Author Topic: antivirus software alert / aplication cannot be executed (Read 11909 times)

brads · « **on:** February 13, 2010, 05:40:06 PM »

I keep getting the Antivirus software alert pop up and the application cannot be executed file is infected pop ups. Also getting pop ups in internet explorer. I noticed several other of these but each warned not to follow those instructions, that some one will provide specific instructions for my machine and messages. I hope someone will be able to help. Many thanks in advance.

evilfantasy · « **Reply #1 on:** February 13, 2010, 06:05:44 PM »

Start here. http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095

Post the 3 logs when complete.

brads · « **Reply #2 on:** February 13, 2010, 06:14:46 PM »

I can download the programs but can't install or open. I get the application cannot be executed box. The file is infected.

evilfantasy · « **Reply #3 on:** February 13, 2010, 06:18:34 PM »

Try this.

Try not to restart the computer until one of the tools we use does it for you or tells you to.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the next one.

Vista and Windows 7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* When finished it will create a log. Please post the rkill.log in the next reply.

* If Rkill does not run from the first link, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Download and run exeHelper

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Add the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

brads · « **Reply #4 on:** February 13, 2010, 06:35:30 PM »

logs

[Saving space, attachment deleted by admin]

evilfantasy · « **Reply #5 on:** February 13, 2010, 06:36:42 PM »

Try to update and run Malwarebytes now.

brads · « **Reply #6 on:** February 13, 2010, 06:59:23 PM »

its scanning but i received an error message when i tried to update.

evilfantasy · « **Reply #7 on:** February 13, 2010, 07:03:14 PM »

Alright. Let's see what the log produces.

brads · « **Reply #8 on:** February 13, 2010, 07:11:39 PM »

Malwarebytes' Anti-Malware 1.44
Database version: 3620
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/13/2010 8:10:36 PM
mbam-log-2010-02-13 (20-10-36).txt

Scan type: Quick Scan
Objects scanned: 120961
Time elapsed: 15 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

evilfantasy · « **Reply #9 on:** February 13, 2010, 07:12:38 PM »

Download TDSSKiller and save it to your desktop.

* Right click on the file and choose extract all extract the file to your desktop then run it.
* Once completed it will create a log in your C:\ drive with a name similar to 'TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt'.
* Please post the contents of that log.

brads · « **Reply #10 on:** February 13, 2010, 07:20:56 PM »

20:15:55:265 3848   TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
20:15:55:265 3848   ================================================================================
20:15:55:265 3848   SystemInfo:

20:15:55:265 3848   OS Version: 5.1.2600 ServicePack: 3.0
20:15:55:265 3848   Product type: Workstation
20:15:55:265 3848   ComputerName: TERI
20:15:55:265 3848   UserName: Teri Simpson
20:15:55:265 3848   Windows directory: C:\WINDOWS
20:15:55:265 3848   Processor architecture: Intel x86
20:15:55:265 3848   Number of processors: 2
20:15:55:265 3848   Page size: 0x1000
20:15:55:265 3848   Boot type: Normal boot
20:15:55:265 3848   ================================================================================
20:15:55:281 3848   UnloadDriverW: NtUnloadDriver error 2
20:15:55:281 3848   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:15:55:281 3848   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
20:15:55:328 3848   UtilityInit: KLMD drop and load success
20:15:55:328 3848   KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
20:15:55:328 3848   UtilityInit: KLMD open success
20:15:55:328 3848   UtilityInit: Initialize success
20:15:55:328 3848
20:15:55:328 3848   Scanning   Services ...
20:15:55:328 3848   CreateRegParser: Registry parser init started
20:15:55:328 3848   DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
20:15:55:328 3848   CreateRegParser: DisableWow64Redirection error
20:15:55:328 3848   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:15:55:343 3848   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
20:15:55:343 3848   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:15:55:343 3848   wfopen_ex: Trying to KLMD file open
20:15:55:343 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
20:15:55:343 3848   wfopen_ex: File opened ok (Flags 2)
20:15:55:343 3848   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384918
20:15:55:343 3848   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:15:55:343 3848   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
20:15:55:343 3848   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:15:55:343 3848   wfopen_ex: Trying to KLMD file open
20:15:55:343 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
20:15:55:343 3848   wfopen_ex: File opened ok (Flags 2)
20:15:55:343 3848   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849C0
20:15:55:343 3848   EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
20:15:55:343 3848   CreateRegParser: EnableWow64Redirection error
20:15:55:343 3848   CreateRegParser: RegParser init completed
20:15:55:828 3848   GetAdvancedServicesInfo: Raw services enum returned 360 services
20:15:55:828 3848   fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:15:55:828 3848   fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:15:55:828 3848
20:15:55:828 3848   Scanning   Kernel memory ...
20:15:55:828 3848   KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:15:55:828 3848   DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8531CA08
20:15:55:828 3848   DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
20:15:55:828 3848
20:15:55:828 3848   DetectCureTDL3: DEVICE_OBJECT: 85314C68
20:15:55:828 3848   KLMD_GetLowerDeviceObject: Trying to get lower device object for 85314C68
20:15:55:828 3848   KLMD_ReadMem: Trying to ReadMemory 0x85314C68[0x38]
20:15:55:828 3848   DetectCureTDL3: DRIVER_OBJECT: 8531CA08
20:15:55:828 3848   KLMD_ReadMem: Trying to ReadMemory 0x8531CA08[0xA8]
20:15:55:828 3848   KLMD_ReadMem: Trying to ReadMemory 0xE101D0D8[0x18]
20:15:55:828 3848   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:15:55:828 3848   DetectCureTDL3: IrpHandler (0) addr: F75CABB0
20:15:55:828 3848   DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (2) addr: F75CABB0
20:15:55:828 3848   DetectCureTDL3: IrpHandler (3) addr: F75C4D1F
20:15:55:828 3848   DetectCureTDL3: IrpHandler (4) addr: F75C4D1F
20:15:55:828 3848   DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (

addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (9) addr: F75C52E2
20:15:55:828 3848   DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (14) addr: F75C53BB
20:15:55:828 3848   DetectCureTDL3: IrpHandler (15) addr: F75C8F28
20:15:55:828 3848   DetectCureTDL3: IrpHandler (16) addr: F75C52E2
20:15:55:828 3848   DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (22) addr: F75C6C82
20:15:55:828 3848   DetectCureTDL3: IrpHandler (23) addr: F75CB99E
20:15:55:828 3848   DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:15:55:828 3848   DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:15:55:828 3848   TDL3_FileDetect: Processing driver: Disk
20:15:55:828 3848   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:828 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:859 3848   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:15:55:859 3848
20:15:55:859 3848   DetectCureTDL3: DEVICE_OBJECT: 85378C68
20:15:55:859 3848   KLMD_GetLowerDeviceObject: Trying to get lower device object for 85378C68
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0x85378C68[0x38]
20:15:55:859 3848   DetectCureTDL3: DRIVER_OBJECT: 8531CA08
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0x8531CA08[0xA8]
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0xE101D0D8[0x18]
20:15:55:859 3848   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:15:55:859 3848   DetectCureTDL3: IrpHandler (0) addr: F75CABB0
20:15:55:859 3848   DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (2) addr: F75CABB0
20:15:55:859 3848   DetectCureTDL3: IrpHandler (3) addr: F75C4D1F
20:15:55:859 3848   DetectCureTDL3: IrpHandler (4) addr: F75C4D1F
20:15:55:859 3848   DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (

addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (9) addr: F75C52E2
20:15:55:859 3848   DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (14) addr: F75C53BB
20:15:55:859 3848   DetectCureTDL3: IrpHandler (15) addr: F75C8F28
20:15:55:859 3848   DetectCureTDL3: IrpHandler (16) addr: F75C52E2
20:15:55:859 3848   DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (22) addr: F75C6C82
20:15:55:859 3848   DetectCureTDL3: IrpHandler (23) addr: F75CB99E
20:15:55:859 3848   DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:15:55:859 3848   TDL3_FileDetect: Processing driver: Disk
20:15:55:859 3848   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:859 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:859 3848   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:15:55:859 3848
20:15:55:859 3848   DetectCureTDL3: DEVICE_OBJECT: 85315C68
20:15:55:859 3848   KLMD_GetLowerDeviceObject: Trying to get lower device object for 85315C68
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0x85315C68[0x38]
20:15:55:859 3848   DetectCureTDL3: DRIVER_OBJECT: 8531CA08
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0x8531CA08[0xA8]
20:15:55:859 3848   KLMD_ReadMem: Trying to ReadMemory 0xE101D0D8[0x18]
20:15:55:859 3848   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:15:55:859 3848   DetectCureTDL3: IrpHandler (0) addr: F75CABB0
20:15:55:859 3848   DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (2) addr: F75CABB0
20:15:55:859 3848   DetectCureTDL3: IrpHandler (3) addr: F75C4D1F
20:15:55:859 3848   DetectCureTDL3: IrpHandler (4) addr: F75C4D1F
20:15:55:859 3848   DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (

addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (9) addr: F75C52E2
20:15:55:859 3848   DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (14) addr: F75C53BB
20:15:55:859 3848   DetectCureTDL3: IrpHandler (15) addr: F75C8F28
20:15:55:859 3848   DetectCureTDL3: IrpHandler (16) addr: F75C52E2
20:15:55:859 3848   DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:15:55:859 3848   DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (22) addr: F75C6C82
20:15:55:875 3848   DetectCureTDL3: IrpHandler (23) addr: F75CB99E
20:15:55:875 3848   DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:15:55:875 3848   TDL3_FileDetect: Processing driver: Disk
20:15:55:875 3848   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:875 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:55:875 3848   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:15:55:875 3848
20:15:55:875 3848   DetectCureTDL3: DEVICE_OBJECT: 85317AB8
20:15:55:875 3848   KLMD_GetLowerDeviceObject: Trying to get lower device object for 85317AB8
20:15:55:875 3848   DetectCureTDL3: DEVICE_OBJECT: 8538BD98
20:15:55:875 3848   KLMD_GetLowerDeviceObject: Trying to get lower device object for 8538BD98
20:15:55:875 3848   KLMD_ReadMem: Trying to ReadMemory 0x8538BD98[0x38]
20:15:55:875 3848   DetectCureTDL3: DRIVER_OBJECT: 85382030
20:15:55:875 3848   KLMD_ReadMem: Trying to ReadMemory 0x85382030[0xA8]
20:15:55:875 3848   KLMD_ReadMem: Trying to ReadMemory 0xE101FFB0[0x1A]
20:15:55:875 3848   DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
20:15:55:875 3848   DetectCureTDL3: IrpHandler (0) addr: F74176F2
20:15:55:875 3848   DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (2) addr: F74176F2
20:15:55:875 3848   DetectCureTDL3: IrpHandler (3) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (4) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (

addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (14) addr: F7417712
20:15:55:875 3848   DetectCureTDL3: IrpHandler (15) addr: F7413852
20:15:55:875 3848   DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (22) addr: F741773C
20:15:55:875 3848   DetectCureTDL3: IrpHandler (23) addr: F741E336
20:15:55:875 3848   DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:15:55:875 3848   DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:15:55:875 3848   KLMD_ReadMem: Trying to ReadMemory 0xF7414864[0x400]
20:15:55:875 3848   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:15:55:875 3848   TDL3_FileDetect: Processing driver: atapi
20:15:55:875 3848   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
20:15:55:875 3848   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
20:15:55:890 3848   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
20:15:55:890 3848
20:15:55:890 3848   Completed
20:15:55:890 3848
20:15:55:890 3848   Results:
20:15:55:890 3848   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
20:15:55:890 3848   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
20:15:55:890 3848   File objects infected / cured / cured on reboot:   0 / 0 / 0
20:15:55:890 3848
20:15:55:890 3848   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
20:15:55:890 3848   UtilityDeinit: KLMD(ARK) unloaded successfully

evilfantasy · « **Reply #11 on:** February 13, 2010, 07:22:09 PM »

Looking good so far.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

brads · « **Reply #12 on:** February 13, 2010, 07:46:02 PM »

ComboFix 10-02-12.01 - Teri Simpson 02/13/2010 20:36:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.337 [GMT -6:00]
Running from: c:\documents and settings\Teri Simpson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\TERISI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\TERISI~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Teri Simpson\Local Settings\Application Data\weoaqn
c:\documents and settings\Teri Simpson\Local Settings\Application Data\weoaqn\pnvbsftav.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 01:40 . 2010-02-14 01:40   52224   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-14 01:40 . 2010-02-14 01:40   117760   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-14 01:40 . 2010-02-14 01:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-14 01:39 . 2010-02-14 01:39   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-14 01:39 . 2010-02-14 01:39   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\SUPERAntiSpyware.com
2010-02-14 01:23 . 2010-02-14 01:23   --------   d--h--w-   c:\windows\PIF
2010-02-14 01:13 . 2010-02-14 01:13   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-09 02:09 . 2010-02-09 02:09   50354   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Facebook\uninstall.exe
2010-02-09 02:09 . 2010-02-09 02:09   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\Facebook
2010-02-01 22:04 . 2010-02-01 22:04   847040   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04   5578752   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-23 23:33 . 2009-11-10 20:39   607472   ----a-w-   c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-01-23 22:04 . 2010-01-23 22:05   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\Yahoo!
2010-01-23 22:03 . 2010-01-23 23:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-23 22:02 . 2010-01-23 22:14   --------   d-----w-   c:\windows\SxsCaPendDel
2010-01-23 21:27 . 2008-04-13 18:45   60032   ----a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-01-23 21:27 . 2008-04-13 18:45   60032   ----a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-01-23 21:23 . 2009-07-24 21:05   676720   ----a-w-   c:\windows\system32\LCCoin30.dll
2010-01-23 21:23 . 2009-07-24 21:05   101232   ----a-w-   c:\windows\VX3000.dll
2010-01-23 21:23 . 2009-07-24 21:05   762208   ----a-w-   c:\windows\vVX3000.exe
2010-01-23 21:23 . 2009-07-24 21:05   227680   ----a-w-   c:\windows\vVX3000.dll
2010-01-23 21:23 . 2009-07-24 21:05   175456   ----a-w-   c:\windows\system32\cVX3000.dll
2010-01-23 21:23 . 2009-07-24 21:05   1961328   ----a-w-   c:\windows\system32\drivers\VX3000.sys
2010-01-23 21:21 . 2010-01-23 21:22   --------   d-----w-   c:\program files\Microsoft LifeCam
2010-01-23 21:19 . 2010-01-23 21:19   --------   d-----w-   c:\windows\system32\drivers\umdf
2010-01-23 21:02 . 2010-01-23 21:02   --------   d-----w-   c:\windows\system32\XPSViewer
2010-01-23 21:02 . 2010-01-23 21:02   --------   d-----w-   c:\program files\MSBuild
2010-01-23 21:02 . 2010-01-23 21:02   --------   d-----w-   c:\program files\Reference Assemblies
2010-01-23 20:46 . 2010-01-23 20:47   144160   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Move Networks\uninstall.exe
2010-01-23 20:46 . 2010-01-23 20:47   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\Move Networks
2010-01-23 19:25 . 2010-01-23 19:25   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\Malwarebytes
2010-01-23 19:25 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 19:25 . 2010-01-23 19:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-23 19:25 . 2010-02-14 01:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-23 19:25 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 22:33 . 2008-03-20 17:56   --------   d-----w-   c:\program files\SpywareBlaster
2010-02-13 20:40 . 2008-01-13 21:42   --------   d-----w-   c:\program files\lx_cats
2010-02-02 20:39 . 2007-12-25 23:19   --------   d-----w-   c:\documents and settings\Teri Simpson\Application Data\LimeWire
2010-01-27 00:10 . 2007-11-21 20:14   --------   d-----w-   c:\program files\Yahoo!
2010-01-23 23:07 . 2007-11-21 20:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\YAHOO
2010-01-23 23:06 . 2009-11-25 19:33   79488   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-23 21:36 . 2007-11-29 02:09   51640   ----a-w-   c:\documents and settings\Teri Simpson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 20:46 . 2009-12-07 01:22   5603776   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-22 03:47 . 2009-05-30 17:02   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-17 22:35 . 2008-03-20 17:56   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 01:05 . 2007-11-21 20:16   --------   d-----w-   c:\program files\Google
2010-01-05 10:00 . 2004-08-10 18:51   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 18:51   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 18:50   17408   ------w-   c:\windows\system32\corpol.dll
2010-01-01 00:37 . 2008-01-13 21:39   --------   d-----w-   c:\program files\Lexmark Fax Solutions
2009-12-31 16:50 . 2004-08-10 18:51   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-10 19:01   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 18:50   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-10 18:51   2145280   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 04:59   2023936   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-12-07 01:22 . 2009-12-07 01:22   97216   ----a-w-   c:\documents and settings\Teri Simpson\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-04 18:22 . 2007-11-21 19:39   455424   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 18:51   1291776   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 06:56   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 04:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 18:50   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 06:56   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-10 18:50   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-21 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 02:05   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2008 11:51 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2008 11:51 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 5:16 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 5:16 PM 297752]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 PentaxUsb;PENTAX Optio E10 on USB;c:\windows\system32\drivers\CoachUsb.sys [7/15/2008 11:38 AM 50976]
S3 PentaxVc;PENTAX Optio E10 Video Capture;c:\windows\system32\drivers\CoachVc.sys [7/15/2008 11:38 AM 44256]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD21
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - klmd21
.
Contents of the 'Scheduled Tasks' folder

2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Teri Simpson\Application Data\Mozilla\Firefox\Profiles\e0tjfy27.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Teri Simpson\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Teri Simpson\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pfayfdew - c:\documents and settings\Teri Simpson\Local Settings\Application Data\weoaqn\pnvbsftav.exe
HKLM-Run-pfayfdew - c:\documents and settings\Teri Simpson\Local Settings\Application Data\weoaqn\pnvbsftav.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 20:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll
.
Completion time: 2010-02-13 20:44:06
ComboFix-quarantined-files.txt 2010-02-14 02:43

Pre-Run: 51,716,616,192 bytes free
Post-Run: 52,106,031,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 746D4F040D1C3591D2D94ABE27667720

evilfantasy · « **Reply #13 on:** February 13, 2010, 07:50:30 PM »

How is the computer running now?

brads · « **Reply #14 on:** February 13, 2010, 07:51:20 PM »

seems to be fine

Computer Hope Forum

News:

Author Topic: antivirus software alert / aplication cannot be executed (Read 11909 times)

brads

antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed

evilfantasy

Re: antivirus software alert / aplication cannot be executed

brads

Re: antivirus software alert / aplication cannot be executed