Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open Exe Files


  • This topic is locked This topic is locked
42 replies to this topic

#1 Homerj24

Homerj24

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 06 August 2011 - 11:03 AM

Hello,

The other day AVG uncovered a virus. I attempted to run MBAM, but seconds into the scan the program shut down and I could no longer access it. I ran SAS and it found a trojan that required a reboot to clean. Once the pc restarted all exe files can no longer be accessed. I can only open them with the 'run task' option within Task Manager. I am running XP. Please help.

was able to run a hijack this log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:05 PM, on 8/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SASCORE.EXE
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Jeff\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} (RemoteWeb2 Control) - http://www.advr.com..../RemoteWeb2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1281189759234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1254064109437
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SASCORE.EXE
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9693 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 07 August 2011 - 06:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Find the .exe file association link and follow the top instructions to get the associations back.

Let me know when you've done this.
Posted Image
m0le is a proud member of UNITE

#3 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 07 August 2011 - 09:22 PM

I was able to import this successfully into the registry. The icons are still missing, but I was able to open exe files ..... until I rebooted. After a restart everything went back to the way it was.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 08 August 2011 - 12:21 PM

If you have malware then the reboot will reset the associations. Carry out the same procedure but do not reboot.

Instead run Combofix, as shown

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 08 August 2011 - 07:25 PM

ComboFix 11-08-08.02 - Jeff 08/08/2011 20:03:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1328 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff\Application Data\inst.exe
c:\documents and settings\Jeff\Application Data\PriceGong
c:\documents and settings\Jeff\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jeff\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Jeff\Local Settings\Application Data\{7DD22FF3-3E64-4465-AF44-8E925C909BDC}
c:\documents and settings\Jeff\Local Settings\Application Data\{7DD22FF3-3E64-4465-AF44-8E925C909BDC}\chrome.manifest
c:\documents and settings\Jeff\Local Settings\Application Data\{7DD22FF3-3E64-4465-AF44-8E925C909BDC}\chrome\content\_cfg.js
c:\documents and settings\Jeff\Local Settings\Application Data\{7DD22FF3-3E64-4465-AF44-8E925C909BDC}\chrome\content\overlay.xul
c:\documents and settings\Jeff\Local Settings\Application Data\{7DD22FF3-3E64-4465-AF44-8E925C909BDC}\install.rdf
c:\windows\$NtUninstallKB1376$
c:\windows\$NtUninstallKB1376$\3160431593
c:\windows\$NtUninstallKB1376$\3283237165\Desktop.ini
c:\windows\$NtUninstallKB1376$\3283237165\L\jcgozmhh
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-06 02:24 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-08-06 02:24 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-05 02:35 . 2011-08-05 02:35 388096 ----a-r- c:\documents and settings\Jeff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 20:26 . 2011-08-03 20:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-03 19:50 . 2011-08-03 19:54 -------- d-----w- c:\documents and settings\Administrator.KOUFAX
2011-08-03 19:30 . 2011-08-03 19:30 -------- d-----w- c:\documents and settings\Jeff\Application Data\SUPERAntiSpyware.com
2011-08-03 19:29 . 2011-08-03 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-03 19:29 . 2011-08-03 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-03 16:10 . 2011-08-03 16:39 -------- d-----w- c:\documents and settings\Jeff\Application Data\HandBrake
2011-08-03 16:10 . 2011-08-03 16:10 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\HandBrake
2011-08-03 04:21 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 04:21 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 13:18 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-08-02 05:10 . 2011-08-02 13:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-02 05:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-19 01:25 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-07-19 01:14 . 2011-07-19 01:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 16:03 . 2010-07-09 04:14 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2011-08-02 16:02 . 2010-07-09 04:13 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-16 12:24 . 2011-06-16 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2007-07-22 10:31 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-21 2734688]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-08-21 03:52 2734688 ----a-w- c:\program files\ZoneAlarm\tbZon1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-21 2734688]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZon1.dll" [2010-08-21 2734688]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\program files\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-05-17 01:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jeff^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jeff\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jeff^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Jeff\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-14 17:25 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 02:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2011-03-15 21:41 2071904 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2008-04-14 17:25 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- d:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 22:08 162328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 22:09 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 22:08 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-11-15 21:05 4364248 ----a-w- d:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2007-03-26 21:17 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 01:09 4599680 ----a-w- d:\program files\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2/24/2009 2:39 AM 39472]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 10:57 PM 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/16/2009 12:49 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/16/2009 12:49 AM 243152]
R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SASCore.exe [7/18/2011 8:02 PM 123264]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:22 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:22 AM 308136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/17/2009 10:48 PM 632792]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2/24/2009 10:08 PM 812544]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [8/30/2009 9:45 PM 18560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-07-02 14:40]
.
2011-08-07 c:\windows\Tasks\RMSmartUpdate.job
- d:\program files\Registry Mechanic\Update.exe [2011-03-20 16:26]
.
2011-07-05 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-07-02 14:29]
.
2011-08-02 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-02 14:49]
.
2011-07-19 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-02 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Jeff\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} - hxxp://www.advr.com.tw/CAB/RemoteWeb2.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\08tah599.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://zdfod.baseball.cbssports.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
d:\program files\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG9\avgnsx.exe
d:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-08-08 20:22:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 00:22
.
Pre-Run: 5,788,008,448 bytes free
Post-Run: 6,046,539,776 bytes free
.
- - End Of File - - 4DA29262C5E3D5BF3566C3F6A5F85BAC

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 09 August 2011 - 03:29 PM

Next please run MBAM and then scan the system online with ESET, as shown below

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#7 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 09 August 2011 - 08:42 PM

MBAM found a couple of trojans, but after a restart exe files could not load properly & I could not continue to let it process the clean up. The log file is attached.

I downloaded the ESET scanner. I accepted terms of use & hit start. On the next screen it attempts to download components. It errors out stating "Can not get update. Is proxy configured?"

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 10 August 2011 - 07:00 PM

MBAM only found Java cache items. They are not live malware.


As for the proxy issue:

In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".

In Firefox you find the Proxy server settings this like this. In Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 10 August 2011 - 08:06 PM

I will be away from now until the 14th of August.

If you are okay to wait for my return then that's fine. If you aren't then please let me know.
Posted Image
m0le is a proud member of UNITE

#10 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 10 August 2011 - 08:16 PM

No luck. Get the same thing with both Firefox (the download) and IE. Here is a screen shot.

Posted Image

Uploaded with ImageShack.us

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 10 August 2011 - 08:21 PM

Please try and run a BitDefender QuickScan
  • Click Start Scanner
  • Click Start Scan

    If you are running Firefox you should accept the installation of the Plug-in and restart Firefox
    If you are running Internet Explorer then allow the ActiveX control to install when prompted.


  • Click Start Scan
  • Check the I ACCEPT box on the EULA and click OK
When the scan has finished, it should take about a minute, click View Log and copy and paste the log into your next reply.
Posted Image
m0le is a proud member of UNITE

#12 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 10 August 2011 - 10:41 PM

No infections found with BitDefender. Log attached.

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:27 PM

Posted 15 August 2011 - 05:49 PM

That looks fine. How's the machine running?
Posted Image
m0le is a proud member of UNITE

#14 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 15 August 2011 - 06:37 PM

Icons are still missing for exe files and shortcuts to exe files. Also, when I restart I cannot open exe files again.

#15 Homerj24

Homerj24
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 15 August 2011 - 06:38 PM

Would doing a system restore back a few months help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users