[Resolved] All .EXE files locked - Believe The Cause Is "Security
#1
Posted 28 October 2009 - 07:04 PM
Register to Remove
#2
Posted 28 October 2009 - 07:21 PM
#3
Posted 28 October 2009 - 07:47 PM
Please do the following:
Please download exeHelper to your desktop.
- Double-click on exeHelper.com to run the fix.
- A black window should pop up, press any key to close once the fix is completed.
- Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
NEXT
Download and run Win32kDiag:
- Download Win32kDiag from any of the following locations and save it to your Desktop.
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#4
Posted 28 October 2009 - 08:53 PM
#5
Posted 29 October 2009 - 03:02 AM
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Try one of those...if one of them runs - stop - then run exeHelper and win32kDiag
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#6
Posted 29 October 2009 - 09:45 PM
#7
Posted 29 October 2009 - 10:10 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#8
Posted 29 October 2009 - 10:29 PM
#9
Posted 29 October 2009 - 11:33 PM
Did you try running each of those files one at a time, then running exeHelper and win32kdiag after running one of the files?
did you try that 6 times
as each of those files isn't supposed to do anything but disable the malware to allow other programs to run?
Try running this program:
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#10
Posted 30 October 2009 - 09:20 AM
Register to Remove
#11
Posted 30 October 2009 - 09:45 AM
Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 2
10/30/2009 11:32:34 AM
mbam-log-2009-10-30 (11-32-22).txt
Scan type: Quick Scan
Objects scanned: 109849
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Owner\ntuser.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\ntuser.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\ntuser.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Owner\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\HP_Owner\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
All action was taken. This was before the Quarantine.
And here is my Hi-Jack Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:39 AM, on 10/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\HP_Owner\ntuser.dll,_IWMPEvents@0
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://bestbuy.mvm.c...yerAX_Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189652665921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189652621625
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c8fdb016204386) (gupdate1c8fdb016204386) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 12468 bytes
#12
Posted 30 October 2009 - 03:11 PM
Please do the following:
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#13
Posted 30 October 2009 - 05:15 PM
ComboFix 09-10-30.01 - HP_Owner 10/30/2009 18:51.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1518 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\HP_Owner\Application Data\inst.exe
c:\documents and settings\HP_Owner\ntuser.dll
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\LocalService\ntuser.dll
c:\windows\system32\calc.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 15:27 . 2008-03-20 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 03:32 . 2008-09-25 10:09 -------- d-----w- c:\program files\NavNet
2009-10-01 05:33 . 2006-01-31 11:42 406 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-09-14 21:08 . 2005-11-23 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 18:54 . 2008-11-22 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 15:51 . 2005-11-23 01:43 -------- d-----w- c:\program files\Google
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:25 . 2009-08-19 22:20 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-19 22:24 . 2009-08-19 22:20 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:24 . 2009-08-19 22:20 4363776 ----a-w- c:\windows\system32\bsdevice.dll
2009-08-19 22:20 . 2009-08-19 22:20 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20 . 2009-08-19 22:20 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-19 22:20 . 2009-08-19 22:20 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-19 22:20 . 2009-08-19 22:20 1046464 ----a-w- c:\windows\system32\anydialog.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-22 16384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 14:12 258048 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\mainapp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09 PM 30720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/22/2009 3:38 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/22/2009 3:38 AM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/19/2009 6:20 PM 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [4/29/2008 6:37 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [4/29/2008 6:37 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [4/29/2008 6:37 PM 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2008 9:50 PM 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [5/31/2006 12:49 PM 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 9:18 PM 572416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
AddRemove-010D7E30-8019-4477-AE7C-BFBBDE570CB9 - c:\program files\WildTangent\Apps\GameChannel\Games\010D7E30-8019-4477-AE7C-BFBBDE570CB9\Uninstall.exe
AddRemove-0B99A43B-A792-4003-9295-604BC687B6F6 - c:\program files\WildTangent\Apps\GameChannel\Games\0B99A43B-A792-4003-9295-604BC687B6F6\Uninstall.exe
AddRemove-1E728F26-D920-45F1-9E97-4A5690B07A7F - c:\program files\WildTangent\Apps\GameChannel\Games\1E728F26-D920-45F1-9E97-4A5690B07A7F\Uninstall.exe
AddRemove-27C7083E-4ECB-4C88-ACC1-0EDA88C00257 - c:\program files\WildTangent\Apps\GameChannel\Games\27C7083E-4ECB-4C88-ACC1-0EDA88C00257\Uninstall.exe
AddRemove-3295A049-B970-4CC5-847C-7ABF14B9F8F1 - c:\program files\WildTangent\Apps\GameChannel\Games\3295A049-B970-4CC5-847C-7ABF14B9F8F1\Uninstall.exe
AddRemove-36317AE4-57EC-4F3E-B828-009A3DD96BE8 - c:\program files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe
AddRemove-3F34F72F-9BB0-4B73-8312-558953ACF56F - c:\program files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe
AddRemove-46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1 - c:\program files\WildTangent\Apps\GameChannel\Games\46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1\Uninstall.exe
AddRemove-47298745-7194-4142-AFDA-8BE2EDFDF82E - c:\program files\WildTangent\Apps\GameChannel\Games\47298745-7194-4142-AFDA-8BE2EDFDF82E\Uninstall.exe
AddRemove-5253F22E-D4B6-49B7-9106-28D9C5395F22 - c:\program files\WildTangent\Apps\GameChannel\Games\5253F22E-D4B6-49B7-9106-28D9C5395F22\Uninstall.exe
AddRemove-58D1A004-6D3C-480A-9E0D-FAA58F3C2A62 - c:\program files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe
AddRemove-5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1 - c:\program files\WildTangent\Apps\GameChannel\Games\5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1\Uninstall.exe
AddRemove-663A22CB-3C2B-4302-9A14-BC5DAFAB2071 - c:\program files\WildTangent\Apps\GameChannel\Games\663A22CB-3C2B-4302-9A14-BC5DAFAB2071\Uninstall.exe
AddRemove-6E4D87E1-83A3-4029-A9E4-2F360442E1FC - c:\program files\WildTangent\Apps\GameChannel\Games\6E4D87E1-83A3-4029-A9E4-2F360442E1FC\Uninstall.exe
AddRemove-703E3900-69DA-47C9-9768-C6514098F149 - c:\program files\WildTangent\Apps\GameChannel\Games\703E3900-69DA-47C9-9768-C6514098F149\Uninstall.exe
AddRemove-7978E9A8-5A11-4406-BA8F-866E120352DF - c:\program files\WildTangent\Apps\GameChannel\Games\7978E9A8-5A11-4406-BA8F-866E120352DF\Uninstall.exe
AddRemove-8C4E79CC-03E1-43AA-9910-9A5113F24603 - c:\program files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe
AddRemove-95A4B97A-C363-41DD-B907-BD4AB9E4FF16 - c:\program files\WildTangent\Apps\GameChannel\Games\95A4B97A-C363-41DD-B907-BD4AB9E4FF16\Uninstall.exe
AddRemove-A9C7B4D4-A866-4696-B115-77B65D0A641A - c:\program files\WildTangent\Apps\GameChannel\Games\A9C7B4D4-A866-4696-B115-77B65D0A641A\Uninstall.exe
AddRemove-B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1 - c:\program files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe
AddRemove-B41503CB-5FE0-47E0-87C1-47BA8E660BCC - c:\program files\WildTangent\Apps\GameChannel\Games\B41503CB-5FE0-47E0-87C1-47BA8E660BCC\Uninstall.exe
AddRemove-BA910432-2C22-4BB8-9D13-46170F52C5AC - c:\program files\WildTangent\Apps\GameChannel\Games\BA910432-2C22-4BB8-9D13-46170F52C5AC\Uninstall.exe
AddRemove-C1241092-7183-480A-A289-B5920C7C56D0 - c:\program files\WildTangent\Apps\GameChannel\Games\C1241092-7183-480A-A289-B5920C7C56D0\Uninstall.exe
AddRemove-C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A - c:\program files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe
AddRemove-D11F7128-8CBD-408B-8BF8-034604DEDD42 - c:\program files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe
AddRemove-D3203C96-6C76-43D6-A3D0-5DD6A0732E83 - c:\program files\WildTangent\Apps\GameChannel\Games\D3203C96-6C76-43D6-A3D0-5DD6A0732E83\Uninstall.exe
AddRemove-DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292 - c:\program files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe
AddRemove-ED8E7ECA-9D6A-46BA-BF46-D97774AA7117 - c:\program files\WildTangent\Apps\GameChannel\Games\ED8E7ECA-9D6A-46BA-BF46-D97774AA7117\Uninstall.exe
AddRemove-F5215F01-DFC0-475D-A910-6F1AF94E807E - c:\program files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe
AddRemove-SBC Self Support Tool - c:\docume~1\HP_Owner\LOCALS~1\Temp\SST\CustomUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 19:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\ctagent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-30 19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 23:10
ComboFix2.txt 2008-12-04 05:09
ComboFix3.txt 2008-12-01 08:34
ComboFix4.txt 2008-12-01 00:10
ComboFix5.txt 2009-10-30 22:50
Pre-Run: 369,676,005,376 bytes free
Post-Run: 369,513,189,376 bytes free
- - End Of File - - 5600457DA73AEF94B7F3DEF899EC3A94
#14
Posted 30 October 2009 - 06:57 PM
Your MalwareBytes log show "no action taken" Please run it again, choose the Update tab and allow it to update.
run the program and have it remove anything it finds...post the log
NEXT
Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View scan report at the bottom.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#15
Posted 30 October 2009 - 10:11 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users