1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] can't run virus scan, mbam will not install

Discussion in 'Malware and Virus Removal Archive' started by Jepinto, 2010/12/19.

Page 2 of 2
  1. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    double post, sorry
     
    Last edited: 2010/12/20
    Jepinto,
    #21
  2. 2010/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/08/20 08:52:36 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 08:52:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
DRV - [2009/08/20 08:52:46 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 08:52:46 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/11 15:04:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\jennie_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_cus...spx?tbid=80116
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.a...d=80116&lng=en
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=3Vp0HltOMF8vkACQHg4JbQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
FF - prefs.js..keyword.URL:  "http://search.avg.com/route/?d=4cd58aab&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= "
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 16:42:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/11/06 12:04:40 | 000,000,000 | ---D | M]
[2010/11/18 22:08:23 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {00F2C0C6-2194-484E-9064-44E57787867B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\jennie_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
[2010/12/20 17:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Local Settings\Application Data\AVG Security Toolbar
[2010/12/20 15:35:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/20 14:40:25 | 004,502,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\jennie\Desktop\avg_free_stb_all_2011_1170_upgrade.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/12/20 16:37:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbmac2c9.sys
[2009/06/24 13:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2010/11/18 22:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong
[2010/11/18 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/12/19 11:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2010/11/19 15:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WhiteSmokeTranslator
[2010/08/11 13:40:52 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/11 13:42:49 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job


:Services

:Reg

:Files
C:\Program Files\AVG


:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.

    Let me know, if MBAM, or/and Combofix will run now.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVG Security Toolbar Service deleted successfully.
    C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg8emc deleted successfully.
    C:\Program Files\AVG\AVG8\avgemc.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg8wd deleted successfully.
    C:\Program Files\AVG\AVG8\avgwdsvc.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgLdx86 deleted successfully.
    C:\WINDOWS\system32\drivers\avgldx86.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgMfx86 deleted successfully.
    C:\WINDOWS\system32\drivers\avgmfx86.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgTdiX deleted successfully.
    C:\WINDOWS\system32\drivers\avgtdix.sys moved successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
    C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll moved successfully.
    Registry value HKEY_USERS\jennie_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    HKLM\Software\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
    HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
    HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
    Prefs.js: "http://search.avg.com/route/?d=4cd58aab&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f963a5b-e555-4543-90e2-c3908898db71}\ not found.
    C:\Program Files\AVG\AVG8\Firefox\Components folder moved successfully.
    C:\Program Files\AVG\AVG8\Firefox\Chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Firefox folder moved successfully.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\icons folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared folder moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    C:\Program Files\AVG\AVG8\avgssie.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00F2C0C6-2194-484E-9064-44E57787867B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    Registry value HKEY_USERS\jennie_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    Registry value HKEY_USERS\User_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY deleted successfully.
    C:\Program Files\AVG\AVG8\avgtray.exe moved successfully.
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
    Invalid CLSID key: C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    File C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll not found.
    C:\Program Files\AVG\AVG8\avgpp.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Invalid CLSID key: C:\Program Files\AVG\AVG8\avgpp.dll
    File C:\Program Files\AVG\AVG8\avgpp.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
    C:\WINDOWS\system32\avgrsstx.dll moved successfully.
    C:\Documents and Settings\jennie\Local Settings\Application Data\AVG Security Toolbar\cache\update folder moved successfully.
    C:\Documents and Settings\jennie\Local Settings\Application Data\AVG Security Toolbar\cache folder moved successfully.
    C:\Documents and Settings\jennie\Local Settings\Application Data\AVG Security Toolbar folder moved successfully.
    C:\$AVG\$VAULT folder moved successfully.
    C:\$AVG folder moved successfully.
    C:\Documents and Settings\jennie\Desktop\avg_free_stb_all_2011_1170_upgrade.exe moved successfully.
    C:\WINDOWS\003100_.tmp deleted successfully.
    C:\WINDOWS\SET25.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\system32\drivers\vbmac2c9.sys moved successfully.
    C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\PriceGong folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar\weather folder moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
    C:\Documents and Settings\User\Application Data\PriceGong\tmp folder moved successfully.
    C:\Documents and Settings\User\Application Data\PriceGong\Data folder moved successfully.
    C:\Documents and Settings\User\Application Data\PriceGong folder moved successfully.
    C:\Documents and Settings\User\Application Data\WhiteSmokeTranslator folder moved successfully.
    C:\WINDOWS\Tasks\At1.job moved successfully.
    C:\WINDOWS\Tasks\At2.job moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\AVG\AVG8\ToolbarFF\Components folder moved successfully.
    C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache folder moved successfully.
    C:\Program Files\AVG\AVG8\ToolbarFF\Chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\ToolbarFF folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Update folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\components folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_48 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_40 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_39 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\ch_23 folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\skin folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\icons folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\html folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\ex folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content\avg folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome\content folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared\chrome folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox\avg@igeared folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old\Firefox folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar.old folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar\Firefox folder moved successfully.
    C:\Program Files\AVG\AVG8\Toolbar folder moved successfully.
    C:\Program Files\AVG\AVG8\Notification folder moved successfully.
    C:\Program Files\AVG\AVG8\log folder moved successfully.
    C:\Program Files\AVG\AVG8\Icons folder moved successfully.
    C:\Program Files\AVG\AVG8 folder moved successfully.
    C:\Program Files\AVG folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 2481374 bytes

