"application.exe has encountered a poblem and needs to close.."

[yuvinus]

Hi,
I recently used windows xp sp2 to fomat my laptop.. but i cant install any new softwares in my laptop..
cant install any antivirus, google chrome, safai, java.. eveythin shows message like"application.exe has encountered a poblem and needs to close..".. searched the forum for similar probs and found that
wuauclt.exe is affected.but cant remove it.. even if ty deletin it, it appears again and again.. any soln for this 
thnks in advance

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr

Once you've gotten one of them to run then try to immediately run the following.
************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[yuvinus]

Hi,
I tried followin the above steps in the above link..
but i cant install any software..
i tied installin it many times..
at the completion of the installation of antivirus it says"setup_av_free.exe has encountered a problem and needs to close.  We are sorry for the inconvenience."for online amor it says"oaui.exe has encountered a problem and needs to close.  We are sorry for the inconvenience".

[SuperDave]

at the completion of the installation of antivirus it says"setup_av_free.exe has encountered a problem and needs to close.  We are sorry for the inconvenience."for online amor it says"oaui.exe has encountered a problem and needs to close.  We are sorry for the inconvenience".

Are you saying that you don't have an anti-virus program or Firewall installed. Please try this:
Reboot in Safe Mode and run the MBAM scan. Reboot in Normal Mode and run MBAM again. If you don't have an AV program choose one of these free ones and install it. Please let me know if successful.

Here's how to get into Safe Mode.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 I prefer MicroSoft Security Essentials.

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[yuvinus]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2011 at 05:24 PM

Application Version : 4.48.1000

Core Rules Database Version : 0
Trace Rules Database Version: 4015

Scan type       : Complete Scan
Total Scan Time : 00:07:13

Memory items scanned      : 299
Memory threats detected   : 0
Registry items scanned    : 3807
Registry threats detected : 0
File items scanned        : 637
File threats detected     : 23

Adware.Tracking Cookie
   F:\Documents and Settings\yuvi\Cookies\yuvi@cgi-bin[2].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@kontera[2].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][2].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@zedo[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@tribalfusion[2].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][2].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][1].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][1].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][2].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@collective-media[2].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@dmtracker[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@smartadserver[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@doubleclick[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@revsci[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@serving-sys[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@chitika[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@media6degrees[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@steelhousemedia[2].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@adtech[1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@ak[2].txt
   F:\Documents and Settings\yuvi\Cookies\[email protected][1].txt
   F:\Documents and Settings\yuvi\Cookies\yuvi@accounts[1].txt

[yuvinus]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5560

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/20/2011 7:34:49 PM
mbam-log-2011-01-20 (19-34-49).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 140678
Time elapsed: 16 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[yuvinus]

 Results of screen317's Security Check version 0.99.8 
 Windows XP Service Pack 2 
 Out of date service pack!!
 Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Online Armor 4.0   
 McAfee Security Scan Plus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[yuvinus]

tried to install microsoft essentials. . but it again displayed this error message

"mseinstall.exe has encountered a problem and needs to close.  We are sorry for the inconvenience."
 

[SuperDave]

tried to install microsoft essentials. . but it again displayed this error message

"mseinstall.exe has encountered a problem and needs to close.  We are sorry for the inconvenience."

Please select one of the other AV programs and install it. You need to have a AV program because it's too risky to continue without one.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[yuvinus]

ComboFix 11-01-20.03 - yuvi 01/21/2011  20:02:56.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.502.288 [GMT 5.5:30]
Running from: f:\documents and settings\yuvi\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-12-21 to 2011-01-21  )))))))))))))))))))))))))))))))
.

2011-01-21 02:21 . 2011-01-21 02:21   --------   d-----w-   F:\Intel

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="f:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCtlSuc"="f:\program files\3G Data Card\Resource\MCtlSuc.exe" [2010-09-26 94720]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="f:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   f:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R3 u302bus;HSPADataCard WMC Bus Driver (WDM);f:\windows\system32\drivers\u302bus.sys [7/30/2010 9:23 AM 119112]
R3 u302mdfl;HSPADataCard Modem Filter;f:\windows\system32\drivers\u302mdfl.sys [7/30/2010 9:23 AM 14920]
R3 u302mdm;HSPADataCard Modem Driver;f:\windows\system32\drivers\u302mdm.sys [7/30/2010 9:23 AM 135880]
R3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);f:\windows\system32\drivers\u302mgmt.sys [7/30/2010 9:23 AM 129992]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [1/20/2011 5:47 PM 136176]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [1/21/2011 7:46 AM 1684736]
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:17]

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {45FA6F7A-2BB7-47DA-A79B-046BD0F1EC3F} = 4.2.2.2 218.248.240.135
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - f:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 20:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
f:\program files\SUPERAntiSpyware\SASWINLO.DLL
f:\windows\system32\igfxdev.dll
.
Completion time: 2011-01-21  20:15:19
ComboFix-quarantined-files.txt  2011-01-21 14:45
ComboFix2.txt  2011-01-19 23:59

Pre-Run: 16,009,834,496 bytes free
Post-Run: 16,521,809,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 030C7A329611EB73B5F000CECCB717FE

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The

log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list].

[yuvinus]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A9374000
Module End: A938C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F89A1000
Module End: F89A3000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: F:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: F:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: F:\Qoobox\BackEnv\VikPev00
Status: Access denied

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[yuvinus]

F:\Documents and Settings\yuvi\Desktop\registrybooster.exe   multiple threats   deleted
F:\System Volume Information\_restore{4C41E693-27D4-4C27-9D4E-12A41289BAD7}\RP22\A0007991.exe   multiple threats   deleted