1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Java Icon not in control panel

Discussion in 'Windows XP' started by redkidsdog, May 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    You should keep IE updated even if you don't use it as it gets used in the background for updates.

    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  2. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    I forgot to name it puppy.exe, hope it doesnt mess things up...here is the info...

    ComboFix 12-05-26.02 - cynthia dennis 05/26/2012 19:12:16.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2391 [GMT -4:00]
    Running from: c:\documents and settings\cynthia dennis\My Documents\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Favorites\ehthumbs.db
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\5095D8B1.TMP
    c:\documents and settings\All Users\Application Data\TEMP\9B7E8561.TMP
    c:\documents and settings\All Users\Application Data\TEMP\ABE30DDB.TMP
    c:\documents and settings\All Users\Application Data\TEMP\B35A4CE2.TMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    c:\documents and settings\All Users\Favorites\ehthumbs.db
    c:\documents and settings\cynthia dennis\GoToAssistDownloadHelper.exe
    c:\windows\EventSystem.log
    c:\windows\system32\Cache
    c:\windows\system32\Cache\1563ac6259bce0f7.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\DC31DEC.dll
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\system32\pthreadVC.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 20:13 . 2012-05-26 20:13 -------- d-----w- c:\program files\Common Files\Java
    2012-05-26 20:13 . 2012-05-26 20:13 0 ----a-w- c:\windows\system32\REN97.tmp
    2012-05-26 18:08 . 2012-05-26 18:08 0 ----a-w- c:\windows\system32\REN160.tmp
    2012-05-26 18:08 . 2012-05-26 18:08 0 ----a-w- c:\windows\system32\REN15F.tmp
    2012-05-24 21:47 . 2012-05-24 21:47 0 ----a-w- c:\windows\system32\REN9A.tmp
    2012-05-24 21:35 . 2012-05-24 21:35 0 ----a-w- c:\windows\system32\REN5D.tmp
    2012-05-24 21:35 . 2012-05-24 21:35 0 ----a-w- c:\windows\system32\REN5C.tmp
    2012-05-24 20:26 . 2012-05-24 20:26 0 ----a-w- c:\windows\system32\RENF7.tmp
    2012-05-24 20:13 . 2012-05-24 20:13 0 ----a-w- c:\windows\system32\RENC5.tmp
    2012-05-24 20:13 . 2012-05-24 20:13 0 ----a-w- c:\windows\system32\RENC4.tmp
    2012-05-24 19:53 . 2012-05-24 19:53 0 ----a-w- c:\windows\system32\RENAF.tmp
    2012-05-24 19:34 . 2012-05-24 19:34 -------- d-----w- c:\documents and settings\cynthia dennis\Local Settings\Application Data\VS Revo Group
    2012-05-24 19:34 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-05-24 19:34 . 2012-05-24 19:34 -------- d-----w- c:\program files\VS Revo Group
    2012-05-24 18:01 . 2012-05-24 18:01 0 ----a-w- c:\windows\system32\REN6C.tmp
    2012-05-24 18:01 . 2012-05-24 18:01 0 ----a-w- c:\windows\system32\REN6B.tmp
    2012-05-23 22:00 . 2012-05-23 22:00 0 ----a-w- c:\windows\system32\REN7DF.tmp
    2012-05-23 21:56 . 2012-05-23 21:56 0 ----a-w- c:\windows\system32\REN78D.tmp
    2012-05-23 21:56 . 2012-05-23 21:56 0 ----a-w- c:\windows\system32\REN78C.tmp
    2012-05-23 21:39 . 2012-05-23 21:39 0 ----a-w- c:\windows\system32\REN746.tmp
    2012-05-23 19:53 . 2012-05-23 19:53 0 ----a-w- c:\windows\system32\REN415.tmp
    2012-05-23 19:53 . 2012-05-23 19:53 0 ----a-w- c:\windows\system32\REN414.tmp
    2012-05-23 18:55 . 2012-05-23 18:55 0 ----a-w- c:\windows\system32\REN350.tmp
    2012-05-23 18:55 . 2012-05-23 18:55 0 ----a-w- c:\windows\system32\REN34F.tmp
    2012-05-10 23:04 . 2012-05-10 23:04 0 ----a-w- c:\windows\system32\REN122.tmp
    2012-05-10 23:04 . 2012-05-10 23:04 0 ----a-w- c:\windows\system32\REN121.tmp
    2012-05-10 21:58 . 2012-05-10 21:58 -------- d-----w- c:\documents and settings\cynthia dennis\Local Settings\Application Data\Sun
    2012-05-09 03:26 . 2012-05-09 03:26 -------- d-----w- c:\documents and settings\cynthia dennis\Application Data\Oracle
    2012-05-09 03:26 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-05-09 03:22 . 2012-05-09 03:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-09 01:57 . 2012-05-09 01:57 0 ----a-w- c:\windows\system32\REN15B.tmp
    2012-05-09 01:57 . 2012-05-09 01:57 0 ----a-w- c:\windows\system32\REN15A.tmp
    2012-05-09 01:09 . 2012-05-13 16:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-01 17:44 . 2012-05-01 17:44 -------- d-----w- c:\program files\Ask.com
    2012-05-01 17:44 . 2012-05-26 20:33 -------- d-----w- c:\documents and settings\cynthia dennis\Local Settings\Application Data\AskToolbar
    2012-05-01 17:43 . 2012-05-01 17:43 -------- d-----w- c:\documents and settings\cynthia dennis\Local Settings\Application Data\APN
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-13 16:27 . 2011-09-29 18:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:14 . 2005-08-16 10:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12 . 2005-08-16 10:18 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 22:47 . 2011-11-29 02:52 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 21:17 . 2012-04-04 21:17 0 ----a-w- c:\windows\system32\REN352.tmp
    2012-04-04 21:17 . 2012-04-04 21:17 0 ----a-w- c:\windows\system32\REN351.tmp
    2012-04-04 19:56 . 2010-11-15 16:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 02:00 . 2012-03-02 02:00 0 ----a-w- c:\windows\system32\REN87.tmp
    2012-03-02 02:00 . 2012-03-02 02:00 0 ----a-w- c:\windows\system32\REN86.tmp
    2012-03-01 01:25 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 01:25 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
    2012-03-01 01:25 . 2005-08-16 10:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-03-01 01:25 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
    2012-02-29 14:10 . 2005-08-16 10:18 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2005-08-16 10:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2011-03-01 02:08 . 2011-03-01 02:08 453 ----a-w- c:\program files\0228201121084248.bat
    2011-03-01 01:39 . 2011-03-01 01:39 453 ----a-w- c:\program files\0228201120393061.bat
    2012-04-21 01:19 . 2012-05-09 03:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-08-16 19:00 . 2010-08-16 19:01 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
    .
    [7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
    .
    [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2011-12-08 23:33 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-08 1547104]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2012-01-11 2659768]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
    "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-08 827232]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\documents and settings\cynthia dennis\Start Menu\Programs\Startup\
    HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2011-8-16 142848]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^cynthia dennis^Start Menu^Programs^Startup^RCA Detective.lnk]
    backup=c:\windows\pss\RCA Detective.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\Launch\aollaunch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1a\aol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    2010-07-13 20:40 70720 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-03-18 16:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-08-06 03:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
    2005-07-22 19:03 425984 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-08-16 19:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPClientMonitor]
    2007-08-06 16:59 45056 ----a-w- c:\program files\GalleryPlayer\Player\GPClientMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPDownloadManager]
    2007-08-06 16:59 163840 ----a-w- c:\program files\GalleryPlayer\Player\GPDownloadManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2011-11-19 21:15 0 ----a-w- c:\program files\Common Files\AOL\1142377546\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2005-09-09 01:20 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
    2009-10-01 15:53 20480 ----a-w- c:\program files\Plaxo\3.23.0.11\plaxosystray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    2009-10-01 15:53 403015 ----a-w- c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-02-14 17:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2005-03-23 06:20 339968 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
    2003-11-18 23:20 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 02:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1142377546\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1142377546\\ee\\aim6.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1142377546\\ee\\aolservicehost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\AOL 9.1a\\waol.exe"=
    "%windir%\\system32\\lsass.exe"=
    "c:\\Program Files\\AVG\\AVG Anti-Vrus Free Edition 10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AOL Desktop 9.6a\\waol.exe"=
    "c:\\Program Files\\AOL Desktop 9.6a\\AOLBrowser\\aolbrowser.exe"=
    "c:\\Program Files\\pogo games\\PogoDGC.exe"=
    "c:\\Program Files\\pogo games\\WebUpdater.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/14/2010 11:01 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/14/2010 10:01 PM 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/14/2010 10:01 PM 909728]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/26/2012 9:47 PM 54328]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/26/2012 9:47 PM 574424]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 295248]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 239240]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 25240]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/14/2010 10:01 PM 253352]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2/26/2012 9:34 PM 185560]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [1/19/2011 3:38 PM 546768]
    R2 PGMTrusted;PGMTrusted;c:\program files\Pogo Games\PGMTrusted.exe [1/4/2012 10:40 AM 519888]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2/26/2012 9:33 PM 402336]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/12/2007 5:41 PM 24652]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2/26/2012 9:39 PM 56840]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/14/2010 11:01 PM 70536]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/26/2012 9:47 PM 35264]
    R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
    S2 gupdate1c9e86fcf03a50a;Google Update Service (gupdate1c9e86fcf03a50a);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 3:32 PM 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG Anti-Vrus Free Edition 10\Toolbar\ToolbarBroker.exe [11/14/2010 11:24 PM 1025352]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/14/2006 1:20 PM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 3:32 PM 133104]
    S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [6/7/2008 9:37 PM 430336]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 11:22 PM 129976]
    S3 Normandy;Normandy SR2; [x]
    S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device;c:\windows\system32\drivers\DC31Bulk.sys [6/7/2008 9:37 PM 28669]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/24/2012 3:34 PM 27064]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver32
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 19:31]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 19:31]
    .
    2012-05-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 20:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 66.82.4.8
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    FF - ProfilePath - c:\documents and settings\cynthia dennis\Application Data\Mozilla\Firefox\Profiles\nb892ffe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    BHO-{7917456F-57BE-44A2-8EAD-DCFC24EDB2F4} - okid02.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-PCTools FGuard - c:\program files\PC Tools Security\BDT\FGuard.exe
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-InstaLAN - c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
    MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-26 20:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{60E7*CAC-E9A7-4302-B9EE-8582EDE22FBF}]
    "Compatibility Flags"=dword:00000400
    "Pst"=dword:00000002
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(824)
    c:\program files\PC Tools Security\TFEngine\TFNI.dll
    .
    - - - - - - - > 'lsass.exe'(888)
    c:\windows\system32\guard32.dll
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - - - - > 'explorer.exe'(6000)
    c:\windows\system32\WININET.dll
    c:\windows\system32\guard32.dll
    c:\program files\AOL Deskbar\deskbar.dll
    c:\program files\Common Files\AOL\AOL Toolbar\smartbox.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\program files\PC Tools Security\TFEngine\TFNI.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\PC Tools Security\pctsSvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\wanmpsvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\PC Tools Security\TFEngine\TFService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-26 20:23:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-27 00:21
    ComboFix2.txt 2010-08-15 22:11
    .
    Pre-Run: 24,625,180,672 bytes free
    Post-Run: 26,255,294,464 bytes free
    .
    - - End Of File - - D0124CBD88AE9C843C9645FD884838F2
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    Your machine seems to be using older versions of some files when newer versions are available so we'll copy the latest versions to override the older ones.

    c:\program files\0228201121084248.bat
    c:\program files\0228201120393061.bat

    But before proceeding, can you tell me what these batch files are for? Did you create them intentionally? If you don't recognize them, you can right-click on them and select "edit" and it should open up in Notepad. You can copy/paste the contents here.
     
  4. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    These are files from pogo download games, i have no problem if they need to be deleted. I didnt create them intentionally though.

    :tryDelete
    IF EXIST "C:\Program Files\Oberon Media\Jewel Quest 3" GOTO WaitAndTryAgain
    ping -n 2 localhost>NUL
    for /f %%a in ('dir /b "C:\Program Files\Oberon Media"') do ( GOTO End )
    :EmptyLabel
    echo "EMPTY"
    rd /s /q "C:\Program Files\Oberon Media"
    IF EXIST "C:\Program Files\Oberon Media" GOTO WaitAndTryAgain
    GOTO End
    :WaitAndTryAgain
    ping -n 2 localhost>NUL
    GOTO tryDelete
    :End
    Del /F /Q "C:\Program Files\0228201121084248.bat"


    :tryDelete
    IF EXIST "C:\Program Files\Oberon Media\Jewel Quest 3" GOTO WaitAndTryAgain
    ping -n 2 localhost>NUL
    for /f %%a in ('dir /b "C:\Program Files\Oberon Media"') do ( GOTO End )
    :EmptyLabel
    echo "EMPTY"
    rd /s /q "C:\Program Files\Oberon Media"
    IF EXIST "C:\Program Files\Oberon Media" GOTO WaitAndTryAgain
    GOTO End
    :WaitAndTryAgain
    ping -n 2 localhost>NUL
    GOTO tryDelete
    :End
    Del /F /Q "C:\Program Files\0228201120393061.bat"
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    I don't believe they are causing any problems. Just wanted to be sure they weren't malicious.

    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    c:\windows\system32\REN97.tmp
    c:\windows\system32\REN160.tmp
    c:\windows\system32\REN15F.tmp
    c:\windows\system32\REN9A.tmp
    c:\windows\system32\REN5D.tmp
    c:\windows\system32\REN5C.tmp
    c:\windows\system32\RENF7.tmp
    c:\windows\system32\RENC5.tmp
    c:\windows\system32\RENC4.tmp
    c:\windows\system32\RENAF.tmp
    c:\windows\system32\REN6C.tmp
    c:\windows\system32\REN6B.tmp
    c:\windows\system32\REN7DF.tmp
    c:\windows\system32\REN78D.tmp
    c:\windows\system32\REN78C.tmp
    c:\windows\system32\REN746.tmp
    c:\windows\system32\REN415.tmp
    c:\windows\system32\REN414.tmp
    c:\windows\system32\REN350.tmp
    c:\windows\system32\REN34F.tmp
    c:\windows\system32\REN122.tmp
    c:\windows\system32\REN121.tmp
    c:\windows\system32\REN15B.tmp
    c:\windows\system32\REN15A.tmp
    c:\windows\system32\REN352.tmp
    c:\windows\system32\REN351.tmp
    c:\windows\system32\REN87.tmp
    c:\windows\system32\REN86.tmp
    
    FCopy::
    c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
    c:\windows\ServicePackFiles\i386\ksuser.dll | c:\windows\system32\ksuser.dll
    c:\windows\ServicePackFiles\i386\aec.sys | c:\windows\system32\drivers\aec.sys
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{60E7*CAC-E9A7-4302-B9EE-8582EDE22FBF}]
    
    
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  6. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    I cant find the combo fix, not on a shortcut. Sorry, i know its a simple thing, but i am having trouble for sure.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    It was supposed to be placed on the desktop but instead you put it here:

    c:\documents and settings\cynthia dennis\My Documents\Downloads\ComboFix.exe
     
  8. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    I am taking the text shortcut and placing it in the cat icon, but its not running. I messed up earlier and it started to work, but i didnt have the text in it, so i stopped it. Did I make a major error by doing that??? I hope not. But, its not launching now.
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    Try moving both to the desktop and then execute the script.
     
  10. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    That is how I did it the first time. Moved the script shortcut to the combofix.exe shortcut, and dropped it into the combofix. How should I have done it?
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    They are not shortcuts, they are the actual files.

    Did you move the ComboFix.exe file from your "My Documents\Downloads" folder to the desktop?
     
  12. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    Yes, it is now on the desktop. As well as the CFScript.txt.
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    Now try to drop the CFScript.txt onto the ComboFix.exe please.
     
  14. redkidsdog

    redkidsdog Thread Starter

    Joined:
    May 24, 2012
    Messages:
    47
    I have both files on my desktop screen with a shortcut. I retried to drop them, and the mouse spins for a moment then nothing else happens.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,587
    Please run a new scan with ComboFix as you did before (disable security programs) and post that log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1054519