1.11M Members

Unable to install any Anti virus

 
-1
 

Hi .. i am unable to install any anti virus or run avast as i dont know what is wrong with my system and this is irritating me neither i can open task manager as it says it has been disabled by admin nor can i run safe mode, please help me i have install combofix and got the log report please help me ...Thanks in advance.

ComboFix 10-10-30.01 - Administrator 10/31/2010 9:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.374 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\esmkpj.pif
c:\program files\Common Files\SysAnti.exe
C:\SysAnti.exe
c:\windows\Fonts\dovab.dll
c:\windows\Fonts\gmdbg.dll
c:\windows\Fonts\hblpu.dll
c:\windows\Fonts\hkcel.dll
c:\windows\Fonts\idlub.dll
c:\windows\Fonts\islkd.dll
c:\windows\Fonts\mgisr.dll
c:\windows\Fonts\oeipr.dll
c:\windows\Fonts\osqhc.dll
c:\windows\Fonts\ulgpo.dll
c:\windows\inf\mdmcpq3.PNF
c:\windows\inf\mdmeric3.PNF
c:\windows\inf\oem6C.PNF
c:\windows\inf\oem7A.PNF
c:\windows\system32\drivers\mrxcls.sys
c:\windows\system32\drivers\mrxnet.sys
D:\Autorun.inf
D:\dkyax.pif
D:\SysAnti.exe
E:\Autorun.inf
E:\pmcwt.exe
E:\SysAnti.exe
F:\Autorun.inf
F:\gsrkc.pif
F:\SysAnti.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Legacy_DRVKILLER
-------\Legacy_MRXCLS
-------\Legacy_MRXNET
-------\Service_amsint32
-------\Service_DrvKiller
-------\Service_MRxCls
-------\Service_MRxNet


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 03:48 . 2010-10-31 03:48 103140 --sh--r- C:\wcrsom.exe
2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-23 20:52 . 2010-09-23 20:52 922112 ------w- c:\windows\system32\imapi2fs.dll
2010-09-23 20:52 . 2010-09-23 20:52 426496 ------w- c:\windows\system32\imapi2.dll
2010-09-23 20:52 . 2004-08-04 01:07 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 09:53 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1549312]
"ares"="c:\program files\Ares\Ares.exe" [2008-11-23 880640]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 147456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 237568]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 104304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-28 255528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 356352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-28 184384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Drivers\\AUDIO\\sp29312.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\OneTouchAccess.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=
"c:\\Program Files\\Winferno\\PC Confidential\\PCConfidential.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2010 7:07 PM 28552]
R3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [10/28/2010 5:12 PM 45696]
S3 gmd;gmd;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp~gmd.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp~gmd.tmp [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 09:27]

2010-10-31 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2010-10-30 08:40]

2010-10-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 09:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=13760&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f5qkfash.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 09:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmd]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp~gmd.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-10-31 09:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 03:51

Pre-Run: 5,639,770,112 bytes free
Post-Run: 5,454,569,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6370F94C1AF64C98CC27ED4C668FC95E

 
0
 

Can you launch/install other programs like process explorer? I can download a binary file so it will be able to run locally without any instillation. Also, you can download ClamWin which also runs locally on the computer too. It kind of sounds like you may have a virus/mlaware infection.

Additionally, I'd also try and to repair the OS using your XP Pro CD/DVD or by typing in command prompt,

sfc /scannow

. You can also enter in the repair console from the xp disc and type sfc /scannow.

 
0
 

You really should never run Combofix without first being told to do so.
Since you have all ready done so then you should be able to follow the steps given in our Read Me First sticky. Please do so and post back with all the requested logs.
http://www.daniweb.com/forums/thread134865.html

 
0
 

You are contributing the following post:
hi , i did every thing what was guided in the daniweb page and i am sorry to run combofix before reading as am not too good with system knwldge, well do you want me to copy and paste all the logs or how can i attach them,as one attach log file says this info should be send in zip file "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT " please reply and could not run CLAMWIN , i did try repair the OS and it was completed without showing any Result. please help me THANKS

 
0
 

Copy paste all logs if possible please.

 
0
 

hi ! yes i can do it and here they are below

GMER ONE

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-01 15:07:36
Windows 5.1.2600 Service Pack 2
Running: pnodvqz0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdipoc.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

---- EOF - GMER 1.0.15 ----

GMER TWO

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-01 15:27:11
Windows 5.1.2600 Service Pack 2
Running: pnodvqz0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF810E900]
? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\omppi.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[376] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[432] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[620] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe[1604] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1932] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???9lt????R??9???)????h??C??????????????????LegacyDriver?r??? ???????9???????????9???????????????????????????9???&??????????????0????????????????`???????????????????? ????????????????????? ???????????????t????9???9???9???9?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

---- EOF - GMER 1.0.15 ----

mbam-log-

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/1/2010 5:46:10 PM
mbam-log-2010-11-01 (17-46-10).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 154278
Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HiSoft\CrackDownloader (CrackTool.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Malware.Packer.Gen) -> Delete on reboot.
C:\wcrsom.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Nokia PC Suite.exe (CrackTool.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\esmkpj.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\sysanti.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Common Files\SysAnti.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\dovab.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\gmdbg.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\hblpu.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\hkcel.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\idlub.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\islkd.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\mgisr.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\oeipr.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\osqhc.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\ulgpo.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\dkyax.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\SysAnti.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\E\pmcwt.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\E\SysAnti.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\F\gsrkc.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\F\SysAnti.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\ilsu.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\sysanti.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\New Fav\Desk Top 1st july\My Pictures\New Folder\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\pcorut.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\Qoobox\Quarantine\E\sysanti.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{F19D31B4-259A-43F6-ADF0-A86839936204}\RP6\A0001029.EXE (Malware.Packer) -> Quarantined and deleted successfully.
F:\chrne.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\Qoobox\Quarantine\F\sysanti.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\Tabrez Soft\crackdown.exe (CrackTool.Agent) -> Quarantined and deleted successfully.
F:\Tabrez Soft\System Cleaner\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

DDS


DDS (Ver_10-10-31.01) - NTFSx86
Run by Administrator at 17:59:03.57 on Mon 11/01/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.275 [GMT 5.5:30]

AV: Panda Global Protection 2009 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\WebProxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=13760&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
TCP: {D67F3CF7-54C1-4BF1-BD0A-15D885866AE4} = 202.148.202.3 202.148.202.4
Notify: avldr - avldr.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\f5qkfash.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13760&l=dis
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-29 28552]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-11-1 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-11-1 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-11-1 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-11-1 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-11-1 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-11-1 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-11-1 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2009\PsCtrlS.exe [2010-11-1 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-11-1 84024]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-11-1 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2009\psksvc.exe [2010-11-1 28928]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\omppi.sys --> c:\windows\system32\drivers\omppi.sys [?]
R3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2010-10-28 45696]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2010-11-1 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 gmd;gmd;\??\c:\docume~1\admini~1\locals~1\temp~gmd.tmp --> c:\docume~1\admini~1\locals~1\Temp~gmd.tmp [?]
S4 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2009\PavFnSvr.exe [2010-11-1 169216]
S4 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-11-1 62768]
S4 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2009\PAVSRV51.EXE [2010-11-1 288512]

