Ran Malwarebyte and still having problems

View previous topic View next topic Go down

Ran Malwarebyte and still having problems

Post by cailinaingeal on Sat May 07, 2011 4:51 pm

I have run Malwarebyte. It did find infected files and I removed them. Now none of my shortcuts on my desktop or quick launch will not work. When I try clicking on a shortcut I get an Open With pop-up.

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 6523

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/6/2011 10:50:41 PM
mbam-log-2011-05-06 (22-50-41).txt

Scan type: Quick scan
Objects scanned: 144204
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Users\Owner\AppData\Local\wyn.exe (Trojan.FakeAlert) -> 3920 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\AppData\Local\wyn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\jar_cache1644612214837611026.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Owner\local settings\application data\wyn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22081
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by Crush on Sat May 07, 2011 7:24 pm

Hi,

Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to Combo-Fix.exe to prevent it from being blocked by malware.

Refer to this image:



  • To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by cailinaingeal on Sat May 07, 2011 9:12 pm

ComboFix 11-05-06.05 - Owner 05/07/2011 16:35:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.766.208 [GMT -4:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\TVtuner\Liteon\Resources\_desktop.ini
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 20:51 . 2011-05-07 20:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-05-07 20:51 . 2011-05-07 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 12:36 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3CB149C-CFF0-4FD5-A435-B04F66C1CFD0}\mpengine.dll
2011-04-28 08:51 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 08:51 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 08:50 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 03:23 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 03:23 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 03:23 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 03:23 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 03:23 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 03:23 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 03:22 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 03:22 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 03:22 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 03:22 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 03:22 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 03:22 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 03:22 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 03:22 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 03:22 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 03:22 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-28 08:51 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 08:51 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 08:51 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 08:51 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 10:48 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 10:48 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 10:48 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{392d065e-4679-4d12-8342-2a2d505fd309}"= "c:\program files\Quizulous2\prxtbQuiz.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 15:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{392d065e-4679-4d12-8342-2a2d505fd309}]
2011-01-03 15:16 175400 ----a-w- c:\program files\Quizulous2\prxtbQuiz.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{392d065e-4679-4d12-8342-2a2d505fd309}"= "c:\program files\Quizulous2\prxtbQuiz.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{392D065E-4679-4D12-8342-2A2D505FD309}"= "c:\program files\Quizulous2\prxtbQuiz.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{392d065e-4679-4d12-8342-2a2d505fd309}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 4468736]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-06-24 1029712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Skytel"="Skytel.exe" [2007-05-18 1826816]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2007-06-11 21:54 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-06-27 09:15 752136 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-05-24 20:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
2007-04-24 18:49 45056 ----a-w- c:\windows\PLFSet.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-08 11:57 413696 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-25 13:44 171448 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
HKCU-Run-Radio365Agent - (no file)
HKCU-RunServices-go[1] - c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGBK38GL\go[1].exe
HKCU-RunServices-VisualStudio - c:\users\owner\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-23b01448-n\msvcp71visual.exe
HKCU-RunServices-musiconeBooks - c:\users\Owner\AppData\Local\Microsoft\OneNote\12.0\Backup\Personal Notebook\Booksmovies.exe
HKCU-RunServices-SteinerHandbook - c:\users\Owner\Documents\Battletech\House Books\SteinerHouse.exe
HKCU-RunServices-CalendarOwners - c:\users\Owner\AppData\Local\Microsoft\Windows Calendar\Calendars\CalendarOwners13454.exe
HKCU-RunServices-HouseHandbook - c:\users\owner\documents\battletech\house books\steinerhouse.exe
HKCU-RunServices-FlashFlash - c:\users\owner\appdata\locallow\adobe\shockwave player 11\xtras\download\adobesystemsincorporated\flashasset\flashflash.exe
HKCU-RunServices-StudioStudio - c:\users\owner\appdata\locallow\sun\java\deployment\cache\6.0\46\759e98ee-66c2c11f-n\javafxmsvcp71.exe
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
MSConfigStartUp-SetPanel - c:\acer\APanel\APanel.cmd
AddRemove-AHX-1 - c:\ahx-1\DeIsL1.isu
AddRemove-Galactic Civilizations II - Dread Lords - c:\progra~1\STARDO~1\GalCiv2\UNWISE.EXE
AddRemove-Radio365 2.1 - c:\progra~1\Live365\Radio365\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-07 16:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-07 16:58:15
ComboFix-quarantined-files.txt 2011-05-07 20:57
.
Pre-Run: 2,742,280,192 bytes free
Post-Run: 2,728,181,760 bytes free
.
- - End Of File - - 87C4503EB301C6C8987BC3A88C127321

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22081
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by Crush on Sun May 08, 2011 6:16 pm

Hi,

How's the machine running now?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by cailinaingeal on Sun May 08, 2011 6:19 pm

Hello,

Everything seems to be working the way it should and back to normal speed. Thanks so much for your help.

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22081
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by Crush on Sun May 08, 2011 6:42 pm

Great to hear we just have some housekeeping to do now.

I see you have Adobe Reader version 9 installed on here, this is old and has holes malware may abuse, we need to close these holes.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Adobe Reader 9

Then download and install Adobe Reader X from here:
[You must be registered and logged in to see this link.]
=======

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

========

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by cailinaingeal on Sun May 08, 2011 7:10 pm

Housekeeping completed. Thanks!

cailinaingeal
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-12-07
Gender Gender : Female
OS OS : Vista
Points Points : 22081
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ran Malwarebyte and still having problems

Post by Crush on Sun May 08, 2011 8:58 pm

Happy to help

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum