Can't run executable files

View previous topic View next topic Go down

Can't run executable files

Post by pittfan330 on 12th September 2009, 2:54 pm

Only thing I could run was Combofix. Couldn't run Hijackthis, Malwarebytes, or Spydot S&D. Here is my Combofix Log

ComboFix 09-09-11.03 - Tony 09/12/2009 10:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.406 [GMT -4:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\wpd99.drv
D:\Autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-08 04:15 . 2009-09-08 04:15 -------- d-----w- c:\program files\Trend Micro
2009-09-02 23:47 . 2009-09-02 23:47 73056 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-02 22:42 . 2009-09-02 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-02 22:38 . 2009-09-02 22:38 -------- d-----w- c:\windows\LMI1D.tmp
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 04:36 . 2009-09-02 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-02 04:36 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 03:49 . 2009-09-02 03:49 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\ICS
2009-09-01 22:11 . 2009-09-01 22:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-01 04:25 . 2009-09-12 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:25 . 2009-09-03 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\program files\Norton Support
2009-08-30 00:08 . 2009-08-30 00:08 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Symantec
2009-08-29 01:03 . 2009-08-29 01:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-29 00:56 . 2009-08-29 00:56 -------- d-----w- c:\documents and settings\Tony\Application Data\Research In Motion
2009-08-29 00:47 . 2009-08-29 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-29 00:47 . 2009-08-29 00:48 -------- d-----w- c:\program files\Roxio
2009-08-29 00:38 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-08-29 00:36 . 2009-08-29 00:37 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-29 00:36 . 2009-08-29 00:36 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:59 . 2009-05-15 01:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-29 01:03 . 2006-04-21 04:01 -------- d-----w- c:\documents and settings\Tony\Application Data\Roxio
2009-08-29 00:54 . 2006-04-17 01:09 95040 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 00:51 . 2006-02-15 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-29 00:48 . 2008-05-21 01:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 23:22 . 2009-03-14 02:35 -------- d-----w- c:\program files\Safari
2009-07-26 23:14 . 2006-05-01 02:41 -------- d-----w- c:\program files\iTunes
2009-07-26 23:13 . 2009-07-26 23:13 -------- d-----w- c:\program files\iPod
2009-07-26 23:13 . 2009-01-18 14:36 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2006-06-04 16:40 . 2006-06-04 16:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1145440098\ee\AOLSoftware.exe" [2006-03-08 48280]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-19 26112]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
PowerReg Scheduler V3.exe [2006-9-22 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2008-6-21 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145440098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [3/24/2009 9:55 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [3/24/2009 9:55 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [3/24/2009 9:53 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090910.003\IDSXpx86.sys [9/10/2009 9:18 PM 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/24/2009 9:54 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 11:34 AM 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-12 10:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 14:49

Pre-Run: 44,021,989,376 bytes free
Post-Run: 43,970,375,680 bytes free

233 --- E O F --- 2009-09-12 13:41

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 12th September 2009, 2:57 pm

As background, I was infected by Windows Police Pro. I paid $99 for Norton to remove it. Computer seemed to work fine for a couple of days, then search engines started re-directing, and I could not virus/malware related executable programs like Malwarebytes, Hijackthis, or Spybot.

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 12th September 2009, 3:16 pm

"You may not have appropriate permissions to access this item" That's the error I get when I try to run Malwarebytes, etc.

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 12th September 2009, 3:41 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:36 on 12/09/2009 by Tony (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [20:37 28/09/2008] [08:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 181248 bytes [14:47 12/09/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [02:44 18/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll ------ 181248 bytes [08:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [20:37 28/09/2008] [08:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [14:47 12/09/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [02:44 18/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll ------ 407040 bytes [08:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [20:37 28/09/2008] [08:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [14:47 12/09/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [02:43 18/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll ------ 56320 bytes [08:00 04/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 12th September 2009, 5:16 pm

Any help?

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by Belahzur on 12th September 2009, 11:09 pm

Hello.

Please download [You must be registered and logged in to see this link.] file.

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 12th September 2009, 11:44 pm

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - [You must be registered and logged in to see this link.]


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values: Access is denied.


...


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.


...

...

...

...

...

...


Failed to open \\?\c:\\Documents and Settings\Tony\Desktop\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\Navw32.exe: Access is denied.


...

...

...

..
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied.


.

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Trend Micro\HijackThis\HijackThis.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe: Access is denied.


...
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.




...

..No reparse points found.

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 13th September 2009, 3:17 am

bump

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by Metalmusk on 13th September 2009, 3:31 am

Hope you had infection when you installed Malwarebytes.

Do like this now.

Uninstall Malwarebytes & reninstall a fresh Copy of Malwarebytes & it should Work.

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27940
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 13th September 2009, 1:29 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2788
Windows 5.1.2600 Service Pack 3

9/12/2009 11:55:09 PM
mbam-log-2009-09-12 (23-55-09).txt

Scan type: Quick Scan
Objects scanned: 111096
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 13th September 2009, 1:31 pm

That was the log of the quick scan. I'll run a full scan shortly and post that log. Still can't run some other executables, like HijackThis, Spybot, or Microsoft's Malicious Software Removal Tool. Thanks for the help.

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 13th September 2009, 3:43 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2788
Windows 5.1.2600 Service Pack 3

9/13/2009 11:41:35 AM
mbam-log-2009-09-13 (11-41-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 289869
Time elapsed: 1 hour(s), 18 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by pittfan330 on 14th September 2009, 1:32 am

bump

pittfan330
Novice
Novice

Posts Posts : 11
Joined Joined : 2009-09-02
OS OS : XP
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't run executable files

Post by Metalmusk on 14th September 2009, 2:01 am

Thats the Nature of the Infection You Got. Whatever programs which displays an Error Message like "cannot find or Access specified path or device..., Do Not have Permission..." cant be executed again..

So, if you get the error for the Applications mentioned by you before, the only way to Fix it is, By uninstalling & Installing a New one.

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27940
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum