Jump to content

junkhead

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by junkhead

  1. Hi, I think I've had this problem before but can't remember what to do about it. I did a quick search but didn't get any hits so sorry if this is a common question. On my laptop something has happened where Malwarebytes scan ends too quickly, usually in about 6-10 minutes or so, whereas it usually takes 40+ minutes on both my laptop and desktop to do a full scan. Last time this happened something in the settings or somewhere just got unchecked but I can't remember what it was. Any ideas on what to do? Thanks a bunch for any help.
  2. Ok, thanks, if there's nothing that can be done here I will open a new thread in the HJT forum. Here's the dds logs. DDS.txt Attach.txt
  3. Hi, thanks for that. I did come here for help and was advised by an expert here to run Combofix. As far as I know I'm not infected since Combofix has been run. What I'm asking about now is possible after effects of running Combofix. Like I say, I'm not positive it was Combofix that did it since I've also gotten a new modem recently but Combofix has wonked up my system in the past and my laptop, which is connected to the same modem/router that my desktop is, runs fine so I don't think it's a hardware/modem issue. Any help in fixing the lag in my internet connection would be most appreciated.
  4. Hi, I recently ran Combofix to fix a malware infection and I think it might have done something to my internet connection when my computer wakes up from sleeping. When my computer wakes from sleeping now it takes 30-45 seconds to connect to the internet whereas it used to connect right away. I'm not positive it was running Combofix that did it, I also recently installed Skype and Skype has done things to my computer before as well (like not allowing my computer to sleep even when Skype was not on and Skype was not set up to start up automatically. Uninstalling Skype didn't fix the problem and Skype isn't set to start automatically now either. I also ran scans with MSE and Malwarebytes and the scans are coming back clean) but those are the only two things that I can think of. It's not a hardware problem AFAIK because my laptop is connected to the same router that my desktop is and my laptop connects right away after sleeping just like my desktop used to. I've tried doing various tips and tricks after google searches of similar problems, my drivers are updated, etc, but the problem still persists. My question is what should I do? The Windows re-install DVD has different options for stuff like this that stops short of a complete re-install doesn't it? I'm almost to the point of doing a complete re-install of Win7 but don't want to mess with having to get another activation key for Office, etc. Any suggestions? Thanks a bunch for any help.
  5. Ok, I got some help and ran Unhide and the problem is fixed. One last question that I would like to ask if possible, Malwarebytes seems to take a long time to load now, like a couple minutes or something. It's a long time after my other programs load and I deliberately don't have a lot of stuff running on startup, should I uninstall MB and then reinstall it? I remember back when I had McAfee it developed some sort of conflict along the way that made it really slow, has anyone reported similar issues with MB? Thanks again for all the help, I appreciate it very much. You guys are great.
  6. Last note- I think it might have happened after uninstalling Combofix because I don't remember stuff being missing after running Combofix because I was asking about hidden files and folders following running Combofix. So it's possible that it only happened after uninstalling Combofix. Thanks again.
  7. Just a note- I've also tried doing quick fixes from looking online such as right clicking Libraries and selecting 'restore default libraries', etc. Nothing has worked.
  8. One more question- is there any way I can get one on one support? This is my fathers computer and having to wait hours and hours between replies (which can end up being days) might not be appreciated if there's something he needs to do. Also I don't think it's a hard drive failure as I opened bittorrent to keep the computer from sleeping during a MalwareBytes scan and the files are being seeded, plus the computer is a desktop and is only a year or two old so it's not some ancient hd or one that has been dropped and/or abused like laptop hd's can be. Thanks again.
  9. I tried doing system restore and it didn't help. It looks like my older restore points are gone, the only one I see is the ComboFix install system restore from yesterday.
  10. Ok, having more problems now. Now my libraries are gone. No 'My Music', no 'My Pictures', etc. 'My Documents' has like two folders in it and most of the files are gone. Any help would be appreciated.
  11. Ahh, sweet relief, thank you so much. Everything works now. It's funny, I was feeling gut-checked the whole time thinking I was going to have to do some big to do to get my system restored and then I thought 'maybe just a restart will work' but I didn't want to do anything without instructions, so thanks again. One other question, if possible- the last virus I got made all my folders translucent or whatever and I don't know how to get them back to normal. I think I remember there being a system-wide way to do it but does that also do folders that should or shouldn't be hidden, like system files? Which do I want- read only or not plus hidden or not? Sorry I didn't say anything about it earlier, I thought from what I remembered from the last time it happened it was only the read-only part that was affected, I didn't realize hidden was selected too. Did that possibly affect the combofix and dds logs? Sorry again if I mucked things up.
  12. I just checked and system restore won't work either.
  13. I ran Combofix but when my computer restarted after running Combofix nothing will open now. No programs will open, not Internet Explorer, Notepad, Paint, etc; they all say 'Illegal operation attempted on a registry key that has been marked for deletion'. Right now I'm using my laptop to post this. I think this is the second time that Combofix has jacked up my computer, the first time I think I had to boot Windows 7 from the installation dvd to run System Restore because my computer kept on randomly restarting after running Combofix. Thanks again for the help. -------------------------------------------------------------- ComboFix 12-09-06.02 - John 09/06/2012 17:12:56.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2981 [GMT -5:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\40H77AFF9sGbSO c:\programdata\dsgsdgdsgdsgw.pad c:\users\John\AppData\Roaming\uetrn.dll c:\users\John\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 ))))))))))))))))))))))))))))))) . . 2012-09-06 21:53 . 2012-08-25 02:01 883864 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe 2012-09-06 15:32 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ED96D5B-B9B3-4340-A43A-4B77781B0F1B}\mpengine.dll 2012-09-05 10:39 . 2012-09-05 10:58 -------- d-----w- c:\users\John\AppData\Roaming\Skype 2012-09-05 10:37 . 2012-09-05 10:37 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-05 10:37 . 2012-09-05 10:37 -------- d-----r- c:\program files (x86)\Skype 2012-09-05 10:37 . 2012-09-05 10:39 -------- d-----w- c:\programdata\Skype 2012-09-05 01:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-01 01:13 . 2012-09-01 01:13 -------- d-----w- c:\users\John\AppData\Local\{2F5FF353-F3D2-11E1-8270-B8AC6F996F26} 2012-08-20 18:14 . 2012-09-06 22:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-20 18:14 . 2012-08-20 18:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-15 13:00 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll 2012-08-15 13:00 . 2012-06-16 05:16 609792 ----a-w- c:\windows\system32\vbscript.dll 2012-08-15 13:00 . 2012-06-16 04:26 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-15 13:00 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 13:00 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 13:00 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 13:00 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-13 17:28 . 2012-08-13 17:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D75D90-49B6-4348-87E5-8487E4EACD3E}\gapaengine.dll 2012-08-12 04:10 . 2012-08-12 04:10 -------- d-----w- c:\windows\system32\SPReview 2012-08-12 04:09 . 2012-08-12 04:09 -------- d-----w- c:\windows\system32\EventProviders 2012-08-11 07:07 . 2012-08-11 07:07 328704 ----a-w- c:\windows\system32\services.exe.8ECD608AF9133C10 2012-08-11 05:32 . 2012-08-20 15:53 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 05:31 . 2012-08-12 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-11 05:31 . 2012-08-11 05:31 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com 2012-08-11 01:50 . 2012-08-11 01:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-11 01:49 . 2012-08-12 02:43 -------- d--h--w- c:\users\John\AppData\Local\{9B7E5494-E356-11E1-8270-B8AC6F996F26} 2012-08-11 01:48 . 2012-08-12 02:43 -------- d--h--w- c:\programdata\0C1CFB130008C96702A766874F147CE7 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 08:00 . 2011-02-19 21:06 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-12 04:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-08-12 04:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-08-04 15:34 . 2012-04-19 18:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 15:34 . 2011-06-04 06:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-08 23:29 . 2012-07-08 23:29 10063024 ----a-w- C:\mbam-setup.exe 2012-07-08 23:24 . 2012-07-08 23:24 457632 ----a-w- C:\FixExec.exe 2012-07-03 18:46 . 2012-07-08 23:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 00:28 . 2012-06-24 00:28 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-09 05:43 . 2012-07-10 20:33 14172672 ----a-w- c:\windows\system32\shell32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47] . 2012-09-06 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tvgwncf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe Wow6432Node-HKCU-Run-apcnap - c:\users\John\AppData\Roaming\apcnap.dll Wow6432Node-HKCU-Run-uetrn - c:\users\John\AppData\Roaming\uetrn.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-06 17:24:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-06 22:24 . Pre-Run: 83,102,760,960 bytes free Post-Run: 83,030,695,936 bytes free . - - End Of File - - 975972A9556686BF27A63B8FBF3CCA6E
  14. Thanks a bunch for the help. Here's the log for C:\Users\John\AppData\Roaming\uetrn.dll, I can't find the file for C:\Users\John\AppData\Roaming\apcnap.dll. MalwareBytes says that it quarantined this file, do I need to look somewhere else for it? Neither showed up when I searched for them in the Start menu. Thanks again. SHA256: 4df4e7124dada82e1360b35b779ac4be9190600285ebf5b42c693fd262a43754 SHA1: b84fd2bff483c6d50d52fb15fd9977a9c8b09092 MD5: 314dac373927cbbb27d67b75e7f94e55 File size: 1.5 MB ( 1606144 bytes ) File name: uetrn.dll File type: Win32 DLL Detection ratio: 5 / 42 Analysis date: 2012-09-06 01:24:27 UTC ( 0 minutes ago ) More details Antivirus Result Update AhnLab-V3 - 20120905 AntiVir - 20120906 Antiy-AVL - 20120905 Avast - 20120905 AVG - 20120906 BitDefender - 20120906 ByteHero - 20120831 CAT-QuickHeal - 20120905 ClamAV - 20120906 Commtouch - 20120906 Comodo TrojWare.Win32.Agent.RXKO 20120905 DrWeb Trojan.Packed 20120906 Emsisoft - 20120906 eSafe - 20120904 ESET-NOD32 a variant of Win32/Medfos.DC 20120905 F-Prot - 20120906 F-Secure - 20120906 Fortinet W32/Medfos.BLA!tr 20120830 GData - 20120906 Ikarus - 20120906 Jiangmin - 20120905 K7AntiVirus - 20120905 Kaspersky HEUR:Trojan.Win32.Generic 20120905 McAfee - 20120906 McAfee-GW-Edition - 20120905 Microsoft - 20120906 Norman - 20120905 nProtect - 20120905 Panda - 20120905 PCTools - 20120905 Rising - 20120905 Sophos - 20120906 SUPERAntiSpyware - 20120905 Symantec - 20120906 TheHacker - 20120905 TotalDefense - 20120905 TrendMicro - 20120906 TrendMicro-HouseCall - 20120906 VBA32 - 20120905 VIPRE - 20120905 ViRobot - 20120905 VirusBuster - 20120905
  15. Ok, thanks a bunch for the help. Best, J
  16. Hi, I posted a thread in the 'false positive' forum and was told to come here. The mistaken 'false positive' thread I started with info on what the problem is that I am having is linked to below- http://forums.malwarebytes.org/index.php?showtopic=115347 I'm attaching the DDS and Attach logs to this post. Thanks a bunch for any help, J PS- I did not temporarily disable any script blocker if my Anti-Virus/Anti-Malware has it as I do not know if my AV/AM has script blocking and I don't know how to disable it if it did. If there is any problem with the DDS logs please let me know how to fix it. I can probably figure out how to disable it by googling but I don't know if it's on to begin with. My computer is running Spybot S&D, MalwareBytes Pro and Microsoft Security Essentials. Thanks again. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by John at 10:16:34 on 2012-09-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2648 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\Broadcom\BPowMon\BPowMon.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [apcnap] rundll32.exe "C:\Users\John\AppData\Roaming\apcnap.dll",PSTSetNewData uRun: [uetrn] "C:\Windows\System32\rundll32.exe" "C:\Users\John\AppData\Roaming\uetrn.dll",AnyFile mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5F37D38D-EEC2-42A7-959D-A85608803995} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tvgwncf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-11 92160] R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-8 655944] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-20 1153368] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-4 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-05 10:37:06 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-05 07:09:39 -------- d-----w- C:\Users\John\AppData\Local\{CDB40BDD-B875-4EEB-AA9A-071C840C836A} 2012-09-05 01:52:35 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9797C7B-FABB-4FD3-87A4-7272971237B4}\mpengine.dll 2012-09-04 13:23:57 -------- d-----w- C:\Users\John\AppData\Local\{2336959A-14D0-41CC-9814-A8E7C841C6A5} 2012-09-03 21:57:27 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-03 14:37:15 -------- d-----w- C:\Users\John\AppData\Local\{B4B654BF-C18F-4CC7-970C-0988D5CF21E4} 2012-09-02 20:53:34 -------- d-----w- C:\Users\John\AppData\Local\{DEACA6D6-A44E-4D97-9056-A6573E1EF987} 2012-09-02 17:26:26 -------- d-----w- C:\Users\John\AppData\Local\{82150780-1C51-4C41-96E2-573B13D8CC70} 2012-09-02 13:59:10 -------- d-----w- C:\Users\John\AppData\Local\{18282C4A-BB43-4439-A6FE-CD1CAB81DC5C} 2012-09-01 15:56:05 -------- d-----w- C:\Users\John\AppData\Local\{0C21A3FD-6555-4F22-A8C2-4525ADE49151} 2012-09-01 01:13:53 -------- d-----w- C:\Users\John\AppData\Local\{2F5FF353-F3D2-11E1-8270-B8AC6F996F26} 2012-09-01 01:13:15 1606144 ----a-w- C:\Users\John\AppData\Roaming\uetrn.dll 2012-08-31 22:10:11 -------- d-----w- C:\Users\John\AppData\Local\{176D2F1E-8226-4605-A11C-D79306FF29E3} 2012-08-31 09:49:05 -------- d-----w- C:\Users\John\AppData\Local\{1CBCA05D-A0B0-4D2B-A26F-72E0FA1C6D51} 2012-08-30 13:14:07 -------- d-----w- C:\Users\John\AppData\Local\{4B025F52-5A2C-48DB-9019-01DC4789460E} 2012-08-29 14:52:33 -------- d-----w- C:\Users\John\AppData\Local\{CD85E3F2-4A10-491C-B508-B495360A9BBA} 2012-08-29 02:52:09 -------- d-----w- C:\Users\John\AppData\Local\{E4BA529C-A15B-4E8A-8384-4D2ACD4EF1BE} 2012-08-28 12:47:57 -------- d-----w- C:\Users\John\AppData\Local\{CB85860C-A262-4290-8E27-08DC3010A214} 2012-08-27 13:32:22 -------- d-----w- C:\Users\John\AppData\Local\{AC9AA695-E81C-49E8-ABF4-EFCC80DFC80F} 2012-08-26 18:40:44 -------- d-----w- C:\Users\John\AppData\Local\{DCFCAA79-9605-4C3B-AF53-0719829F9E86} 2012-08-25 12:50:30 -------- d-----w- C:\Users\John\AppData\Local\{0CEA634D-E501-4332-ACD9-EDB74349A8C3} 2012-08-24 12:59:49 -------- d-----w- C:\Users\John\AppData\Local\{3175CFDA-13FC-40B0-9D8B-B01D23C3D35A} 2012-08-23 22:39:30 -------- d-----w- C:\Users\John\AppData\Local\{FD8FB502-9484-499F-AF0B-A8FC689B9352} 2012-08-23 10:39:05 -------- d-----w- C:\Users\John\AppData\Local\{B1173028-C40B-408F-B6A5-D095D7FE93AD} 2012-08-22 19:17:18 -------- d-----w- C:\Users\John\AppData\Local\{DF129ACA-5509-4A8C-833C-8FC4F8CD9F28} 2012-08-22 01:50:17 -------- d-----w- C:\Users\John\AppData\Local\{2DDC4943-F121-4FE9-9950-BF6509C8C83E} 2012-08-21 13:33:23 -------- d-----w- C:\Users\John\AppData\Local\{E9AF1586-53BD-4DCA-911C-FD0A5B70E3CB} 2012-08-20 18:14:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-20 18:14:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-16 14:27:11 -------- d--h--w- C:\Users\John\AppData\Local\{332BCF5A-F283-4C22-941C-6E0C4F9AD0E8} 2012-08-16 14:26:59 -------- d--h--w- C:\Users\John\AppData\Local\{595E6E07-6A28-4E98-932F-0D66CE1F9EE1} 2012-08-15 14:33:02 -------- d--h--w- C:\Users\John\AppData\Local\{EFE44AD6-29D7-41EB-A8AF-11BDFD62AAB0} 2012-08-15 14:32:50 -------- d--h--w- C:\Users\John\AppData\Local\{2A98D746-F8C4-4B09-A9F7-5971A163B4C1} 2012-08-15 13:00:07 609792 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-15 13:00:06 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-15 13:00:05 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-08-15 13:00:05 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-08-15 13:00:05 136704 ----a-w- C:\Windows\System32\browser.dll 2012-08-15 12:56:06 -------- d--h--w- C:\Users\John\AppData\Local\{5F60411D-5187-4D3F-8DA1-1F0EC386FE8B} 2012-08-15 11:58:39 -------- d--h--w- C:\Users\John\AppData\Local\{A813428B-4EF5-408D-B987-D3BC0F60FC58} 2012-08-14 15:38:45 -------- d--h--w- C:\Users\John\AppData\Local\{E7FE2864-2B1C-46BC-9A6C-7B2A3BE9B201} 2012-08-14 15:38:33 -------- d--h--w- C:\Users\John\AppData\Local\{6D08883D-9F4D-491D-9054-B86D29451EA5} 2012-08-14 02:28:57 -------- d--h--w- C:\Users\John\AppData\Local\{1A5E901C-0651-4DDC-92B3-CCA16CE622C2} 2012-08-14 02:28:45 -------- d--h--w- C:\Users\John\AppData\Local\{2FEB36D7-F962-4119-BFCB-7FCBC1999595} 2012-08-13 17:28:46 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50D75D90-49B6-4348-87E5-8487E4EACD3E}\gapaengine.dll 2012-08-13 14:02:31 -------- d--h--w- C:\Users\John\AppData\Local\{ABC00FAA-FD93-4A3E-A1E6-555A11E74D84} 2012-08-13 14:02:19 -------- d--h--w- C:\Users\John\AppData\Local\{F427A1D8-473D-4C4D-9461-6B10B1458261} 2012-08-13 13:13:46 -------- d--h--w- C:\Users\John\AppData\Local\{AD61B744-BF85-4AC9-B7CF-A1947009E97D} 2012-08-13 12:57:16 -------- d--h--w- C:\Users\John\AppData\Local\{93EE1446-C6EA-46F8-A5D1-02CDA5E7919C} 2012-08-13 12:55:23 -------- d--h--w- C:\Users\John\AppData\Local\{B96971FF-3C18-4513-BED1-05C70DA5E296} 2012-08-12 22:08:50 -------- d--h--w- C:\Users\John\AppData\Local\{A6B2F823-5A81-47BC-B33E-64579977A4F9} 2012-08-12 22:08:38 -------- d--h--w- C:\Users\John\AppData\Local\{49E6D802-5A3D-4605-87A9-4A760E49176D} 2012-08-12 07:02:14 -------- d--h--w- C:\Users\John\AppData\Local\{58718545-A520-4A31-86EF-4029F6076F22} 2012-08-12 07:02:03 -------- d--h--w- C:\Users\John\AppData\Local\{D95A82C0-3623-4382-B5E6-AECA9C892BA2} 2012-08-12 04:10:13 -------- d-----w- C:\Windows\System32\SPReview 2012-08-12 04:09:23 -------- d-----w- C:\Windows\System32\EventProviders 2012-08-11 07:07:47 328704 ----a-w- C:\Windows\System32\services.exe.8ECD608AF9133C10 2012-08-11 05:32:02 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 05:31:55 -------- d--h--w- C:\ProgramData\SUPERAntiSpyware.com 2012-08-11 05:31:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-11 01:50:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-11 01:49:03 -------- d--h--w- C:\Users\John\AppData\Local\{9B7E5494-E356-11E1-8270-B8AC6F996F26} 2012-08-11 01:48:32 -------- d--h--w- C:\ProgramData\0C1CFB130008C96702A766874F147CE7 2012-08-10 17:22:38 -------- d--h--w- C:\Users\John\AppData\Local\{4D0F8AED-EFB6-4CFE-9094-A9849BB880BD} 2012-08-10 17:22:27 -------- d--h--w- C:\Users\John\AppData\Local\{310D3E3D-D6F5-4A33-B6D4-CFB6125E9899} 2012-08-10 01:30:38 -------- d--h--w- C:\Users\John\AppData\Local\{BDA73459-00FF-4671-B91E-4F577F6C3A4D} 2012-08-10 01:30:26 -------- d--h--w- C:\Users\John\AppData\Local\{94C72498-BD07-4DFB-821C-A05304BB189F} 2012-08-09 13:16:20 -------- d--h--w- C:\Users\John\AppData\Local\{47C8A171-1CCE-4A64-936C-63295C5E76B2} 2012-08-09 13:16:09 -------- d--h--w- C:\Users\John\AppData\Local\{978C3A83-038F-404C-A35C-3814958B9B18} 2012-08-08 13:11:16 -------- d--h--w- C:\Users\John\AppData\Local\{3604AC68-4AC6-42D6-B3DB-647C574990CE} 2012-08-08 13:11:03 -------- d--h--w- C:\Users\John\AppData\Local\{41C32D44-7671-41CB-ADCE-1758C259B177} 2012-08-07 14:37:46 -------- d--h--w- C:\Users\John\AppData\Local\{6BDBDF2C-F6D9-4A91-B6AB-671AF7B11597} 2012-08-07 14:37:35 -------- d--h--w- C:\Users\John\AppData\Local\{F4A65B5F-E922-4359-B12D-D413406F61B4} 2012-08-07 02:16:06 -------- d--h--w- C:\Users\John\AppData\Local\{A0B0762F-69FB-4E5A-993D-BC1BFB61A602} 2012-08-07 02:15:55 -------- d--h--w- C:\Users\John\AppData\Local\{970ABA11-F71C-439E-BE8F-1E9BCB0166A4} . ==================== Find3M ==================== . 2012-08-12 04:21:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-08-12 04:21:03 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-08-04 15:34:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-04 15:34:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-08 23:29:30 10063024 ----a-w- C:\mbam-setup.exe 2012-07-08 23:24:48 457632 ----a-w- C:\FixExec.exe 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 10:17:00.08 =============== DDS.txt Attach.txt
  17. Hi, I ran a MalwareBytes scan and it came back with a threat which I removed, now whenever my computer starts I get an error message saying that a dll cannot be found. I'm attaching screenshots of the MB quarantine log and error message that pops up when my computer starts. I don't know if running a scan would do anything as the threat has already been quarantined, do you want me to restore it and then run a scan to try and detect it again? The file in question is C:\Users\John\AppData\Roaming\apcnap.dll Thanks a bunch, J
  18. Sorry for replying to my own thread again but I'm just trying to update what the problems are. I installed and ran Superantispyware and it looked to have gotten rid of the LSP problem but when I tried to update and run Microsoft Security Essentials it said it wasn't installed. I then tried to install it by going to the MSE website but it said it was installed so I uninstalled MSE and went to the MSE website to re-install it and it installed. Then when MSE updated and ran I got the following error message- "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now." The first time I ever got that message was after running the registry file in the guide linked to above and was trying to run Rkill as the next step. It would constantly restart and Rkill would never finish. Then after restarting MSE gave a warning that I had a critical trojan that could receive instructions from an attacker. I deleted the files and was thinking about running system restore to try and repair whatever is causing the 'critical problem' messages but now they keep on happening, even in safe mode so I'm going to wait and see if anyone is able to help. Thanks again.
  19. Sorry again if I'm screwing things up by adding (a shitload of) replies to my own post but I read another post where the person replying asked for a Malwarebytes log so I'm adding one to this thread as well to save time if it would be needed in my case as well. Thanks again. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.09 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7600.16385 John :: JOHN-PC [administrator] 8/10/2012 11:57:27 PM mbam-log-2012-08-11 (00-01-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193675 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{fcc0c071-915d-ad9d-bb1d-4c676108313d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. C:\Windows\Installer\{fcc0c071-915d-ad9d-bb1d-4c676108313d}\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{fcc0c071-915d-ad9d-bb1d-4c676108313d}\U\80000032.@ (Rootkit.0Access) -> No action taken. (end)
  20. Sorry for adding replies to my own thread, I was late in reading the 'What do I do now?' sticky. Also, the sticky didn't say whether it mattered if the DDS was run in safe mode or not and my computer is already in safe mode so I ran it in safe mode. I have run CCleaner after the initial Mb scan didn't fix the LSP infection and I've also run the registryfix.reg file when following the guide linked to in my first post, just in case those matter when reading the DDS logs. Thanks a bunch again for any help. Attach.zip DDS.txt
  21. Oh jeez, I missed the 'I'm infected- What do I do now' sticky. I'll go ahead and do that, sorry if it means I'm going to double post.
  22. Hi, I just got infected with Live Security Platinum and was hoping to ask for some help. I was infected with LSP a while back and was able to follow the guides to get rid of it but this one keeps coming back. My question is should I try and ask for HijackThis help or should I wait to see if Malwarebytes (Mb) updates their definitions or whatever to get rid of it? The reason I'm asking is because I've ran a fully updated Mb on safe mode and LSP keeps coming back and from what I can see there appears to be a new version out so I don't know if Mb has updated their definitions yet. I also tried to run Rkill and then Mb as stated in the following guide - http://malwaretips.com/blogs/live-security-platinum-virus/ but my computer shuts down during the process of running Rkill in safe mode and then when it starts back up LSP is right back in the mix. Any help and/or suggestions? Thanks a bunch.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.