2009-09-10 21:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 17:50 . 2009-09-06 17:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-05 04:56 . 2009-09-05 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-03 22:01 . 2009-09-03 22:01 -------- d-----w- c:\documents and settings\T\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-09-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 22:00 . 2009-09-10 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 20:00 . 2009-09-10 21:15 -------- d--h--w- c:\windows\PIF
2009-09-03 18:35 . 2009-09-03 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Musicmatch
2009-09-03 18:24 . 2009-09-03 18:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-03 04:18 . 2009-09-03 04:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-30 19:58 . 2009-08-30 19:59 -------- d-----w- C:\794e03f66860fe464e4d
2009-08-12 15:35 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 02:06 . 2008-09-29 00:23 -------- d-----w- c:\documents and settings\T\Application Data\Skype
2009-09-10 21:13 . 2005-09-23 17:49 -------- d-----w- c:\program files\Dl_cats
2009-09-10 21:06 . 2008-09-29 00:26 -------- d-----w- c:\documents and settings\T\Application Data\skypePM
2009-09-10 20:55 . 2006-09-21 15:38 40784 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 18:34 . 2009-06-10 18:34 65536 --sha-w- c:\windows\system32\pavogare.exe
2009-09-10 02:46 . 2005-09-26 02:33 56 --sh--r- c:\windows\system32\19780A1217.sys
2009-09-10 02:46 . 2005-09-26 02:33 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 19:07 . 2005-10-22 21:17 -------- d-----w- c:\program files\Google
2009-09-04 22:35 . 2009-08-06 03:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 06:16 . 2009-05-29 12:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 07:31 . 2005-09-20 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 07:27 . 2009-07-13 20:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-22 22:23 . 2009-07-22 22:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 22:23 . 2009-07-22 22:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-28 12:41 . 2005-09-20 17:39 90112 ----a-w- c:\windows\DUMP7743.tmp
2009-06-28 12:26 . 2009-06-20 01:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1EE.tmp
2009-06-28 12:20 . 2009-06-28 12:20 0 ----a-w- c:\windows\system32\REN1ED.tmp
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_18.30.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-19 01:44 . 2003-03-19 01:44 49152 c:\windows\system32\MFC71KOR.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 49152 c:\windows\system32\MFC71JPN.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 61440 c:\windows\system32\MFC71ITA.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 61440 c:\windows\system32\MFC71FRA.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 61440 c:\windows\system32\MFC71ESP.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 57344 c:\windows\system32\MFC71ENU.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 65536 c:\windows\system32\MFC71DEU.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 45056 c:\windows\system32\MFC71CHT.DLL
+ 2003-03-19 01:44 . 2003-03-19 01:44 40960 c:\windows\system32\MFC71CHS.DLL
+ 2009-09-11 00:27 . 2009-09-11 00:27 21630 c:\windows\Installer\{F314EA69-9590-4876-8E2B-44CBEE7FFAA1}\ARPPRODUCTICON.exe
+ 2009-09-11 00:27 . 2009-09-11 00:27 61440 c:\windows\Installer\{F314EA69-9590-4876-8E2B-44CBEE7FFAA1}\Agent_9914E3CE157141D799231571EBF4D926.exe
+ 2009-09-11 00:27 . 2009-09-11 00:27 4556800 c:\windows\Installer\20ba9a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-20 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-13 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\STSYSTRA.EXE [2005-03-23 339968]

c:\documents and settings\T\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-11 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-20 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-20 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-11 00:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPisabledHCP Discovery Service

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/10/2009 7:26 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2009 7:26 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2009 7:26 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2009 7:25 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2009 7:25 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [9/10/2009 7:25 PM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 7:55 AM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [7/25/2005 10:32 PM 348352]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9/10/2009 7:23 PM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [7/22/2009 5:23 PM 27232]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/29/2008 3:35 PM 33808]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [7/22/2009 5:23 PM 5641736]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [7/25/2005 10:35 PM 43392]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9/10/2009 7:23 PM 29208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGIDSERHR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\bs0l1fpd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 21:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-11 21:13
ComboFix-quarantined-files.txt 2009-09-11 02:13
ComboFix2.txt 2009-09-11 00:11
ComboFix3.txt 2009-09-10 18:39

Pre-Run: 50,695,741,440 bytes free
Post-Run: 50,652,925,952 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
247 --- E O F --- 2009-09-02 08:01


Malware

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/10/2009 11:08:53 PM
mbam-log-2009-09-10 (23-08-53).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|)
Objects scanned: 191467
Time elapsed: 1 hour(s), 40 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Questions??? is offline Offline
22 posts
since Nov 2007
Permalink
Sep 11th, 2009
0

Re: A Virus has locked me out of all features of the control panel and disable AVG

Click to Expand / Collapse  Quote originally posted by Questions??? ...
Here you go.
Well . . .Combofix did not run as it should have - looks like the CFScript was not save to desktop properly.

No worries!

We'll do it this way:

1) You'll need to enable the viewing of hidden files and then navigate to the following files and DELETE them:
c:\windows\system32\pavogare.exe
c:\windows\DUMP7743.tmp
c:\windows\system32\REN1EE.tmp
c:\windows\system32\REN1ED.tmp

2) Once that is done, do this:
• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.

Let me know if you run into any problems. If not, I think you're good to go.....

Cheers
PP
Moderator
Reputation Points: 171
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,575 posts
since Dec 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Download working but webpages not opening
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: police pro+desote virus HELP!?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC