Flazz Posted September 13, 2010 ID:313117 Share Posted September 13, 2010 Hello!Found my way here through a series of searches, looking for help removing some stubborn files I've found. I started doing a series of scans and checks when my computer started having issues, frequent explorer crashes etc, and found some threads on these forums that loooked helpful, but most of the details seemed very specific to each individual computer, so thught it best to make a new thread.Of course, these files may be completly unrelated to the issues, but its a good place to start!Running Vista 64bit, as of a few hours ago I'm all upto date on updates as far as I know.NOD32 is picking up some threats during a scan, but is saying its unable to delete/clean/fix them.Running MBAM on my system does NOT pick up anything suspcious, which I thought was strange.If I have NOD running in the background with its "real-time file system protection" enabled while MBAM does its scan, NOD pops up a warning saying MBAM tried to access those files. If I turn off the real-time protection, Malware still doesn't find them. I don't have Spybot SnD TeaTimer enabled at the moment, if it makes a difference.Not sure what other information I should post at this point, or what log/summaries I need. Any guidance would be greatly appreciated!Cheers. Link to post Share on other sites More sharing options...
Flazz Posted September 13, 2010 Author ID:313200 Share Posted September 13, 2010 Here is the extra information I should have included in the original post. I think I followed all the instructions correctly.When running the GMER, some of the options to the right were shaded out, so I couldn't check/uncheck them, but the ones that the guide said that needed to be unchecked looked like they were anyway, so I just went ahead.DDS (Ver_10-03-17.01) - NTFSX64 Run by user at 1:59:40.72 on Tue 14/09/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20MicrosoftAttach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted September 15, 2010 Staff ID:313846 Share Posted September 15, 2010 Hi and welcome to Malwarebytes.Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefindwininit.exeexplorer.exeClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
Flazz Posted September 15, 2010 Author ID:313879 Share Posted September 15, 2010 Thanks for taking the time to post!Output is below.SystemLook 27.08.10 by jpshortstuffLog created at 16:37 on 15/09/2010 by userAdministrator - Elevation successful========== filefind ==========Searching for "wininit.exe"C:\Windows\System32\wininit.exe --a---- 123904 bytes [05:14 01/06/2008] [08:00 19/01/2008] 117EA87DF785CA1B9D821F6F213DCE07C:\Windows\SysWOW64\wininit.exe --a---- 96768 bytes [05:15 01/06/2008] [07:33 19/01/2008] (Unable to calculate MD5)C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe --a---- 122368 bytes [09:27 02/11/2006] [11:16 02/11/2006] 6F92CE5B50283B0C0A7A539ED552039AC:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe --a---- 123904 bytes [05:14 01/06/2008] [08:00 19/01/2008] 117EA87DF785CA1B9D821F6F213DCE07C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe --a---- 95744 bytes [12:24 02/11/2006] [09:45 02/11/2006] D4385B03E8CCCEE6F0EE249F827C1F3EC:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [05:15 01/06/2008] [07:33 19/01/2008] 101BA3EA053480BB5D957EF37C06B5EDSearching for "explorer.exe"C:\Windows\explorer.exe --a---- 3079168 bytes [05:14 17/06/2009] [07:10 11/04/2009] 6F89C6E6303F8701A3DD7E931C59EE19C:\Windows\SysWOW64\explorer.exe --a---- 2926592 bytes [05:14 17/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe --a---- 3086848 bytes [09:31 02/11/2006] [11:15 02/11/2006] 5D768BEB711FF67ADC8FAD4E2F6ABB02C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe --a---- 3087360 bytes [01:14 23/01/2008] [01:14 23/01/2008] FCBF8AC1855EF986CDEC2387760F71C6C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe --a---- 3087360 bytes [22:32 