    User: jennie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 521649 bytes
    ->FireFox cache emptied: 25920429 bytes
    ->Flash cache emptied: 405 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->FireFox cache emptied: 2448992 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 44423 bytes

    User: User
    ->Temp folder emptied: 28672 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 30793063 bytes
    ->Flash cache emptied: 1887581 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 255 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91246284 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes

    Total Files Cleaned = 148.00 mb


    OTLPE by OldTimer - Version 3.1.43.0 log created on 12202010_195831


    Restarting now
     
    Jepinto,
    #23
  5. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    Neither will run

    During set up of mbam this message showed up

    fffa54a5.tmp has encountered a problem and needs to close. We are sorry for the inconvenience.
     
    Jepinto,
    #24
  6. 2010/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Copy the entire content of the report and paste it in a reply here.

    Note. You may get this warning it is ok, just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay? "
     
    broni,
    #25
  7. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    RkUnhooker report generator v0.7
    ==============================================
    Rootkit Unhooker kernel version: 3.7.300.505
    ==============================================
    Windows Major Version: 5
    Windows Minor Version: 1
    Windows Build Number: 2600
    ==============================================
    >Drivers
    Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys
    Address: 0xAA36F000
    Size: 4526080 bytes

    Driver: C:\WINDOWS\system32\ntoskrnl.exe
    Address: 0x804D7000
    Size: 2260992 bytes

    Driver: PnpManager
    Address: 0x804D7000
    Size: 2260992 bytes

    Driver: RAW
    Address: 0x804D7000
    Size: 2260992 bytes

    Driver: WMIxWDM
    Address: 0x804D7000
    Size: 2260992 bytes

    Driver: Win32k
    Address: 0xBF800000
    Size: 1855488 bytes

    Driver: C:\WINDOWS\System32\win32k.sys
    Address: 0xBF800000
    Size: 1855488 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\w39n51.sys
    Address: 0xF6BB2000
    Size: 1429504 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    Address: 0xF6D4B000
    Size: 1167360 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    Address: 0xAA238000
    Size: 1126400 bytes

    Driver: C:\WINDOWS\System32\ialmdd5.DLL
    Address: 0xBF07E000
    Size: 983040 bytes

    Driver: Ntfs.sys
    Address: 0xF7481000
    Size: 577536 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Address: 0xAA077000
    Size: 458752 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\update.sys
    Address: 0xF6A73000
    Size: 385024 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Address: 0xAA15C000
    Size: 364544 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
    Address: 0xA9AC9000
    Size: 360448 bytes

    Driver: C:\WINDOWS\System32\ATMFD.DLL
    Address: 0xBFFA0000
    Size: 290816 bytes

    Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
    Address: 0xA91EC000
    Size: 266240 bytes

    Driver: C:\WINDOWS\System32\ialmdev5.DLL
    Address: 0xBF043000
    Size: 241664 bytes

    Driver: ACPI.sys
    Address: 0xF75BD000
    Size: 188416 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Address: 0xA9B99000
    Size: 184320 bytes

    Driver: NDIS.sys
    Address: 0xF7454000
    Size: 184320 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Address: 0xAA0E7000
    Size: 176128 bytes

    Driver: VVBackd5.sys
    Address: 0xF7429000
    Size: 176128 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    Address: 0xF6D0F000
    Size: 163840 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
    Address: 0xAA134000
    Size: 163840 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys
    Address: 0xAA02B000
    Size: 155648 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Address: 0xAA051000
    Size: 155648 bytes

