-
Can't access D. Please help
Hi! I can't access my D partition. Something about Nach.exe failed to launch properly. (I also get a lot of W32 sality.exe notices from avira)
As per instructions:
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:48:12 on 2012-08-08
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1389 [GMT 8:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://isearch.avg.com/?cid={27A7BF03-50DE-4354-BCB4-570885332535}&mid=d7f81526be6547d0b7a331820866425c-35451f1d45163f0c20603419bb2c6951b1ddc250&lang=en&ds=ft011&pr=sa&d=2012-07-02 14:20:09&v=11.1.0.12&sap=hp
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 202.78.97.41 210.4.2.61
TCP: Interfaces\{8DCCA34D-CF01-4FD4-BA94-267FC5347312} : DhcpNameServer = 202.78.97.41 210.4.2.61
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2012-8-8 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-8 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2012-8-8 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-8 55656]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-7 1390976]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\kmphn.sys --> c:\windows\system32\drivers\kmphn.sys [?]
S3 amsint32;amsint32;\??\c:\windows\system32\drivers\kmphn.sys --> c:\windows\system32\drivers\kmphn.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-8 40776]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-11-29 18432]
S3 Tq_91Assistant;Tq_91Assistant;c:\program files\netdragon\91 mobile\iphone\Tq_91Assistant.sys [2012-3-1 14248]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-9 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-9 136176]
S4 SkypeUpdate;Skype Updater;"c:\program files\skype\updater\updater.exe" --> c:\program files\skype\updater\Updater.exe [?]
.
=============== Created Last 30 ================
.
2012-08-08 04:52:32 -------- d-----w- c:\windows\system32\XPSViewer
2012-08-08 04:52:15 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-08 04:52:08 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-08 04:52:08 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-08 04:52:08 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-08 04:52:08 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-08 04:52:08 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-08-08 04:52:08 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-08-08 04:52:08 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-08-08 04:52:08 117760 ------w- c:\windows\system32\prntvpt.dll
2012-08-08 04:49:36 -------- d-----w- c:\program files\MSXML 6.0
2012-08-08 04:02:49 -------- d-----w- c:\program files\Trend Micro
2012-08-08 03:58:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-08 03:58:21 -------- d-----w- c:\program files\Avira
2012-08-08 03:58:21 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-08-08 02:33:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-06 02:56:40 160768 --sh--r- C:\wsxonf.exe
2012-08-03 06:35:57 81987 ----a-w- c:\windows\system32\AUCPLMNT.DLL
2012-08-03 06:35:04 -------- d-----w- c:\program files\Canon
2012-07-18 00:58:43 -------- d-----w- C:\Data
.
==================== Find3M ====================
.
2012-06-01 08:01:28 249856 ------w- c:\windows\Setup1.exe
2012-06-01 08:01:26 73216 ----a-w- c:\windows\ST6UNST.EXE
.
============= FINISH: 13:48:37.90 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-08 15:21:07
-----------------------------
15:21:07.671 OS Version: Windows 5.1.2600 Service Pack 2
15:21:07.671 Number of processors: 2 586 0x170A
15:21:07.671 ComputerName: LEGAL-SON-ANGEL UserName: Administrator
15:21:07.906 Initialize success
15:21:23.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:21:23.203 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
15:21:23.218 Disk 0 MBR read successfully
15:21:23.218 Disk 0 MBR scan
15:21:23.218 Disk 0 Windows XP default MBR code
15:21:23.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51199 MB offset 63
15:21:23.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 187273 MB offset 104856255
15:21:23.234 Disk 0 scanning sectors +488392065
15:21:23.296 Disk 0 scanning C:\WINDOWS\system32\drivers
15:21:27.437 Service scanning
15:21:34.703 Modules scanning
15:21:39.281 Disk 0 trace - called modules:
15:21:39.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:21:39.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a905ab8]
15:21:39.296 3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\00000069[0x8a984030]
15:21:39.296 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a90cd98]
15:21:39.296 Scan finished successfully
15:21:45.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:21:45.921 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
Last edited by tashi; 2012-08-08 at 15:00.
Reason: Merged two posts
-
-
Hi Ken. Thanks so much for the prompt response. I can't seem to get on the eset website... Is there any other way I can get that scanner?
-
Give these a shot
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Please run Trend Micro House Call- Click Scan now. It's free!
- Read and put a Check next to Yes I accept the terms of use.
- Click the Launching HouseCall>> button.
- Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
- You may receive a prompt to install the ActiveX, click install.
- If you are taken back to the main page, click Launching HouseCall>> button again.
- Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
- Please be patient while it installs, updates, and scans your system.
- Once the scan is complete, it will take you to the summary page.
- Under Cleanup options, choose clean all detected infections automatically.
- Click the Clean now>> button.
- If anything was found you may be prompted to run the scan again, you can just close the browser window.
- When the scan is finished, please restart your computer.
-
Thank you! Here is the Malwarebyes log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.15.09
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LEGAL-SON-ANGEL [administrator]
8/16/2012 9:31:25 AM
mbam-log-2012-08-16 (09-31-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283508
Time elapsed: 9 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 39
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 4
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 1eadf05341467a78d513529c148556b2 -> Quarantined and deleted successfully.
HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 3
C:\Program Files\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Files Detected: 8
C:\wsxonf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
(end)
-
Where you able to run Housecall ?
Sality falls into the same mold as Virut, there a file infector virus, they infect all .exe files on your system, its best to be sure its gone to just reformat and reinstall windows and be done with it.
For more information on Virut and Sality, and why you need to reformat, have a read of miekiemoes blog
Read it here.
There are a couple of tools to help with Sality, you can give them a try but I believe that there just a band aid.
http://free.avg.com/ww-en/remove-sality.tpl-mcr8
http://support.kaspe...alitykiller.zip
This is also what your up against
http://blog.teesupport.com/solved-ne...-removal-tips/
Let me know how it went and if you need help with reinstalling windows I can link you to a good windows forum for help
Last edited by ken545; 2012-08-16 at 13:22.
-
Yes I ran it. Thanks for your time. So reformatting is the only way? Ok...
-
What did you run, housecall, if so post the log. Where you able to run the Sality tools ?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules