Advice Please?

Hi


I would be running through our guide below and attaching the logs so our malware experts can see whats causing this if indeed it is malware...



Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

The file name is runkeys.txt not runkeys3.txt and it should not be blank if run properly.

• Did you check to make sure you are now receiving any of the indicated error messages show on the download page?
• Did you wait for it to finish running and for the notepad window to open.
• You must not run it from the ZIP file. Based on your log from ShowNew, it looks like at least at some point you ran both ShowNew.bat and GetRunKey.bat directly from inside of the ZIP files.

Please try again and tell us if you get any error messages. Note however, that if you see the below error message in the command prompt window, it is okay, just ignore it and what for the program to run:

Error: The system was unable to find the specified registry key or value

Did you edit your log from ShowNew? It shows very few programs being installed and you apparently have a lot more that what it shows according to your HJT log.

However note that based on the logs you have posted, I see no signs of MovieCommander or any other malware.


Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.

 

All of your logs are clean!

If you are still having problems, you will need to look elsewhere since it does not appear that you are having malware problems.

 

I cannot answer that since you never posted a log that shows what it is finding.

 

A-Squared seems to have a variety of issues with these keys. They even admitted to some detections of MovieCommander being false positives. Or as A-Squared calls it themselves, it is a bug in their signatures. I'm not sure your keys were blatantly called false though. That log shows a deficiency in there reporting mechanism. They are not giving the full registry key path which is basically not useful. See the below link

http://forum.emsisoft.com/Default.aspx?g=posts&m=10681


Make sure you the current detection installed.

 

You're welcome. For any programs that you cannot get to work, try uninstalling them, and then reboot (don't skip the reboot), then reinstall.