Solved Terrible worm infecting alot of computers

Jeremie · 2013/07/10

For some reason i'm getting messages about enabling antivirus and firewall,but I cant cant do either. Strange bc my Symantec is enabled. Firewall I cant turn on no matter what I do. Also windows security essentials is now installed. Which I dont want.

broni · 2013/07/10

Also windows security essentials is now installed.
Click to expand...

That's strange.
Uninstall it and see if Norton gets back to normal.

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ngcjphjq.sys -- (ngcjphjq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mzuenvyc.sys -- (mzuenvyc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bchzdbqq.sys -- (bchzdbqq)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/01/31 13:48:06 | 000,002,048 | -HS- | M] () -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\@
[2011/11/17 01:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L
[2011/11/17 01:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Jeremie · 2013/07/12

Security essentials was not in add remove program. So I couldn't remove it. Instead I left it installed to see if any came up. I also have messages that windows found and removed small.ca virus and blacoleref virus. After all scans windows is still displaying I have av programs ,but none are enabled. (symantec is enabled as well as malwarebytes.)

All processes killed
========== OTL ==========
Service ngcjphjq stopped successfully!
Service ngcjphjq deleted successfully!
File C:\Windows\system32\drivers\ngcjphjq.sys not found.
Service mzuenvyc stopped successfully!
Service mzuenvyc deleted successfully!
File C:\Windows\system32\drivers\mzuenvyc.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Mike\AppData\Local\Temp\catchme.sys not found.
Service bchzdbqq stopped successfully!
Service bchzdbqq deleted successfully!
File C:\Windows\system32\drivers\bchzdbqq.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\@ moved successfully.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L folder moved successfully.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25861643 bytes
->Java cache emptied: 103251 bytes
->Flash cache emptied: 6774 bytes

User: Jeise.LATRONICA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 76597662 bytes
->Java cache emptied: 117674 bytes
->Flash cache emptied: 825 bytes

User: Jeise.LATRONICAcopy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14871922 bytes
->Java cache emptied: 4049 bytes
->Flash cache emptied: 470 bytes

User: jeremie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 32746 bytes
->Flash cache emptied: 910 bytes

User: madelyn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6530650 bytes
->Java cache emptied: 107397 bytes
->Google Chrome cache emptied: 370229265 bytes
->Flash cache emptied: 1432315 bytes

User: Mike
->Temp folder emptied: 1623581 bytes
->Temporary Internet Files folder emptied: 9663268 bytes
->Java cache emptied: 5493 bytes
->Google Chrome cache emptied: 198066390 bytes
->Flash cache emptied: 598 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tanya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vianka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66571 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 598 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1640532 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 674.00 mb

[EMPTYJAVA]

User: All Users

User: bob

User: Default

User: Default User

User: DefaultAppPool

User: JC
->Java cache emptied: 0 bytes

User: Jeise.LATRONICA
->Java cache emptied: 0 bytes

User: Jeise.LATRONICAcopy
->Java cache emptied: 0 bytes

User: jeremie
->Java cache emptied: 0 bytes

User: madelyn
->Java cache emptied: 0 bytes

User: Mike
->Java cache emptied: 0 bytes

User: Public

User: tanya
->Java cache emptied: 0 bytes

User: Vianka
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: JC
->Flash cache emptied: 0 bytes

User: Jeise.LATRONICA
->Flash cache emptied: 0 bytes

User: Jeise.LATRONICAcopy
->Flash cache emptied: 0 bytes

User: jeremie
->Flash cache emptied: 0 bytes

User: madelyn
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

User: tanya
->Flash cache emptied: 0 bytes

User: Vianka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07112013_212713

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jeremie · 2013/07/12

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 21
Java version out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.71
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Jeremie · 2013/07/12

All processes killed
========== OTL ==========
Service ngcjphjq stopped successfully!
Service ngcjphjq deleted successfully!
File C:\Windows\system32\drivers\ngcjphjq.sys not found.
Service mzuenvyc stopped successfully!
Service mzuenvyc deleted successfully!
File C:\Windows\system32\drivers\mzuenvyc.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Mike\AppData\Local\Temp\catchme.sys not found.
Service bchzdbqq stopped successfully!
Service bchzdbqq deleted successfully!
File C:\Windows\system32\drivers\bchzdbqq.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\@ moved successfully.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L folder moved successfully.
C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25861643 bytes
->Java cache emptied: 103251 bytes
->Flash cache emptied: 6774 bytes

User: Jeise.LATRONICA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 76597662 bytes
->Java cache emptied: 117674 bytes
->Flash cache emptied: 825 bytes

User: Jeise.LATRONICAcopy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14871922 bytes
->Java cache emptied: 4049 bytes
->Flash cache emptied: 470 bytes