    Driver: C:\WINDOWS\system32\drivers\portcls.sys
    Address: 0xAA34B000
    Size: 147456 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
    Address: 0xF6B77000
    Size: 147456 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
    Address: 0xF6B40000
    Size: 143360 bytes

    Driver: C:\WINDOWS\System32\drivers\afd.sys
    Address: 0xAA112000
    Size: 139264 bytes

    Driver: C:\WINDOWS\System32\ialmdnt5.dll
    Address: 0xBF021000
    Size: 139264 bytes

    Driver: ACPI_HAL
    Address: 0x806FF000
    Size: 134400 bytes

    Driver: C:\WINDOWS\system32\hal.dll
    Address: 0x806FF000
    Size: 134400 bytes

    Driver: fltmgr.sys
    Address: 0xF7537000
    Size: 131072 bytes

    Driver: ftdisk.sys
    Address: 0xF756F000
    Size: 126976 bytes

    Driver: pcmcia.sys
    Address: 0xF758E000
    Size: 122880 bytes

    Driver: Mup.sys
    Address: 0xF740F000
    Size: 106496 bytes

    Driver: atapi.sys
    Address: 0xF7557000
    Size: 98304 bytes

    Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xA9F4B000
    Size: 98304 bytes

    Driver: KSecDD.sys
    Address: 0xF750E000
    Size: 94208 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Address: 0xF6AE2000
    Size: 94208 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    Address: 0xF6B9B000
    Size: 94208 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    Address: 0xA9DF6000
    Size: 86016 bytes

    Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
    Address: 0xA95B4000
    Size: 86016 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\sdbus.sys
    Address: 0xF6B63000
    Size: 81920 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Address: 0xF6D37000
    Size: 81920 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Address: 0xAA1B5000
    Size: 77824 bytes

    Driver: C:\WINDOWS\System32\drivers\dxg.sys
    Address: 0xBF000000
    Size: 73728 bytes

    Driver: sr.sys
    Address: 0xF7525000
    Size: 73728 bytes

    Driver: pci.sys
    Address: 0xF75AC000
    Size: 69632 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
    Address: 0xF6AD1000
    Size: 69632 bytes

    Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xF787C000
    Size: 65536 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Address: 0xF76EC000
    Size: 65536 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
    Address: 0xF772C000
    Size: 65536 bytes

    Driver: ohci1394.sys
    Address: 0xF761C000
    Size: 65536 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
    Address: 0xF785C000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\drivers\drmk.sys
    Address: 0xF77FC000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    Address: 0xF76AC000
    Size: 61440 bytes

    Driver: C:\WINDOWS\System32\ialmrnt5.dll
    Address: 0xBF012000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
    Address: 0xF76FC000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
    Address: 0xA9BC6000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Address: 0xF781C000
    Size: 61440 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
    Address: 0xF762C000
    Size: 57344 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    Address: 0xF766C000
    Size: 53248 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Address: 0xF76CC000
    Size: 53248 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Address: 0xF776C000
    Size: 53248 bytes

    Driver: VolSnap.sys
    Address: 0xF764C000
    Size: 53248 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    Address: 0xA9FA3000
    Size: 49152 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Address: 0xF778C000
    Size: 49152 bytes

    Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
    Address: 0xF783C000
    Size: 45056 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
    Address: 0xF76DC000
    Size: 45056 bytes

    Driver: MountMgr.sys
    Address: 0xF763C000
    Size: 45056 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Address: 0xF777C000
    Size: 45056 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    Address: 0xF76BC000
    Size: 40960 bytes

    Driver: isapnp.sys
    Address: 0xF760C000
    Size: 40960 bytes

    Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Address: 0xF77BC000
    Size: 40960 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
    Address: 0xF77AC000
    Size: 40960 bytes

    Driver: C:\WINDOWS\System32\Drivers\vbmac2c9.SYS
    Address: 0xA9A31000
    Size: 40960 bytes

    Driver: disk.sys
    Address: 0xF765C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Address: 0xF767C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
    Address: 0xF769C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Address: 0xF779C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
    Address: 0xF782C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Address: 0xF784C000
    Size: 36864 bytes

    Driver: C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    Address: 0xF78F4000
    Size: 32768 bytes

    Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
    Address: 0xF795C000
    Size: 32768 bytes

    Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Address: 0xF7994000
    Size: 32768 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Address: 0xF791C000
    Size: 32768 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Address: 0xF79C4000
    Size: 28672 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    Address: 0xF788C000
    Size: 28672 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\rdsdrvdm.sys
    Address: 0xF7934000
    Size: 28672 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Address: 0xF7924000
    Size: 24576 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Address: 0xF792C000
    Size: 24576 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\point32.sys
    Address: 0xF79CC000
    Size: 24576 bytes

    Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
    Address: 0xF79E4000
    Size: 24576 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    Address: 0xF799C000
    Size: 24576 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    Address: 0xF7914000
    Size: 24576 bytes

    Driver: C:\WINDOWS\System32\drivers\vga.sys
    Address: 0xF7984000
    Size: 24576 bytes

    Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Address: 0xF798C000
    Size: 20480 bytes

    Driver: PartMgr.sys
    Address: 0xF7894000
    Size: 20480 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Address: 0xF794C000
    Size: 20480 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
    Address: 0xF7954000
    Size: 20480 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
    Address: 0xF793C000
    Size: 20480 bytes

    Driver: C:\WINDOWS\System32\watchdog.sys
    Address: 0xF79DC000
    Size: 20480 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
    Address: 0xF7A24000
    Size: 16384 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    Address: 0xF7AEC000
    Size: 16384 bytes

    Driver: MrFilter.sys
    Address: 0xF7A2C000
    Size: 16384 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Address: 0xF7B04000
    Size: 16384 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Address: 0xA9E33000
    Size: 16384 bytes

    Driver: ACPIEC.sys
    Address: 0xF7A28000
    Size: 12288 bytes

    Driver: C:\WINDOWS\system32\BOOTVID.dll
    Address: 0xF7A1C000
    Size: 12288 bytes

    Driver: compbatt.sys
    Address: 0xF7A20000
    Size: 12288 bytes

    Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
    Address: 0xAA218000
    Size: 12288 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Address: 0xF7AE0000
    Size: 12288 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Address: 0xF7AE4000
    Size: 12288 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Address: 0xF7AF4000
    Size: 12288 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Address: 0xF7AA4000
    Size: 12288 bytes

    Driver: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    Address: 0xF7B70000
    Size: 8192 bytes

    Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
    Address: 0xF7B5E000
    Size: 8192 bytes

    Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7B74000
    Size: 8192 bytes

    Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF7B5C000
    Size: 8192 bytes

    Driver: C:\WINDOWS\system32\KDCOM.DLL
    Address: 0xF7B0C000
    Size: 8192 bytes

    Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Address: 0xF7B60000
    Size: 8192 bytes

    Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Address: 0xF7B62000
    Size: 8192 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
    Address: 0xF7B42000
    Size: 8192 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
    Address: 0xF7B4E000
    Size: 8192 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
    Address: 0xF7B0E000
    Size: 8192 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
    Address: 0xF7D48000
    Size: 4096 bytes

    Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
    Address: 0xF7C17000
    Size: 4096 bytes

    Driver: C:\WINDOWS\System32\Drivers\Null.SYS
    Address: 0xF7D0C000
    Size: 4096 bytes

    Driver: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    Address: 0xF7BD5000
    Size: 4096 bytes

    Driver: pciide.sys
    Address: 0xF7BD4000
    Size: 4096 bytes

    Driver: unknown_irp_handler
    Address: 0x85B76109
    Size: 3831 bytes

    ==============================================
    >Stealth
     
    Jepinto,
    #26
  8. 2010/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks good....

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences ", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan ", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".
    • Make sure everything has a checkmark next to it and click "Next ".
    • A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes ".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
    broni,
    #27
  9. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    SuperAntiSpyware runs about seven minutes then disappears. If I try to reopen it, it says the specified path can not be found.

    Last readable items in window
    Trojan.Dropper/SVC Host-Fake

    Infected
    Memory 1
    File 1
    Threat 2

    Unfortunately the infected computer needs to go to NH for Christmas break, so unless we can cure it in the next 90 minutes, it will not be back for 4 weeks. I'll open a new thread then. I'm leaving a link on the desktop for the person in NH that may work on it. Hope that person can cure it.
     
    Jepinto,
    #28
  10. 2010/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'll put this topic on hold (it's better to have all info, we already have), so it won't get closed.
     
    broni,
    #29
  11. 2010/12/20
    Jepinto Lifetime Subscription

    Jepinto Well-Known Member Thread Starter

    Joined:
    2002/04/19
    Messages:
    80
    Likes Received:
    0
    Thank you.

    You've been a jewel throughout this.
     
    Jepinto,
    #30
  12. 2010/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
     
    broni,
    #31
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...