Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer log?


  • Please log in to reply
1 reply to this topic

#1 samnetmeg

samnetmeg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 03 July 2012 - 11:26 AM

Nothing in red or highlighted?

Does that mean you are good to go ?
here is a copy of the log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-03 11:06:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC67
Running: q964853e.exe; Driver: C:\Users\HOGANT~1\AppData\Local\Temp\kfqdikog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E905C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\HOGANT~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4292] kernel32.dll!CreateThread 7641279D 5 Bytes JMP 6E5B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!EnableWindow 7659A72E 5 Bytes JMP 6E5F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!UnhookWindowsHookEx 7659CC7B 5 Bytes JMP 6E63ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!CallNextHookEx 7659CC8F 5 Bytes JMP 6E617FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DefWindowProcA 7659E0E4 7 Bytes JMP 6E5B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!CreateWindowExA 7659E18A 5 Bytes JMP 6E5C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!CreateWindowExW 765A0E51 5 Bytes JMP 6E6203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!SetWindowsHookExW 765A210A 5 Bytes JMP 6E5F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DefWindowProcW 765A724B 7 Bytes JMP 6E618042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DialogBoxIndirectParamW 765C4AA7 5 Bytes JMP 6E748D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DialogBoxParamW 765C564A 5 Bytes JMP 6E55187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DialogBoxParamA 765DCF6A 5 Bytes JMP 6E748D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!DialogBoxIndirectParamA 765DD29C 5 Bytes JMP 6E748DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!MessageBoxIndirectA 765EE8C9 5 Bytes JMP 6E748CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!MessageBoxIndirectW 765EE9C3 5 Bytes JMP 6E748C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!MessageBoxExA 765EEA29 5 Bytes JMP 6E748BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] USER32.dll!MessageBoxExW 765EEA4D 5 Bytes JMP 6E748B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] ole32.dll!OleLoadFromStream 768E5BF6 5 Bytes JMP 6E74955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WININET.dll!HttpOpenRequestA 75E75761 5 Bytes JMP 66040C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WININET.dll!HttpOpenRequestW 75E75FEF 5 Bytes JMP 66040D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!closesocket 76383BED 5 Bytes JMP 65F763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!socket 76383F00 5 Bytes JMP 65F756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!recv 763847DF 5 Bytes JMP 65F766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!connect 763848BE 5 Bytes JMP 65F75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!getaddrinfo 76386737 5 Bytes JMP 65F7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4292] WS2_32.dll!send 7638C4C8 5 Bytes JMP 65F75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!EnableWindow 7659A72E 5 Bytes JMP 6E5F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamW 765C4AA7 5 Bytes JMP 6E748D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamW 765C564A 5 Bytes JMP 6E55187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamA 765DCF6A 5 Bytes JMP 6E748D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamA 765DD29C 5 Bytes JMP 6E748DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectA 765EE8C9 5 Bytes JMP 6E748CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectW 765EE9C3 5 Bytes JMP 6E748C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExA 765EEA29 5 Bytes JMP 6E748BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExW 765EEA4D 5 Bytes JMP 6E748B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] kernel32.dll!CreateThread 7641279D 5 Bytes JMP 6E5B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!EnableWindow 7659A72E 5 Bytes JMP 6E5F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!UnhookWindowsHookEx 7659CC7B 5 Bytes JMP 6E63ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!CallNextHookEx 7659CC8F 5 Bytes JMP 6E617FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DefWindowProcA 7659E0E4 7 Bytes JMP 6E5B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!CreateWindowExA 7659E18A 5 Bytes JMP 6E5C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!CreateWindowExW 765A0E51 5 Bytes JMP 6E6203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!SetWindowsHookExW 765A210A 5 Bytes JMP 6E5F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DefWindowProcW 765A724B 7 Bytes JMP 6E618042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxIndirectParamW 765C4AA7 5 Bytes JMP 6E748D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxParamW 765C564A 5 Bytes JMP 6E55187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxParamA 765DCF6A 5 Bytes JMP 6E748D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!DialogBoxIndirectParamA 765DD29C 5 Bytes JMP 6E748DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxIndirectA 765EE8C9 5 Bytes JMP 6E748CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxIndirectW 765EE9C3 5 Bytes JMP 6E748C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxExA 765EEA29 5 Bytes JMP 6E748BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] USER32.dll!MessageBoxExW 765EEA4D 5 Bytes JMP 6E748B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] ole32.dll!OleLoadFromStream 768E5BF6 5 Bytes JMP 6E74955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WININET.dll!HttpOpenRequestA 75E75761 5 Bytes JMP 66040C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WININET.dll!HttpOpenRequestW 75E75FEF 5 Bytes JMP 66040D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!closesocket 76383BED 5 Bytes JMP 65F763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!socket 76383F00 5 Bytes JMP 65F756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!recv 763847DF 5 Bytes JMP 65F766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!connect 763848BE 5 Bytes JMP 65F75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!getaddrinfo 76386737 5 Bytes JMP 65F7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5900] WS2_32.dll!send 7638C4C8 5 Bytes JMP 65F75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\program files\lenovo\system update\suservice.exe[368] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A95E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:36 PM

Posted 03 July 2012 - 12:43 PM

Hello samnetmeg
While the GMER log looks clean. Thar means you don't have the rootkits it looks for and not necessarily a cleann machine. So what is going on that makes you run GMER?

We can run other tools to look further.

If so we could use a bit more info...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users