09/12/2008] [06:15 29/10/2008] 50514057C28A74BAC2BD04B7B990D615C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe --a---- 3086848 bytes [01:14 23/01/2008] [01:14 23/01/2008] 819D88EC82C2C44B556DC32ED22044DEC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe --a---- 3086848 bytes [22:32 09/12/2008] [02:30 28/10/2008] 72B9990E45C25AA3C75C4FB50A9D6CE0C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe --a---- 3080704 bytes [05:12 01/06/2008] [08:00 19/01/2008] F6D765FB6B457542D954682F50C26E4FC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe --a---- 3080704 bytes [22:32 09/12/2008] [06:49 29/10/2008] BBD8E74F23D7605CB0CDB57A1B25D826C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe --a---- 3081216 bytes [22:32 09/12/2008] [05:30 30/10/2008] E404A65EF890140410E9F3D405841C95C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe --a---- 3079168 bytes [05:14 17/06/2009] [07:10 11/04/2009] 6B08E54A451B3F95E4109DBA7E594270C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe --a---- 2923520 bytes [12:12 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084DC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe --a---- 2923520 bytes [01:14 23/01/2008] [01:14 23/01/2008] 6D06CD98D954FE87FB2DB8108793B399C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe --a---- 2923520 bytes [22:32 09/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BEC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe --a---- 2923520 bytes [01:14 23/01/2008] [01:14 23/01/2008] BD06F0BF753BC704B653C3A50F89D362C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe --a---- 2923520 bytes [22:32 09/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FBC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe --a---- 2927104 bytes [05:14 01/06/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9FC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe --a---- 2927104 bytes [22:32 09/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089DC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe --a---- 2927616 bytes [22:32 09/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606EC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe --a---- 2926592 bytes [05:14 17/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253-= EOF =- Link to post Share on other sites More sharing options...
Flazz Posted September 17, 2010 Author ID:314655 Share Posted September 17, 2010 It appears I've manged to fix my problem. Explorer is no longer crashing and all scans I run are coming up clean.When I was searching around for win32/bamital.dx and how to remove it on a 64 system, a few things just seemed to say the wininit.exe files (specifically the one located at C:\Windows\SysWOW64\wininit.exe) needed to be replaced with uncorrupted versions. I ran SFC /SCANNOW in command, and a quick check of the output that produced showed that it detected anomalies and would attempt to fix them. After a reboot when prompted, everything seemed to be back to normal!If an expert wants to see any scan logs or such to double check I can post them, but otherwise I think everything is working as it should again! Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2010 Staff ID:315073 Share Posted September 18, 2010 Hi,My apologies for the delay.That's good to hear.We can confirm if it's gone; run SystemLook again as outlined above and we'll see if there are still any discrepancies. Link to post Share on other sites More sharing options...
Flazz Posted September 18, 2010 Author ID:315077 Share Posted September 18, 2010 No worries!Heres the output:SystemLook 27.08.10 by jpshortstuffLog created at 16:55 on 18/09/2010 by userAdministrator - Elevation successful========== filefind ==========Searching for "wininit.exe"C:\Windows\System32\wininit.exe --a---- 123904 bytes [05:14 01/06/2008] [08:00 19/01/2008] 117EA87DF785CA1B9D821F6F213DCE07C:\Windows\SysWOW64\wininit.exe --a---- 96768 bytes [05:15 01/06/2008] [07:33 19/01/2008] 101BA3EA053480BB5D957EF37C06B5EDC:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe --a---- 122368 bytes [09:27 02/11/2006] [11:16 02/11/2006] 6F92CE5B50283B0C0A7A539ED552039AC:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe --a---- 123904 bytes [05:14 01/06/2008] [08:00 19/01/2008] 117EA87DF785CA1B9D821F6F213DCE07C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe --a---- 95744 bytes [12:24 02/11/2006] [09:45 02/11/2006] D4385B03E8CCCEE6F0EE249F827C1F3EC:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [05:15 01/06/2008] [07:33 19/01/2008] 101BA3EA053480BB5D957EF37C06B5EDSearching for "explorer.exe"C:\Windows\explorer.exe --a---- 3079168 bytes [05:14 17/06/2009] [07:10 11/04/2009] 6B08E54A451B3F95E4109DBA7E594270C:\Windows\SysWOW64\explorer.exe --a---- 2926592 bytes [05:14 17/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe --a---- 3086848 bytes [09:31 02/11/2006] [11:15 02/11/2006] 5D768BEB711FF67ADC8FAD4E2F6ABB02C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe --a---- 3087360 bytes [01:14 23/01/2008] [01:14 23/01/2008] FCBF8AC1855EF986CDEC2387760F71C6C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe --a---- 3087360 bytes [22:32 09/12/2008] [06:15 29/10/2008] 50514057C28A74BAC2BD04B7B990D615C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe --a---- 3086848 bytes [01:14 23/01/2008] [01:14 23/01/2008] 819D88EC82C2C44B556DC32ED22044DEC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe --a---- 3086848 bytes [22:32 09/12/2008] [02:30 28/10/2008] 72B9990E45C25AA3C75C4FB50A9D6CE0C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe --a---- 3080704 bytes [05:12 01/06/2008] [08:00 19/01/2008] F6D765FB6B457542D954682F50C26E4FC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe --a---- 3080704 bytes [22:32 09/12/2008] [06:49 29/10/2008] BBD8E74F23D7605CB0CDB57A1B25D826C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe --a---- 3081216 bytes [22:32 09/12/2008] [05:30 30/10/2008] E404A65EF890140410E9F3D405841C95C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe --a---- 3079168 bytes [05:14 17/06/2009] [07:10 11/04/2009] 6B08E54A451B3F95E4109DBA7E594270C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe --a---- 2923520 bytes [12:12 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084DC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe --a---- 2923520 bytes [01:14 23/01/2008] [01:14 23/01/2008] 6D06CD98D954FE87FB2DB8108793B399C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe --a---- 2923520 bytes [22:32 09/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BEC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe --a---- 2923520 bytes [01:14 23/01/2008] [01:14 23/01/2008] BD06F0BF753BC704B653C3A50F89D362C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe --a---- 2923520 bytes [22:32 09/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FBC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe --a---- 2927104 bytes [05:14 01/06/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9FC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe --a---- 2927104 bytes [22:32 09/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089DC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe --a---- 2927616 bytes [22:32 09/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606EC:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe --a---- 2926592 bytes [05:14 17/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253-= EOF =- Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2010 Staff ID:315078 Share Posted September 18, 2010 Looking good. Let's confirm that the replacements are clean.Please go to VirusTotal, and upload the following file for analysis:C:\Windows\SysWOW64\wininit.exeC:\Windows\explorer.exePost the results in your reply. Link to post Share on other sites More sharing options...