=============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2010-11-01 12:28:44 54016 ----a-w- c:\windows\system32\drivers\xiybwsug.sys
2010-11-01 12:21:14 103140 --sh--r- C:\tdqpgk.exe
2010-11-01 10:15:02 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-11-01 10:14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-01 10:14:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 10:14:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-01 10:14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 08:16:59 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-11-01 08:15:59 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-11-01 08:14:59 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-11-01 08:13:51 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-11-01 08:12:35 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-11-01 08:11:55 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-11-01 08:10:20 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-11-01 08:09:58 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-11-01 08:08:59 6216 -c--a-w- c:\windows\system32\dllcache\divaci.dll
2010-11-01 08:07:47 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2010-11-01 08:06:59 56623 -c--a-w- c:\windows\system32\dllcache\ati1btxx.sys
2010-11-01 05:33:27 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Panda Security
2010-11-01 05:30:29 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
2010-11-01 05:30:27 207452 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-11-01 05:30:23 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-11-01 05:30:23 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-11-01 05:30:23 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-11-01 05:30:13 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-11-01 05:30:13 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-11-01 05:30:13 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-11-01 05:30:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-11-01 05:29:58 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-11-01 05:29:48 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-11-01 05:29:42 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-11-01 05:29:42 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-11-01 05:29:42 520448 ----a-w- c:\windows\system32\PavSHook.dll
2010-11-01 05:29:42 193280 ----a-w- c:\windows\system32\TpUtil.dll
2010-11-01 05:29:42 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-11-01 05:29:40 197888 ----a-w- c:\windows\system32\drivers\neti1634.sys
2010-11-01 05:29:38 58672 ----a-w- c:\windows\system32\avldr.dll
2010-11-01 05:29:38 -------- d-----w- c:\windows\system32\PAV
2010-11-01 05:29:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-11-01 05:29:37 -------- d-----w- c:\docume~1\admini~1\applic~1\Panda Security
2010-11-01 05:27:35 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-01 05:27:35 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-11-01 05:27:35 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-11-01 05:27:34 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-11-01 05:27:34 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-11-01 05:27:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-11-01 05:27:33 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-11-01 05:27:32 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-11-01 05:26:45 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-11-01 05:26:45 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-11-01 05:26:45 -------- d-----w- c:\program files\common files\Panda Security
2010-10-31 11:36:15 -------- d-----w- c:\windows\system32\appmgmt
2010-10-31 08:52:19 -------- d--h--w- c:\windows\$hf_mig$
2010-10-31 07:52:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-10-31 07:07:58 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Help
2010-10-31 06:57:04 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\PackageAware
2010-10-31 03:31:27 -------- d-sha-r- C:\cmdcons
2010-10-31 03:22:11 98816 ----a-w- c:\windows\sed.exe
2010-10-31 03:22:11 85504 ----a-w- c:\windows\MBR.exe
2010-10-31 03:22:11 256512 ----a-w- c:\windows\PEV.exe
2010-10-31 03:22:11 161792 ----a-w- c:\windows\SWREG.exe
2010-10-31 03:06:46 -------- d-----w- c:\windows\pss
2010-10-30 12:13:20 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Ares
2010-10-30 12:12:57 -------- d-----w- c:\program files\Ares
2010-10-30 11:05:14 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe
2010-10-30 10:34:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-30 08:59:40 -------- d-----w- c:\docume~1\admini~1\applic~1\BitZipper
2010-10-30 08:49:57 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2010-10-29 17:12:57 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-10-29 14:53:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-29 13:37:02 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-29 13:36:52 -------- d-----w- c:\program files\Panda Security
2010-10-29 10:13:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-29 10:07:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-29 08:50:57 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-10-29 07:04:49 -------- d-----w- c:\docume~1\admini~1\applic~1\Registry Mechanic
2010-10-28 13:15:21 390240 ----a-w- c:\windows\system32\mkdriver.dll
2010-10-28 13:14:56 -------- d-----w- c:\program files\Mydrivers

==================== Find3M ====================

2010-10-28 08:01:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-28 08:01:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-27 20:57:44 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-23 20:52:32 922112 ------w- c:\windows\system32\imapi2fs.dll
2010-09-23 20:52:32 426496 ------w- c:\windows\system32\imapi2.dll

============= FINISH: 18:00:26.34 ===============


ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-31.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2010 11:57:05 AM
System Uptime: 11/1/2010 5:48:49 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 09D8h
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2793/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 5.015 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 0.936 GiB free.
E: is FIXED (NTFS) - 28 GiB total, 9.644 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 1.532 GiB free.
G: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP32: 10/31/2010 1:39:59 PM - IObit Uninstaller RestorePoint
RP33: 10/31/2010 4:55:19 PM - Installed Windows XP KB921883.
RP34: 10/31/2010 5:06:12 PM - Removed Ask Toolbar.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced SystemCare 3
Apple Software Update
AutoUpdate
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Driver Genius 2004
FLV Player 2.0 (build 25)
Intel(R) Extreme Graphics 2 Driver
Malwarebytes' Anti-Malware
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.12)
MSVC80_x86_v2
Nokia Connectivity Cable Driver
Nokia PC Suite
Opera 9.64
Panda ActiveScan 2.0
Panda Global Protection 2009
PC Connectivity Solution
Picasa 3
Priyan's Folder Protect
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Security Update for Windows XP (KB921883)
VideoLAN VLC media player 0.8.5
WebFldrs XP
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
WinRAR archiver
WinZip
Wise Registry Cleaner 5.8.5

==== Event Viewer Messages From Past Week ========

11/1/2010 5:50:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
11/1/2010 3:06:09 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
11/1/2010 3:05:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
11/1/2010 11:09:46 AM, error: Service Control Manager [7034] - The Panda IManager Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 11:09:46 AM, error: Service Control Manager [7034] - The Panda Function Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 11:09:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PAVSRV service.
11/1/2010 11:09:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
11/1/2010 10:56:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda Process Protection Service service to connect.
11/1/2010 10:56:46 AM, error: Service Control Manager [7000] - The Panda Process Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2010 1:47:32 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
11/1/2010 1:31:18 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
11/1/2010 1:31:15 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
11/1/2010 1:30:48 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
10/31/2010 9:12:15 AM, error: PlugPlayManager [11] - The device Root\LEGACY_MRXNET\0000 disappeared from the system without first being prepared for removal.
10/31/2010 9:12:15 AM, error: PlugPlayManager [11] - The device Root\LEGACY_MRXCLS\0000 disappeared from the system without first being prepared for removal.
10/31/2010 9:12:15 AM, error: PlugPlayManager [11] - The device Root\LEGACY_DRVKILLER\0000 disappeared from the system without first being prepared for removal.
10/31/2010 9:12:15 AM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.
10/30/2010 6:43:49 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
10/30/2010 6:40:27 PM, error: Service Control Manager [7000] - The DrvKiller service failed to start due to the following error: The system cannot find the file specified.
10/30/2010 4:37:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect.
10/30/2010 4:37:23 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 1:24:42 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 1:24:42 PM, error: Service Control Manager [7022] - The AVG Free8 WatchDog service hung on starting.
10/28/2010 1:24:42 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/28/2010 1:23:04 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 4 time(s).
10/28/2010 1:22:56 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 3 time(s).
10/28/2010 1:22:48 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 2 time(s).
10/28/2010 1:18:56 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
10/28/2010 1:18:56 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL. Reference error message: The operation completed successfully. .
10/28/2010 1:18:56 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
10/28/2010 1:17:11 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .
10/28/2010 1:10:15 PM, error: Service Control Manager [7031] - The The Shield Deluxe 2009 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================


ok this are all these logs i got , i have unistall panda as it could not help me at all

 
0
 

Uninstall this program, Advanced SystemCare 3 as it is absolute junk. Also remove the Wise Registry Cleaner 5.8.5. There is rarely any reason to "clean" the registry. If there are infected registry entries then programs like MBA-M will remove them.
Your MBA-M program is way out of date and was not updated prior to running. Please update it and run another Full Scan. Have it remove everything found, reboot and post back here with the log.
Panda or most other av programs do not remove Trojans, which is what you have. The also, generally do no protect against Trojans. The reason being is that they are configured totally differently from viruses.

 
0
 

hi, yes i did uninstall what ever you told me and i did update the MBA-M and then rescan the system and this is the log ,THANKs in advance

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5070

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/8/2010 12:11:33 PM
mbam-log-2010-11-08 (12-11-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 172922
Time elapsed: 51 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Malware.Packer.Gen) -> Delete on reboot.
C:\qusli.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\ustiln.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\ilsu.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\TAB PEN DRIVE\RegTool v2.8.3415.454 + Serial By AnOn\RegTool v2.8.3415.454.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\pcorut.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\chrne.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\Tabrez Soft\System Cleaner\RegTool v2.8.3415.454 + Serial By AnOn\RegTool v2.8.3415.454.exe (Rogue.Installer) -> Quarantined and deleted successfully.

 
0
 

Everytime I run a full system scan using Malwarebytes Anti-Malware, it identifies the following issues:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 
0
 

Clean out your temp files, fill out as much personal info as you feel necessary at this link and follow the directions here. You have obviously have something very different on there.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

* Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
* Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
* A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
* Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
* If the scan did not start automatically, make sure the following are checked:
o Running processes
o Windows Registry
o Local Hard Drives
* Click Start scan.
* Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
* When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
* Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
o Files tagged as Removable: No are not marked for removal and cannot be removed.
o Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
o Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
* Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
* A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
* After reboot, a dialog box displays the files you selected for removal and the action taken.
* Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
* When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
* This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

 
0
 

Hi again , okz i have install the sar anti root kit file and did scan the system but the result it show is nothing. it says no hidden files found

 
0
 

Are you now able to use your Panda program?

 
0
 

Hi , i can just download new version of panda and hardly i could install it , it dont create any short cut of desk nor it open automatically , when i try to run panda 2011 version from programmes folder in status menu panda reads as ENABLE ANTI VIRUS and i could not enable dont know why nor i could enable the update too

 
0
 

Did you uninstall the old version of Panda?

 
0
 

yes i told you as the problem was same with old and new panda, when i was installing it asked me to uniNSTALL MBA-M too , i scaaned the whole system but could not find any thing

 
0
 

I have to be honest here. You have done multiple things, out of order, or without being told, like running combofix. You have installed av programs run scans, removed av programs and then posted logs done before the av programs were removed.You were supposed to post the sophos log but didn't.
I don't know that there is anything I can do to assist you. I am certain there is a rootkit on there but I cannot be certain since the programs have really been run in a strange order. You say "it" tells you to uninstall MBA-M, what tells you to uninstall MBA-M?

 
0
 

Is your OS new installed? Have you tried other anti-virus software?

 
0
 

Hi .. Sorry for my late reply but i must appreciate you and thanks very very much for the help , yes my system is now perfect i just missed to run windows malicious software in the beginning ,but when i followed your procedure step by step everything is being solved ... THANKS AGAIN ..BEST REGARDS TO YOU

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article