JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Please find these files:
C:\DOCUME~1\Owner\LOCALS~1\Temp\winqecn.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winqsxv.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\kwmvnr.exe and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
I'll get back to you as soon as they are analyzed.
-
The logs look clean, are you still having symptoms?
-
Hi Tampa9vd and welcome to Malwarebytes. Please run HJT again in scan only and put a check next to the following items and then click fix.
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
It looks like your Kaspersky's is damaged and probably not working from this line.
O23 - Service: is-QO699 - Unknown owner - C:\Program Files\Kaspersky Lab Tool\is-QO699\is-QO699.exe (file missing) I suggest you examine that and make sure you do have working anti virus.
Reboot the machine. Update MBAM, and run a quick scan. Post that log and a new HJT log please.
-
OK that might explain the missing stuff, and it might also explain why it doesn't show in your logs.
Please find this file C:\WINDOWS\system32\nvsvc32.exe
and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
But how are you doing a full scan in 3 minutes?
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 51364
Time elapsed: 3 minute(s), 33 second(s)
You don't need to do a full scan, you do need to reboot for the delete when MBAM says so.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d545bdba-727b-4661-8ed1-5600073cdc27} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zfvlnnlm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d545bdba-727b-4661-8ed1-5600073cdc27} (Trojan.Vundo.H) -> Delete on reboot.
All those are delete on reboot. You have a rootkit, my advice about reformat is sincere, and the only way to be sure of removal.
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
You need to UPDATE MBAM.
Post that log, then the HJT log.
-
Look, for what ever reasons, your not doing as asked, your not posting a full log and your not doing as MBAM says. You have a rootkit, which means all information on the machine has been compromised, banking, credit cards etc, passwords. You need to change them all now. Notify the banks etc. The only sure way to remove a rootkit is reformat. Since you won't work with me. I suggest you do that. We have clear forum policy that states you will cooperate and will not alter logs. You are not cooperating and you are altering the HJT log. I'm done.
-
Heh, I can't take credit for this one, I got advice from the lead definitions researcher. Nice having an inside track.
I need to see a clean MBAM log and a clean HJT before I call it clean
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkfp.exe <======== still in the log.
Show me new clean logs and we still have some final steps.
-
Jimmy did you get these uploaded? If so please update MBAM, scan and post that log and a new HJT log.
-
You already cleaned System Restore from the lines you posted. That is the last of our worries, we are working on the live stuff running in real time.
What will work is you following instructions. I asked for an updated MBAM log in which you do the reboot to remove, and a new HJT log.
-
Yes it sounds familiar, and one of the clues of something to hide is an edited log, we see shop owners trying to make $ off our free help. I had to ask.
The first item SBS&D found is not malware, it's alerting that the security center is turned off. Not a bad idea to have it on, it does use resources but will alert to the AV being outdated if it is one MS recognizes. If not it's useless for the most.
The second, would most likely be removed by MBAM, if you follow my instructions to update it and scan again. The last log indicated a reboot to delete, you must do that. Please only run scans requested. You can cause the malware to mutate to a whole new mess, tampering before we have it removed.
Update MBAM, quick scan, post that log and a new HJT log please.
-
Hi and welcome. Yes malware will target programs and sites to block functions, and access. Yes they must be identified to be removed. Those threads you point out are not related to each other and are not the same in any respect from a quick glance. If your still having trouble you should read and follow the instructions here then post a log here . Someone will be happy to help you.
-
Hi here is the information for that item http://www.systemlookup.com/lists.php?list...df1c5211&s= Do you have that toolbar?
-
Hi read and follow the instructions here then post a log here . Someone will be happy to help you.
-
What version of defs for that? We went through this once.
-
Hi Transience/Dave and welcome to Malwarbytes!
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
Who does this machine belong to? Are you running a repair shop? You have already said you don't own the machine.
That is not a full HJT log. Update MBAM quick scan again, post that log, and the full HJT log.
-
That doesn't make sense. If you did a restore point and cleaned it. Then your not infected. You don't say why you "know" this. And your not cooperating very well. The longer you put off doing as asked if you are infected the greater chance it is much harder to fix. You have the time to post it takes about 5 minutes to run the scans.
-
OK, first you need to move HJT from the desktop to Program Files. I missed this before. Once that is done run in scan only place a check next to the following and then click fix.
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkfp.exe
Reboot, update MBAM, run a quick scan remove all post the log and a new HJT. Cross your fingers
-
Hi dhillon33 you need to remove these two lines
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Not selected for removal.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Not selected for removal.
Then update MBAM, run a quick scan and post that log along with a log from HiJack This!
-
Hi Sinowzoa and welcome to Malwarebytes. You should do as the program asks. Reboot for the removal of the last item. Then update MBAM run a quick scan and post a log from HiJack This!
.
-
Hi mjshep. What is it that you would like help with? Do you have a specific problem, or symptoms? Nothing shows malware in your logs.
-
Are you taking out part of the HJT log?
Run HJT again in scan only and put a check next to these lines, then click fix.
O2 - BHO: (no name) - {D545BDBA-727B-4661-8ED1-5600073CDC27} - c:\windows\system32\ascuijq.dll (file missing)
O20 - Winlogon Notify: zfvlnnlm - ascuijq.dll (file missing)
Reboot.
Update MBAM run a quick scan post that log and a new HJT log. The full HJT log.
hijack.taskmanager
in Resolved Malware Removal Logs
Posted
I use Avira for AV it's very good and low resource.
For what ever your reasons, your editing your HJT log. That is not a full log. Nothing you have said makes any sense for what it going on. If you reformatted that alone should have cleaned the system. You have no windows services running at all? Impossible to run without them. Your not playing this game any more. As per site policy this issue is over.