Jump to content

Recommended Posts

Hello Again,

Malwarebytes is still giving me "Access denied" issues. I have attempted to run the tool to reset my default parameters. That did not seem to have an effect. In addition, I have also tried to use Defogger. I have disabled and I'm not sure if I should re-enable the processes that the program stops.

I'm not sure how to proceed from this point.

Thanks,

Dwayne

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Restart your computer in Safe Mode and try MBAM.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.

Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

This can take several miniutes to load.

Link to post
Share on other sites

Thanks for getting back to me. I don't nean to sound ignorant, but where do I type MBAM?

Do I put it in a command prompt?

Unfortunately, I'm away from my PC. I'm at work.

I try to look at this tonight. If I am able.

Many Thanks,

-Dwayne

Hello Again,

Malwarebytes is still giving me "Access denied" issues. I have attempted to run the tool to reset my default parameters. That did not seem to have an effect. In addition, I have also tried to use Defogger. I have disabled and I'm not sure if I should re-enable the processes that the program stops.

I'm not sure how to proceed from this point.

Thanks,

Dwayne

Link to post
Share on other sites

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

Here are the log results...

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by RMK at 19:59:24.21 on Mon 05/16/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.361 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\PROGRA~1\Bandoo\Bandoo.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Documents and Settings\RMK\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page =

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [Google Update] "c:\documents and settings\rmk\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TpShocks] TpShocks.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe

mRun: [TP4EX] tp4ex.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [s3TRAY2] S3Tray2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [bMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE

mRun: [bMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor

mRun: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear sa19xx device manager\main.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38115.4714930556

DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\rmk\applic~1\mozilla\firefox\profiles\w3in60lo.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\documents and settings\rmk\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.50611.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-3-21 15360]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-7 54760]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-22 136176]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-22 136176]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

regfile="regedit.exe "%1""

txtfile=%SystemRoot%\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-05-13 02:28:06 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-05-13 02:04:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-13 02:04:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 02:04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-12 12:41:34 -------- d-----w- c:\program files\QuestScan

2011-05-12 12:41:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\QuestScan

2011-05-06 12:25:40 3584 ----a-r- c:\docume~1\rmk\applic~1\microsoft\installer\{121634b0-2f4a-11d3-ada3-00c04f52dd53}\Icon386ED4E3.exe

2011-05-06 12:17:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications

2011-05-06 11:42:40 3584 ----a-r- c:\docume~1\rmk\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe

2011-05-06 11:42:38 -------- d-----w- c:\program files\Windows Installer Clean Up

2011-05-06 11:42:09 -------- d-----w- c:\program files\MSECACHE

2011-05-06 04:26:26 -------- d-----w- c:\program files\Weskysoft

2011-05-06 04:09:03 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-06 04:09:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-06 03:10:38 -------- d-----w- c:\program files\VS Revo Group

2011-05-06 00:05:16 -------- d-----w- c:\program files\Microsoft Silverlight(2)

2011-05-04 11:30:01 -------- d-----w- c:\program files\iPod

2011-05-01 05:46:19 -------- d-----w- c:\program files\iPod(2)

2011-05-01 01:13:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-01 01:13:02 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-01 01:13:02 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-01 01:13:02 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-01 01:13:02 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-01 01:13:02 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-01 01:13:02 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-01 01:13:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-22 12:10:41 -------- d-----w- c:\program files\iTunes

2011-04-22 12:05:35 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-04-15 19:05:09 72080 ----a-w- c:\documents and settings\rmk\g2mdlhlpx.exe

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44:14 59888 ------w- c:\windows\system32\pxwma.dll

2011-03-04 19:44:14 133616 ------w- c:\windows\system32\pxafs.dll

2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2008-04-14 00:12:40 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

.

============= FINISH: 20:00:41.99 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/10/2004 4:16:25 AM

System Uptime: 5/16/2011 5:23:14 PM (3 hours ago)

.