Flazz Posted September 18, 2010 Author ID:315079 Share Posted September 18, 2010 File name:explorer.exeSubmission date:2010-09-18 05:02:51 (UTC)Current status:queued (#2) queued analysing finishedResult:0/ 43 (0.0%)VT Communitygoodware Safety score: 100.0% CompactPrint resultsAntivirus Version Last Update ResultAhnLab-V3 2010.09.18.00 2010.09.17 -AntiVir 8.2.4.52 2010.09.17 -Antiy-AVL 2.0.3.7 2010.09.18 -Authentium 5.2.0.5 2010.09.18 -Avast 4.8.1351.0 2010.09.17 -Avast5 5.0.594.0 2010.09.17 -AVG 9.0.0.851 2010.09.17 -BitDefender 7.2 2010.09.18 -CAT-QuickHeal 11.00 2010.09.18 -ClamAV 0.96.2.0-git 2010.09.17 -Comodo 6114 2010.09.17 -DrWeb 5.0.2.03300 2010.09.18 -Emsisoft 5.0.0.37 2010.09.18 -eSafe 7.0.17.0 2010.09.17 -eTrust-Vet 36.1.7862 2010.09.17 -F-Prot 4.6.1.107 2010.09.17 -F-Secure 9.0.15370.0 2010.09.18 -Fortinet 4.1.143.0 2010.09.17 -GData 21 2010.09.18 -Ikarus T3.1.1.88.0 2010.09.18 -Jiangmin 13.0.900 2010.09.17 -K7AntiVirus 9.63.2542 2010.09.17 -Kaspersky 7.0.0.125 2010.09.18 -McAfee 5.400.0.1158 2010.09.18 -McAfee-GW-Edition 2010.1C 2010.09.18 -Microsoft 1.6201 2010.09.17 -NOD32 5458 2010.09.17 -Norman 6.06.06 2010.09.17 -nProtect 2010-09-17.01 2010.09.17 -Panda 10.0.2.7 2010.09.17 -PCTools 7.0.3.5 2010.09.18 -Prevx 3.0 2010.09.18 -Rising 22.65.04.01 2010.09.17 -Sophos 4.57.0 2010.09.18 -Sunbelt 6891 2010.09.18 -SUPERAntiSpyware 4.40.0.1006 2010.09.18 -Symantec 20101.1.1.7 2010.09.18 -TheHacker 6.7.0.0.022 2010.09.17 -TrendMicro 9.120.0.1004 2010.09.17 -TrendMicro-HouseCall 9.120.0.1004 2010.09.18 -VBA32 3.12.14.0 2010.09.17 -ViRobot 2010.9.18.4048 2010.09.18 -VirusBuster 12.65.12.0 2010.09.17 -Additional informationShow allMD5 : 6b08e54a451b3f95e4109dba7e594270SHA1 : 4a4ffbeb8c559f25b2ff7fdaa63c021610f8fa52SHA256: 0419e4100c3b4ad1831fbf9249173cf32c8209c71b7101674b239a0a47c30e42AndFile name:wininit.exeSubmission date:2010-09-18 05:04:51 (UTC)Current status:queued queued analysing finishedResult:0/ 43 (0.0%)VT Communitynot reviewed Safety score: - CompactPrint resultsAntivirus Version Last Update ResultAhnLab-V3 2010.09.18.00 2010.09.17 -AntiVir 8.2.4.52 2010.09.17 -Antiy-AVL 2.0.3.7 2010.09.18 -Authentium 5.2.0.5 2010.09.18 -Avast 4.8.1351.0 2010.09.17 -Avast5 5.0.594.0 2010.09.17 -AVG 9.0.0.851 2010.09.17 -BitDefender 7.2 2010.09.18 -CAT-QuickHeal 11.00 2010.09.18 -ClamAV 0.96.2.0-git 2010.09.17 -Comodo 6114 2010.09.17 -DrWeb 5.0.2.03300 2010.09.18 -Emsisoft 5.0.0.37 2010.09.18 -eSafe 7.0.17.0 2010.09.17 -eTrust-Vet 36.1.7862 2010.09.17 -F-Prot 4.6.1.107 2010.09.17 -F-Secure 9.0.15370.0 2010.09.18 -Fortinet 4.1.143.0 2010.09.17 -GData 21 2010.09.18 -Ikarus T3.1.1.88.0 2010.09.18 -Jiangmin 13.0.900 2010.09.17 -K7AntiVirus 9.63.2542 2010.09.17 -Kaspersky 7.0.0.125 2010.09.18 -McAfee 5.400.0.1158 2010.09.18 -McAfee-GW-Edition 2010.1C 2010.09.18 -Microsoft 1.6201 2010.09.17 -NOD32 5458 2010.09.17 -Norman 6.06.06 2010.09.17 -nProtect 2010-09-17.01 2010.09.17 -Panda 10.0.2.7 2010.09.17 -PCTools 7.0.3.5 2010.09.18 -Prevx 3.0 2010.09.18 -Rising 22.65.04.01 2010.09.17 -Sophos 4.57.0 2010.09.18 -Sunbelt 6891 2010.09.18 -SUPERAntiSpyware 4.40.0.1006 2010.09.18 -Symantec 20101.1.1.7 2010.09.18 -TheHacker 6.7.0.0.022 2010.09.17 -TrendMicro 9.120.0.1004 2010.09.17 -TrendMicro-HouseCall 9.120.0.1004 2010.09.18 -VBA32 3.12.14.0 2010.09.17 -ViRobot 2010.9.18.4048 2010.09.18 -VirusBuster 12.65.12.0 2010.09.17 -Additional informationShow allMD5 : 101ba3ea053480bb5d957ef37c06b5edSHA1 : 738ef691944f08cf0c405a52f3f55e99ef6e8e6eSHA256: 9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8Cheers! Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2010 Staff ID:315364 Share Posted September 18, 2010 Great! Those appear to be clean.Let's make sure the following associated file is gone:Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefindhlp.datClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtNext, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2010 Staff ID:319619 Share Posted September 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts