Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't seem to run any .exe files


  • This topic is locked This topic is locked
40 replies to this topic

#1 thetrial

thetrial

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 16 April 2014 - 08:02 PM

Copied from my previous post:

 

Hi all and thanks in advance for any help you might be able to provide,

 

I am currently trying to help my friend who realized that he can't start many .exe files on his computer recently. He first noticed this when trying to install a game file he had downloaded, though this same file worked on my computer. We soon realized this applied to many other exe files, most importantly some antivirus programs such as Malwarebytes that he can't run, or seemingly any other programs that we think would help.

 

We're currently at a loss of what to do next since we don't think we could run anything that we think could aid us -- any help would be greatly appreciated.

 

:unsure:

original post: http://www.bleepingcomputer.com/forums/t/531224/can-not-open-exe-files-virusworm/

 

After some kind help from noknojon I got the following results:

Here are my results from SecurityCheck -- I was unable to run the other programs following thisone:

 Results of screen317's Security Check version 0.99.81  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 7  
 Java version out of Date!
  Adobe Flash Player 11.9.900.117 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 15.0 Firefox out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 
Could not run MiniToolBox.
 
Could not run RKill by Grinler.
 
Could not run AdwCleaner.
 
Could not run MBAM Clean / Malwarebytes Anti-Malware Free.
 
Message that occurs: Windows cannot find 'C:\users\kristofer\desktop\rkill.exe'. Make sure you typed the name correctly, and then try again."
 
I tried to run DDS from step 6 (where I was told to start from) of this Preparation Guide: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ but could not, getting the same error as noted above.
 
-- Any and all help would be much appreciated. Thank you.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 21 April 2014 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets try this.

You will need a flash drive to do this...do you have one? If so, please do the following:

A CD will do instead of the Flash Drive.

Download ComboFix from any of the links below but rename it to svchost.exe before saving it to your Flash Driver or CD. <- Important.

Link 1
Link 2

Once you have it downloaded to your Flash Drive or CD, I want you to save it directly to your C:\ drive. Be sure to do this in Normal Mode.
Double click on the renamed ComboFix.exe & follow the prompts.

* When finished, it will produce a report for you.
* Please post the C:\ComboFix.txt so we can continue cleaning the system.

===

Let me know what problem persists.

#3 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 23 April 2014 - 09:04 PM

Hi nasdaq, thank you so much for your reply!

 

Unfortunately this did not seem to work for me.

 

I downloaded ComboFix onto a different computer, changed the name, and then copied it to a flash drive.

Then connected the flash drive to the problem laptop. However, I could not save/copy/cut this new file into C:\ nor make a new folder anywhere in C:\ to save it to as well. It says Destination Folder Access Denied: You'll need to provide administrator permission to move this folder, when I click the "continue" button (has a shield on it) it does nothing, the pop-up goes away but the file is not saved there.

 

* I just tried again, and now I can make a folder in C:\ and was able to copy it there (but can not copy it directly to the drive, I had to make that "new folder" first). But the original error comes up again when I try to run it "windows can not find svchost.exe make sure you type the name correctly and try again."

 

:unsure:



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 24 April 2014 - 09:00 AM

Go to this page with a good computer.
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

Click on this link

exe - Executable application files.


Download the .reg file to your Flash Drive.

Copy that file to the desktop of the problem computer and run it.
Accept the prompt and let it finish.
I should not take long.

Can you now run .exe files?

#5 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 25 April 2014 - 06:52 PM

Hi nasdaq - I was able to download to a different computer and copied to the desktop of the problem computer. But could not run or merge, or anything with it:

 

e3fvk.png



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 26 April 2014 - 07:28 AM

Try this.

Open the Windows Start > in the search file type
Default_EXE.reg

If the file is found it will be listed on top of the pane.
Right click on the file and run as an administrator.

If it run it will not take very long.

Can you now execute .exe files?

#7 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 26 April 2014 - 02:04 PM

Unfortunately - there weren't any search results that matched..



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 27 April 2014 - 08:22 AM

I was able to download to a different computer and copied to the desktop of the problem computer. But could not run or merge, or anything with it:


Can you copy the download file to an other folder.
Any folder will do. Just make a note where to find it.

Navigate to the folder and run the file from there.

#9 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 27 April 2014 - 10:25 PM

i tried moving and opening from a folder in both C and D and they were unsuccessful as well with the same pop up prompt/notice as before. I also tried the option "open with" with the program "registry editor" which did nothing.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 28 April 2014 - 06:54 AM

Lets try this.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

#11 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 28 April 2014 - 07:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-OA45I94 on 28-04-2014 17:01:01
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16328736 2009-06-11] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Turbo Gear Help] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe [1026048 2009-08-05] ()
HKLM-x32\...\Run: [Turbo Gear] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe [2987520 2009-08-05] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-22] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\Kristofer\...\Run: [Google Update] => C:\Users\Kristofer\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-08] (Google Inc.)
HKU\Kristofer\...\Run: [Spotify Web Helper] => C:\Users\Kristofer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-19] (Spotify Ltd)
Startup: C:\Users\Kristofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
 
==================== Services (Whitelisted) =================
 
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-22] (AVG Secure Search)
S2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()
 
==================== Drivers (Whitelisted) ====================
 
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-22] (AVG Technologies)
S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
S5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [124928 2010-11-10] (Razer USA Ltd)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
S3 tmlwf; 
S3 tmwfp; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 17:00 - 2014-04-28 17:01 - 00000000 ____D () C:\FRST
2014-04-27 19:22 - 2014-04-27 19:22 - 00005828 _____ () C:\Users\Kristofer\Desktop\Default_EXE (1).reg
2014-04-25 15:38 - 2014-04-24 17:54 - 00005828 _____ () C:\Users\Kristofer\Desktop\Default_EXE.reg
2014-04-25 15:33 - 2014-04-25 15:34 - 00264624 _____ () C:\Windows\Minidump\042514-33571-01.dmp
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Windows\Minidump\042414-34023-01.dmp
2014-04-23 17:52 - 2014-04-27 19:13 - 00000000 ____D () C:\poop
2014-04-23 17:43 - 2014-04-23 17:29 - 05196870 _____ (Swearware) C:\Users\Kristofer\Desktop\svchost.exe
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-16 16:53 - 2014-04-16 16:53 - 00688992 _____ (Swearware) C:\Users\Kristofer\Desktop\dds.com
2014-04-16 15:55 - 2014-04-16 15:55 - 00987448 _____ () C:\Users\Kristofer\Desktop\SecurityCheck.exe
2014-04-15 21:02 - 2014-04-15 21:03 - 99239192 _____ (Microsoft Corporation) C:\Users\Kristofer\Downloads\msert.exe
2014-04-15 20:47 - 2014-04-15 20:47 - 00004320 _____ () C:\Users\Kristofer\Downloads\ExeFix.reg
2014-04-14 20:43 - 2014-04-14 20:43 - 07058728 _____ (Blizzard Entertainment) C:\Users\Kristofer\Downloads\Hearthstone-Setup-enUS.exe
2014-04-14 17:00 - 2014-04-14 17:00 - 00986624 _____ () C:\Users\Kristofer\Downloads\MicrosoftFixit50850 (1).msi
2014-04-14 16:58 - 2014-04-14 16:58 - 00986624 _____ () C:\Users\Kristofer\Downloads\MicrosoftFixit50850.msi
2014-04-14 16:51 - 2014-04-14 16:51 - 06866728 _____ (Blizzard Entertainment) C:\Users\Kristofer\Downloads\Battle.net-Setup-enUS.exe
2014-04-14 16:07 - 2014-04-14 16:07 - 00292192 _____ () C:\Windows\Minidump\041414-40794-01.dmp
2014-04-14 09:26 - 2014-04-15 20:56 - 00000041 _____ () C:\Users\Kristofer\AppData\Roaming\mbam.context.scan
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 17:01 - 2014-04-28 17:00 - 00000000 ____D () C:\FRST
2014-04-28 15:57 - 2013-06-07 10:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-28 15:57 - 2012-04-06 20:21 - 00045056 _____ () C:\Windows\System32\acovcnt.exe
2014-04-28 15:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 15:56 - 2009-07-13 20:51 - 00132708 _____ () C:\Windows\setupact.log
2014-04-28 15:55 - 2012-03-02 12:52 - 01759664 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 15:55 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 15:55 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 19:25 - 2012-03-08 16:01 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914378091-1000614111-719738909-1000UA.job
2014-04-27 19:22 - 2014-04-27 19:22 - 00005828 _____ () C:\Users\Kristofer\Desktop\Default_EXE (1).reg
2014-04-27 19:13 - 2014-04-23 17:52 - 00000000 ____D () C:\poop
2014-04-27 19:12 - 2009-07-13 21:13 - 00714754 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-27 19:11 - 2012-05-31 22:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-26 11:04 - 2012-03-08 16:01 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914378091-1000614111-719738909-1000Core.job
2014-04-25 19:41 - 2013-10-28 11:00 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-25 15:34 - 2014-04-25 15:33 - 00264624 _____ () C:\Windows\Minidump\042514-33571-01.dmp
2014-04-25 15:33 - 2012-03-10 16:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 20:45 - 2014-04-24 20:45 - 00000000 _____ () C:\Windows\Minidump\042414-34023-01.dmp
2014-04-24 17:54 - 2014-04-25 15:38 - 00005828 _____ () C:\Users\Kristofer\Desktop\Default_EXE.reg
2014-04-23 17:29 - 2014-04-23 17:43 - 05196870 _____ (Swearware) C:\Users\Kristofer\Desktop\svchost.exe
2014-04-23 08:06 - 2012-08-27 09:44 - 00000000 ____D () C:\Users\Kristofer\AppData\Roaming\Mozilla
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-16 16:53 - 2014-04-16 16:53 - 00688992 _____ (Swearware) C:\Users\Kristofer\Desktop\dds.com
2014-04-16 15:55 - 2014-04-16 15:55 - 00987448 _____ () C:\Users\Kristofer\Desktop\SecurityCheck.exe
2014-04-15 21:03 - 2014-04-15 21:02 - 99239192 _____ (Microsoft Corporation) C:\Users\Kristofer\Downloads\msert.exe
2014-04-15 20:56 - 2014-04-14 09:26 - 00000041 _____ () C:\Users\Kristofer\AppData\Roaming\mbam.context.scan
2014-04-15 20:47 - 2014-04-15 20:47 - 00004320 _____ () C:\Users\Kristofer\Downloads\ExeFix.reg
2014-04-14 21:21 - 2013-10-28 10:58 - 00000000 ____D () C:\Users\Kristofer\AppData\Local\Avg2014
2014-04-14 20:43 - 2014-04-14 20:43 - 07058728 _____ (Blizzard Entertainment) C:\Users\Kristofer\Downloads\Hearthstone-Setup-enUS.exe
2014-04-14 17:00 - 2014-04-14 17:00 - 00986624 _____ () C:\Users\Kristofer\Downloads\MicrosoftFixit50850 (1).msi
2014-04-14 16:58 - 2014-04-14 16:58 - 00986624 _____ () C:\Users\Kristofer\Downloads\MicrosoftFixit50850.msi
2014-04-14 16:51 - 2014-04-14 16:51 - 06866728 _____ (Blizzard Entertainment) C:\Users\Kristofer\Downloads\Battle.net-Setup-enUS.exe
2014-04-14 16:24 - 2012-11-07 09:44 - 00000000 ____D () C:\Users\Kristofer\AppData\Roaming\uTorrent
2014-04-14 16:07 - 2014-04-14 16:07 - 00292192 _____ () C:\Windows\Minidump\041414-40794-01.dmp
2014-04-10 15:31 - 2012-04-16 21:42 - 00000000 ____D () C:\Users\Kristofer\AppData\Roaming\SoftGrid Client
2014-04-06 20:02 - 2012-08-02 17:45 - 00000000 ____D () C:\Users\Kristofer\Desktop\Olympus Tough
2014-04-02 09:34 - 2012-06-23 01:42 - 00000000 ____D () C:\Users\Kristofer\Desktop\Med school stuff
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
 
Some content of TEMP:
====================
C:\Users\Kristofer\AppData\Local\Temp\atl80.dll
C:\Users\Kristofer\AppData\Local\Temp\avguidx.dll
C:\Users\Kristofer\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Kristofer\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Kristofer\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Kristofer\AppData\Local\Temp\jna2476124466395979501.dll
C:\Users\Kristofer\AppData\Local\Temp\jna3161830460013615429.dll
C:\Users\Kristofer\AppData\Local\Temp\jna3244285647334498449.dll
C:\Users\Kristofer\AppData\Local\Temp\jna7997050513200566194.dll
C:\Users\Kristofer\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Kristofer\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\Kristofer\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Kristofer\AppData\Local\Temp\KMP_3.7.0.109.exe
C:\Users\Kristofer\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Kristofer\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Kristofer\AppData\Local\Temp\mfc80.dll
C:\Users\Kristofer\AppData\Local\Temp\mfc80u.dll
C:\Users\Kristofer\AppData\Local\Temp\mfcm80.dll
C:\Users\Kristofer\AppData\Local\Temp\mfcm80u.dll
C:\Users\Kristofer\AppData\Local\Temp\msvcm80.dll
C:\Users\Kristofer\AppData\Local\Temp\msvcp80.dll
C:\Users\Kristofer\AppData\Local\Temp\msvcr80.dll
C:\Users\Kristofer\AppData\Local\Temp\oi_{8A0463A8-1173-479E-9D2A-CA35F748506A}.exe
C:\Users\Kristofer\AppData\Local\Temp\oi_{ECD0F0B8-0EC0-4060-9691-EE8BE37EAA83}.exe
C:\Users\Kristofer\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Kristofer\AppData\Local\Temp\TmDbg32.dll
C:\Users\Kristofer\AppData\Local\Temp\TmDbg64.dll
C:\Users\Kristofer\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 6143.04 MB
Available physical RAM: 5486.38 MB
Total Pagefile: 6141.18 MB
Available Pagefile: 5481.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:15.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:332.72 GB) (Free:189.24 GB) NTFS
Drive f: () (Removable) (Total:28.88 GB) (Free:21.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9D570D8A)
Partition 1: (Not Active) - (Size=17 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 162B31EC)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0B)
 
 
LastRegBack: 2014-04-25 17:28
 
==================== End Of Log ============================


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 29 April 2014 - 07:19 AM


Will now try this.

Start the computer Using Last Known Good Configuration
How to here.
http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7

Restart the computer when done.

Run the Farbar Recovery Scan Tool normally and post the log if you can.

#13 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 29 April 2014 - 09:11 PM

Still can not open the file, getting the same error message as before.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:23 PM

Posted 30 April 2014 - 08:14 AM

Run this tool and post the log if you can.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#15 thetrial

thetrial
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:23 AM

Posted 30 April 2014 - 10:49 PM

Still not able to open .exe files. Same message as before:

 

6pbbrzD.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users