Jump to content

Recommended Posts

Posted

So im not sure if this happens a lot or what, but im having problems with certain programs refusing to run. For some reason, Steam games (not the client itself), VLC media player, and firefox v.5 will not open, or rather seem to open for a split second, then close immediately.

I have tried running the programs as an administrator, uninstall/reinstalling both VLC and Firefox, defragging the drive, and checking the drive for errors to no avail.

My next thought was that it might be a virus, so i ran system sweeps with Microsoft Security Essentials and Spybot S&D, which turned up a couple of tracker cookies and a browser bar that had been bundled with a "freeware" program. With those cleared out and the computer restarted I realized that i had made absolutely no headway.

Computers arent exactly my forte save for gaming, and any thoughts on the subject would be appriciated!

Oh yes, and before i forget im using Windows 7 home(64bit), on a gateway model number DX4300-15e ( i think thats right anyway).

 

-Cheers!

  • Replies 7
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hi and welcome.

 

Download MBAM from here:

http://www.malwarebytes.org/products/malwarebytes_pro

Click on "Products" then you want the free option.

 

Install > Update and run it.

It does a better job than Spybot.

 

If it finds anything post the log here.

 

Starbuck or Etavares will probably advise after that.

There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !!

 

MiniToolBox

Network Test

Wireless Test

Posted

Hey KenB, thank you so much for posting!

 

I followed your advice and downloaded MBAM and the results blew me away. I figured when you said it was better that it would pick up one or two errant programs that spybot had missed.

 

Sixteen. It found sixteen additional problems! So I cleared those up and everything seems to be running like clockwork again!

 

Thanks for the tip Ken, and Ill be happy to post the MBAM log if anyone is still interested.

  • ExTS Admin
Posted
I am not qualified to diagnose malware problems - but I know a man who is
and who would that be? http://fc06.deviantart.net/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif

 

I figured when you said it was better that it would pick up one or two errant programs that spybot had missed.

Spybot isn't a program to rely on nowadays.

Uninstall it.

 

and Ill be happy to post the MBAM log if anyone is still interested.

Start Malwarebytes AntiMalware.

Click on the logs tab.

The logs are date stamped ... double click on the log that showed the infection items.

 

http://img.photobucket.com/albums/v708/starbuck50/new/mbamlog.png

 

It'll open in notepad.

 

Please copy/paste the report in your next reply.

 

Even when malware seems to have been removed, there maybe still entries on the system.

Knowing what was removed will give us a good idea if a search is needed for anything else.

Member of:

UNITE

Posted

Happy to oblige, the log is as follows.

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6987

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/30/2011 11:53:01 AM

mbam-log-2011-06-30 (11-53-01).txt

Scan type: Quick scan

Objects scanned: 174701

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 7

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

c:\programdata\questscan\questscan145.exe (Adware.Agent.ZGen) -> 2140 -> Unloaded process successfully.

c:\program files (x86)\questscan\questscan.exe (Adware.Agent.ZGen) -> 2196 -> Unloaded process successfully.

Memory Modules Infected:

c:\program files (x86)\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.ZGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\shopperreports@shopperreports.com (ShopperReports) -> Value: shopperreports@shopperreports.com -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\questscan\questscan145.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.

c:\program files (x86)\questscan\questscan.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.

c:\program files (x86)\questscan\questscan.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.

  • ExTS Admin
Posted

Hi Gjiem

 

With what has been removed, i think you may have a few orphan entries in the registry now.

If you post the logs from this program i'll take a look and remove them for you.

 

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png


    Now copy the lines in bold below.
     
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
     
     
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

Thanks

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...