User: jeremie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 32746 bytes
->Flash cache emptied: 910 bytes

User: madelyn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6530650 bytes
->Java cache emptied: 107397 bytes
->Google Chrome cache emptied: 370229265 bytes
->Flash cache emptied: 1432315 bytes

User: Mike
->Temp folder emptied: 1623581 bytes
->Temporary Internet Files folder emptied: 9663268 bytes
->Java cache emptied: 5493 bytes
->Google Chrome cache emptied: 198066390 bytes
->Flash cache emptied: 598 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tanya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vianka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66571 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 598 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1640532 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57126 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 674.00 mb

[EMPTYJAVA]

User: All Users

User: bob

User: Default

User: Default User

User: DefaultAppPool

User: JC
->Java cache emptied: 0 bytes

User: Jeise.LATRONICA
->Java cache emptied: 0 bytes

User: Jeise.LATRONICAcopy
->Java cache emptied: 0 bytes

User: jeremie
->Java cache emptied: 0 bytes

User: madelyn
->Java cache emptied: 0 bytes

User: Mike
->Java cache emptied: 0 bytes

User: Public

User: tanya
->Java cache emptied: 0 bytes

User: Vianka
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: JC
->Flash cache emptied: 0 bytes

User: Jeise.LATRONICA
->Flash cache emptied: 0 bytes

User: Jeise.LATRONICAcopy
->Flash cache emptied: 0 bytes

User: jeremie
->Flash cache emptied: 0 bytes

User: madelyn
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

User: tanya
->Flash cache emptied: 0 bytes

User: Vianka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07112013_212713

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/07/12

You posted OTL fix log twice.

I still need FSS and Eset scans.

When done uninstall Norton using this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html
Install fresh copy and see if it works properly.

Jeremie · 2013/07/16

ESET came up with no threats. Didnt see an option to export log. only option was to close and remove.

FSS log below.

Farbar Service Scanner Version: 10-07-2013 01
Ran by Mike (administrator) on 11-07-2013 at 21:46:08
Running from "C:\Users\Mike\Downloads "
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Jeremie · 2013/07/16

uninstalled Symantec, after restart noticed it didnt uninstall. On restart it was active and so was MS security essentials. both seem to be running ok for the moment....

broni · 2013/07/16

You can't be running two AV programs.
At first you didn't have any AV program then you installed MSE.
Where did Symantec come from?

Security Check doesn't show any AV program running.
What's going on?
Please explain.

Jeremie · 2013/07/18

Lets bring it all together.

1. I never installed MSE. IT appeared after combofix. I do not want it.
2.I couldn't install it because it was no where to be found in the "uninstall programs ", services.msc, nor msconfig startup. also couldnt find it in the registry
3. I still get a windows notifications telling me that no antivirus program is running. It lists MSE and Symantec. It provides the option to enable. When I select enable neither of them turn on. However when I open Symantec from the system tray it says "up to date" and enabled. Same with MSE.
4. As mentioned before I also have notification that windows found a small.ca virus and a blacoleref

broni · 2013/07/18

Which AV program do you want to use?

4. Info coming from what program?
What are the file names and locations of those findings?

Jeremie · 2013/07/22

symantec is the av program I want to use. The alert came from windows notifications.

broni · 2013/07/22

What are the file names and locations of those findings?
Click to expand...

...

Post new Security Check log.

Jeremie · 2013/07/24

I get and error that flashes quickly than dissapears. Error line 1 ...but the check continues.

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Jeremie · 2013/07/24

Error Variable must be type object

broni · 2013/07/24

You can install Symantec/Norton now.

You didn't answer my question which I asked twice already:

What are the file names and locations of those findings?
Click to expand...

Jeremie · 2013/07/24

"Jeremie said: ↑

Lets bring it all together.

4. As mentioned before I also have notification that windows found a small.ca virus and a blacoleref
Click to expand...

It does not provide a location for blacoleref. The other is possibly in win32 sinces its called "WIN32/small.ca "

"Jeremie said: ↑

uninstalled Symantec, after restart noticed it didnt uninstall. On restart it was active and so was MS security essentials. both seem to be running ok for the moment....
Click to expand...

This happens every time I try to uninstall symantec. as mentioned before the icons in the task bar say that both programs(symantec &MSE) are running and up to date. however windows notifications say they are not. Also now noticing that windows will not update. I ran SFC and it said some of windows files were damaged and could not be repaired.

broni · 2013/07/24

Run this tool to uninstall Norton: http://www.majorgeeks.com/files/details/norton_removal_tool.html
Then reinstall.

broni · 2013/07/28

Still with me?

broni · 2013/08/02

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Log in or Sign up

Solved Terrible worm infecting alot of computers

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Terrible worm infecting alot of computers

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches