Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Defender.exe

  1. #1
    Member
    Join Date
    Jul 2008
    Posts
    41

    Default Defender.exe

    Anti virus has been compromised. Spybot no longer working and 100ksearches.com when trying to access web site from google search results.
    Tried to remove Defender manually and this did appear to work and Virgin scan started but stoped part way through & now longer working now.
    Have run ERUNT and copy of DDS shown below.
    .
    DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Run by Shirley King at 10:57:36 on 2011-07-31
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.506 [GMT 1:00]
    .
    AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    "\\.\globalroot\Device\svchost.exe\svchost.exe"
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Virgin Media\Security\RPS.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.ntlworld.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = about:blank
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: RepliGoIEHelperCtl Class: {91de4477-9cdc-4806-9bcb-28a963988e94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: &RepliGo: {81f4066b-f330-4872-8094-3e9fbccec8c1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - No File
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Backup & Storage] "c:\program files\virginmedia\v stuff backup\Backup & Storage.exe" /delayed
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\shirle~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
    IE: &Google Search
    IE: &Translate English Word
    IE: Backward Links
    IE: Cached Snapshot of Page
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Similar Pages
    IE: Translate Page into English
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259092611031
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://vdiweb.intraining.co.uk/downloads/VMware-viewclient.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{0327911A-0E8C-4A3B-B811-30F2DFBB88A6} : DhcpNameServer = 192.168.2.1
    Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\shirley king\application data\mozilla\firefox\profiles\8rr57ers.default\
    FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
    FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrl.1.0.20926.0.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\spyware doctor\bdt\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-6-20 25608]
    R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [2011-7-20 39984]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\photoshopelementsfileagent.exe --> c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [?]
    S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\spyware doctor\bdt\bdtupdateservice.exe" --> c:\program files\spyware doctor\bdt\BDTUpdateService.exe [?]
    S2 DolphinInterceptorStartup;Dolphin Utility Service;c:\windows\system32\dolserve.exe --> c:\windows\system32\dolserve.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
    S2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-7-28 5832712]
    S2 ServicepointService;ServicepointService;"c:\program files\virgin media\service manager\servicepointservice.exe" --> c:\program files\virgin media\service manager\ServicepointService.exe [?]
    S2 wsnm;VMware View Client;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
    S2 wsnm_usbctrl;VMware View USB Control;"c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-6-20 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-6-20 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-6-20 25736]
    .
    =============== Created Last 30 ================
    .
    2011-07-28 20:17:37 -------- d-----w- c:\documents and settings\shirley king\local settings\application data\Threat Expert
    2011-07-28 19:55:35 -------- d-----w- c:\documents and settings\all users\application data\IObit
    2011-07-28 19:55:30 -------- d-----w- c:\program files\IObit
    2011-07-28 19:29:43 767952 ----a-w- c:\windows\BDTSupport.dll0701.old
    2011-07-28 19:29:43 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-07-28 19:29:43 149456 ----a-w- c:\windows\SGDetectionTool.dll0701.old
    2011-07-28 19:29:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-07-28 19:29:42 2074576 ----a-w- c:\windows\PCTBDCore.dll
    2011-07-28 19:29:42 1652688 ----a-w- c:\windows\PCTBDCore.dll0701.old
    2011-07-28 19:29:42 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-07-28 19:27:02 -------- d-----w- c:\program files\Spyware Doctor
    2011-07-28 19:27:02 -------- d-----w- c:\program files\common files\PC Tools
    2011-07-20 08:56:10 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-07-20 08:56:03 39984 ----a-r- c:\windows\system32\drivers\vmwvusb.sys
    2011-07-20 08:55:28 -------- d-----w- c:\program files\common files\VMware
    .
    ==================== Find3M ====================
    .
    2011-07-28 19:04:01 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2011-07-28 19:03:57 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 19:21:56 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-07-05 19:21:54 56 --sh--r- c:\windows\system32\8731209D39.sys
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-05-02 10:39:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2009-11-22 15:34:57 85504 ----a-w- c:\program files\Inherit.exe
    .
    ============= FINISH: 10:58:15.39 ===============

    Please help
    Thanks

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi scotsking,

    Your post is a few days old. If you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Member
    Join Date
    Jul 2008
    Posts
    41

    Default

    Hi Shelf Life

    Yes I still need help please

    Thanks

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Lets try booting into safe mode and running Malwarebytes. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: safe mode. Once at the safe mode desktop run malwarebytes.

    If it dosnt start try this while still in safe mode: using explorer navigate to:
    C\Program Files\Malwarebytes

    Right click on the mbam.exe icon and select rename.
    Rename it to mbam.com then double click and see if it starts up.

    Also in safe mode navigate to C:\Documents and Settings\All Users and you may find the defender.exe you could delete, also look in C:\Documents and Settings\All Users\Application Data for the .exe

    To show all files in explorer:

    FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
    How Can I Reduce My Risk?

  5. #5
    Member
    Join Date
    Jul 2008
    Posts
    41

    Default

    Hi Thanks for getting back to me.
    I have re-booted in safe mode and unable to run Malwarebytes message "Windows cannot access the specified device path or file You may mot have the appropriate permissions to access the item."

    Also I am unable to rename the mbam.exe message "Cannot rename mbam Access is denied make sure the disk is not full or write-protected and that the file is not currently in use"

    I cannot find any sign of defender.exe in the users folder or application data.

    Hope you can help

    Thanks

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok try this instead. download each of these to your desktop;

    link
    link
    link
    link

    doubleclick one and allow it to run, It will produce a console windows that will open and close by itself. Once its done try running malwarebytes.
    If Malwarebytes wont start then try the next download and allow it to run then try malwarebytes again. Continue with the next two. Hopefully Malwarebytes will run.
    You can also repeat the process back in safe mode. Note that these dont not delete malware, they only attempt to stop certain processes from running.
    How Can I Reduce My Risk?

  7. #7
    Member
    Join Date
    Jul 2008
    Posts
    41

    Default

    Hi

    Ran 1at 3rd and 4th links, 2nd would not work, in normal mode and still not ab;e to run malwarebytes.

    Ran the same 3 in safe mode and still not able to run malwarebytes

    What's next?

    Shirl.

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Read through this guide first, then apply the directions on your machine.

    Guide to using Combofix
    How Can I Reduce My Risk?

  9. #9
    Member
    Join Date
    Jul 2008
    Posts
    41

    Default

    Hi
    Loaded combofix and set to run. came up with a message about Virgin Media security running which I checked and no sign of it running so continued with the process. Message box "Comboxfix Zero Access" I missed the rest but came up with another message that combofix would reboot the machine.

    It has been and hour since this message and PC has not shut down. Just the desktop screen no icons just the mouse pointer.

    What should I do

    Shirl.

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Go ahead and reboot the machine (if you haven't already) and restart it in safe mode, try running combofix again while in safe mode.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •