Let me start by saying thanks to anyone who replies.
Here is what I have so far. I was clicking around on some photos from google pics. Before firefox could even give me a warning I clicked on a pic that sent my pc into a tizzy if you will. when it came back up firefox wouldnt run and my status went to "at risk" as Microsoft Security essentials wouldnt start back up. nor would defender. after some time I got malwarebytes run. after Malwarebytes ran and deleted 3 or 4 malicious items I booted up in safe and ran a full scan and found one more file. Next i rebooted and I still couldnt start MSE or Defender. I also cannot find windows defender in my services log now. Then I ran fixit50202 and it did not fixit. I also tried microsoft automated troubleshooting services also to no avail.
Most recently I found some similar problems on this forum before registering and I followed some of the advices given I have gotten as far as running "security check" and I will now post that log below that I am going to post the two malwarebytes logs since my crash.
Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Microsoft Security Essentials msseces.exe
Windows Defender MSASCui.exe
``````````End of Log````````````
^^^^^^Security check log^^^^^^^^
^^^^^^2nd malware run in SAFE MODE^^^^^^^^^^^
Again thanks sorry if I posted this in the wrong section or should have searched more before posting. Thank you!
Here is what I have so far. I was clicking around on some photos from google pics. Before firefox could even give me a warning I clicked on a pic that sent my pc into a tizzy if you will. when it came back up firefox wouldnt run and my status went to "at risk" as Microsoft Security essentials wouldnt start back up. nor would defender. after some time I got malwarebytes run. after Malwarebytes ran and deleted 3 or 4 malicious items I booted up in safe and ran a full scan and found one more file. Next i rebooted and I still couldnt start MSE or Defender. I also cannot find windows defender in my services log now. Then I ran fixit50202 and it did not fixit. I also tried microsoft automated troubleshooting services also to no avail.
Most recently I found some similar problems on this forum before registering and I followed some of the advices given I have gotten as far as running "security check" and I will now post that log below that I am going to post the two malwarebytes logs since my crash.
Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Microsoft Security Essentials msseces.exe
Windows Defender MSASCui.exe
``````````End of Log````````````
^^^^^^Security check log^^^^^^^^
Code:
Database version: 6641
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/22/2011 1:34:01 PM
mbam-log-2011-05-22 (13-34-01).txt
Scan type: Quick scan
Objects scanned: 156373
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
c:\Users\Nik\AppData\Local\ldg.exe (Trojan.FakeAlert) -> 4392 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nik\AppData\Local\ldg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nik\AppData\Local\ldg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nik\AppData\Local\ldg.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Nik\AppData\Local\ldg.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Nik\AppData\Local\ldg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Nik\AppData\Local\Temp\0.7810341594757697.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Nik\local settings\dog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Nik\local settings\ldg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Nik\local settings\application data\dog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Nik\local settings\application data\ldg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
^^^^^^^^^^^^first time I ran Malwarebytes^^^^^^^^^^
Database version: 6641
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
5/22/2011 2:46:59 PM
mbam-log-2011-05-22 (14-46-59).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 320045
Time elapsed: 42 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Nik\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29\5cce129d-138d233f (Trojan.FakeAlert) -> Quarantined and deleted successfully.^^^^^^2nd malware run in SAFE MODE^^^^^^^^^^^
Again thanks sorry if I posted this in the wrong section or should have searched more before posting. Thank you!
Last edited by a moderator:
My Computer
- OS
- Windows 7 home premium 64bit
