Solved i cant open .exe and .reg files.....please help.....

September 26, 2012 at 06:01:55
Specs: Windows XP
¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE] GoogleUpdate.exe -- C:\Documents and Settings\S.Govindaswamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 34 ¤¤¤
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1220945662-1004336348-725345543-1003Core1cd9bdcc7d5e3aa.job : C:\Documents and Settings\S.Govindaswamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> FOUND
[IFEO] HKLM\[...]\360rpt.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\360safe.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\360tray.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\ANTIARP.exe : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Ast.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\AutoRunKiller.exe : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\AvMonitor.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\AVP.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\CCenter.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Frameworkservice.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\IceSword.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Iparmor.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\KASARP.exe : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\KRegEx.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\KVMonxp.kxp : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\KVSrvXP.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\KVWSC.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Mmsk.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Navapsvc.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Nod32kui.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Regedit.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\VPC32.exe : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\VPTRAY.exe : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\WOPTILITIES.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[IFEO] HKLM\[...]\Wuauclt.EXE : Debugger (C:\WINDOWS\system32\wuauc1t.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xBA5F97C6)

¤¤¤ Extern Hives: ¤¤¤
-> I:\windows\system32\config\SOFTWARE
-> I:\Documents and Settings\Default User\NTUSER.DAT
-> I:\Documents and Settings\NetworkService\NTUSER.DAT
-> I:\Documents and Settings\LocalService\NTUSER.DAT
-> I:\Documents and Settings\s.govindasamy\NTUSER.DAT
-> I:\Documents and Settings\rama\NTUSER.DAT
-> I:\Documents and Settings\g.sriram\NTUSER.DAT

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3808110AS +++++
--- User ---
[MBR] 3a763a81f2eda113dd577375b9fde3fa
[BSP] cb8dca6b081984273acf8e494a3ac959 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 39086145 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160215AS +++++
--- User ---
[MBR] 7810418eafcc9b411e7094041ad285c8
[BSP] 3ec2aa2f4c56a607246a3bfc538b359f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 122621 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



See More: i cant open .exe and .reg files.....please help.....

Report •


✔ Best Answer
October 16, 2012 at 07:58:02
i cannot open my computer so called the computer guy some problem in RAM now its alright thanks a lot for your help :)


#1
September 26, 2012 at 08:04:55
You should never post reports without being asked. It looks like your system is infected:

http://go.eset.com/us/threat-center...


Report •

#2
September 26, 2012 at 15:04:14
When finished doing the above, Run ESET & post the log please.
http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

Report •

#3
September 27, 2012 at 10:52:22
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5461dfc4defdb44db07a688d35704f47
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-27 05:48:27
# local_time=2012-09-27 11:18:27 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 6007 6007 0 0
# scanned=130424
# found=1
# cleaned=1
# scan_time=5311
C:\Documents and Settings\S.Govindaswamy\Local Settings\Temp\NODC7EE.tmp a variant of Win32/Toolbar.Widgi application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

Report •

Related Solutions

#4
September 27, 2012 at 13:52:08
After each fix or change we make, let me know how the comp is running. Example: Still cannot open .exe and .reg files.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


Report •

#5
September 27, 2012 at 14:18:46
After running AdwCleaner, run these.

Run TDSSKiller & post the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS dos'nt run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
[RogueKiller] Official Tutorial
http://www.geekstogo.com/forum/topi...



Report •

#6
October 16, 2012 at 07:58:02
✔ Best Answer
i cannot open my computer so called the computer guy some problem in RAM now its alright thanks a lot for your help :)

Report •

Ask Question