Motherboard: IBM | | 0123456

Processor: Intel® Pentium® M processor 1600MHz | None | 1594/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 53 GiB total, 17.157 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP550: 4/30/2011 10:07:03 PM - System Checkpoint

RP551: 4/30/2011 10:41:17 PM - Removed iTunes

RP552: 4/30/2011 10:53:52 PM - Installed iTunes

RP553: 5/1/2011 1:17:32 AM - Removed iTunes

RP554: 5/1/2011 1:27:23 AM - Installed iTunes

RP555: 5/1/2011 1:34:37 AM - Removed iTunes

RP556: 5/1/2011 1:45:20 AM - Installed iTunes

RP557: 5/1/2011 3:26:22 AM - Restore Operation

RP558: 5/2/2011 8:11:16 PM - System Checkpoint

RP559: 5/4/2011 7:29:39 AM - Installed iTunes

RP560: 5/5/2011 9:23:01 AM - System Checkpoint

RP561: 5/5/2011 8:03:27 PM - Removed Microsoft Silverlight

RP562: 5/5/2011 9:03:41 PM - Restore Operation

RP563: 5/5/2011 9:05:56 PM - Restore Operation

RP564: 5/5/2011 10:41:26 PM - Installed Microsoft Fix it 50450

RP565: 5/5/2011 10:56:48 PM - DLL-Files.com Fixer Thu, May 05, 11 22:56

RP566: 5/5/2011 11:12:46 PM - Revo Uninstaller's restore point - Microsoft Silverlight

RP567: 5/6/2011 12:01:57 AM - Restore Operation

RP568: 5/6/2011 7:42:36 AM - Installed Windows Installer Clean Up

RP569: 5/6/2011 8:17:15 AM - Installed Microsoft Easy Assist v2

RP570: 5/6/2011 8:25:38 AM - Installed Windows Installer Clean Up

RP571: 5/6/2011 8:46:43 AM - Installed Microsoft Silverlight

RP572: 5/6/2011 8:56:25 AM - Removed Microsoft Easy Assist v2

RP573: 5/6/2011 9:06:51 AM - Software Distribution Service 3.0

RP574: 5/6/2011 9:09:49 AM - Installed Windows XP KB2497640.

RP575: 5/6/2011 9:15:20 AM - Software Distribution Service 3.0

RP576: 5/6/2011 9:23:57 AM - Software Distribution Service 3.0

RP577: 5/6/2011 10:14:43 AM - Software Distribution Service 3.0

RP578: 5/6/2011 11:39:36 AM - Installed iTunes

RP579: 5/8/2011 9:31:48 AM - System Checkpoint

RP580: 5/9/2011 11:57:09 AM - System Checkpoint

RP581: 5/9/2011 8:11:23 PM - Removed Adobe Reader X (10.0.1).

RP582: 5/9/2011 8:15:23 PM - Installed Adobe Reader X (10.0.1).

RP583: 5/11/2011 1:15:52 PM - Software Distribution Service 3.0

RP584: 5/12/2011 3:47:36 PM - System Checkpoint

RP585: 5/12/2011 8:20:03 PM - Restore Operation

RP586: 5/12/2011 10:13:48 PM - Restore Operation

RP587: 5/16/2011 7:19:57 PM - System Checkpoint

.

==== Installed Programs ======================

.

Link to post
Share on other sites

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

Now try running MBAM

Link to post
Share on other sites

Thanks for continuing to work with me...

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 05/17/2011 at 20:29:48.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

Rkill completed on 05/17/2011 at 20:29:53.

MBRAM ran for 10 min & 43 seconds.

Then the error appeared again. The scanner found no infection.

Thanks,

Dwayne

Link to post
Share on other sites

I'm not sure if an infection is causing that or not at this point.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hello Again,

I ran that scanner. I closed out without getting the log, though. I apologize.

The scanner caught 29 instances of some more adware.

It healed those infections.

However, MBABM is still throwing up access denied errors.

I don't believe than an active infection is the issue here. I'm inclined to believe you.

There are feature of the program that I can't use.

When I open a log the error shows.

If I try to access help, the error shows.

I can update the database though.

Thanks,

Dwayne

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.