Jump to content

bcurtis65nj

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by bcurtis65nj

  1. bcurtis65nj
    attached are the FRST logs. thanks in advace for the help. Addition.txt FRST.txt
  2. bcurtis65nj
    yes, still need help. I was away all weekend, will get to this in the AM. thanks.
  3. bcurtis65nj
    here you go: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by Administrator (administrator) on NJTMPDDT047 on 08-11-2013 17:03:23 Running from C:\Users\Administrator\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136512 2009-01-16] (McAfee, Inc.) HKLM\...\Run: [shStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe [124224 2010-08-25] (McAfee, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) MountPoints2: {58a0b9e2-a765-11e2-bac6-001aa0331aa4} - F:\LaunchU3.exe -a HKU\cdomahid\...\Policies\system: [DisableRegistryTools] 2 HKU\dcollins\...\Run: [GoToMeeting] - C:\Users\dcollins\AppData\Local\Citrix\GoToMeeting\1132\g2mstart.exe [ 2013-03-21] (Citrix Online, a division of Citrix Systems, Inc.) HKU\dcollins\...\Run: [XnlY1NVWa.exe] - C:\Users\dcollins\AppData\Local\Nxrzwh3By5\XnlY1NVWa.exe [ 2013-11-08] (Microsoft Corporation) HKU\dcollins\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\dcollins\...\Command Processor: "C:\Users\dcollins\AppData\Local\Nxrzwh3By5\XnlY1NVWa.exe" <===== ATTENTION! Startup: C:\Users\dcollins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Interaction Client.lnk ShortcutTarget: Interaction Client.lnk -> C:\Program Files\Interactive Intelligence\ICUserApps\InteractionClient.exe (Interactive Intelligence, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D3E06E6B3DCCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://jacada.webex.com/client/WBXclient-T28L10NSP8EP1-15699/event/ieatgpc1.cab Tcpip\Parameters: [DhcpNameServer] 10.17.24.20 10.17.24.4 10.17.24.36 ========================== Services (Whitelisted) ================= S2 ININ Tracing; C:\Program Files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [36352 2012-08-24] (Interactive Intelligence, Inc.) S2 Interactive Update Client; C:\Program Files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [388264 2010-11-09] (Interactive Intelligence, Inc.) S2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [22816 2010-08-25] (McAfee, Inc.) S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.) S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [147984 2010-08-25] (McAfee, Inc.) S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-08-25] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [69192 2010-08-25] (McAfee, Inc.) S2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.) S2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2016504 2011-05-18] (UltraVNC) ==================== Drivers (Whitelisted) ==================== S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [76024 2010-08-25] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91896 2010-08-25] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43192 2010-08-25] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [344712 2010-08-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [66536 2010-08-25] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [64208 2010-08-25] (McAfee, Inc.) S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-08 17:03 - 2013-11-08 17:03 - 00000000 ____D C:\FRST 2013-11-08 17:03 - 2013-11-08 17:00 - 01089445 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2013-11-08 14:32 - 2013-11-08 14:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe 2013-11-08 14:32 - 2013-11-08 14:32 - 00005858 _____ C:\Users\Administrator\Downloads\hijackthis.log 2013-11-08 14:32 - 2013-11-08 14:32 - 00005858 _____ C:\Users\Administrator\Desktop\hijackthis.log 2013-11-08 13:55 - 2013-11-08 13:55 - 00001063 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-08 13:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\KBW3HQKJLD 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\Users\dcollins\AppData\Local\ACZqHB7poi 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\ProgramData\ntN9v4aPVVt 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\BGGL6jWIdD 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\Users\dcollins\AppData\Local\z0EVe60la0 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\ProgramData\hm5LUHBahL 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\QbiJfO82 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\Users\dcollins\AppData\Local\iNXChPq3d 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\ProgramData\ewRQE8JscJ 2013-11-08 13:29 - 2013-11-08 13:33 - 00000000 ____D C:\Users\dcollins\AppData\Local\Nxrzwh3By5 2013-11-06 16:17 - 2013-11-06 16:17 - 00103364 _____ C:\Users\dcollins\Desktop\Remote Chat Application Mock Up 10 30 13.pptx 2013-11-05 17:57 - 2013-11-05 17:57 - 00026624 _____ C:\Users\dcollins\Desktop\FS Inquiries vs Hours.xls 2013-11-05 11:25 - 2013-11-05 18:30 - 00113437 _____ C:\Users\dcollins\Desktop\TRACFONE.cap 2013-10-24 12:33 - 2013-10-24 12:33 - 00288549 _____ C:\Users\dcollins\Desktop\Olsen Race Picture.pptx 2013-10-17 12:22 - 2013-10-17 12:50 - 00011840 ____N C:\Users\dcollins\Desktop\Updated Review report for Dan 2013.xlsx ==================== One Month Modified Files and Folders ======= 2013-11-08 17:03 - 2013-11-08 17:03 - 00000000 ____D C:\FRST 2013-11-08 17:00 - 2013-11-08 17:03 - 01089445 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2013-11-08 14:32 - 2013-11-08 14:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe 2013-11-08 14:32 - 2013-11-08 14:32 - 00005858 _____ C:\Users\Administrator\Downloads\hijackthis.log 2013-11-08 14:32 - 2013-11-08 14:32 - 00005858 _____ C:\Users\Administrator\Desktop\hijackthis.log 2013-11-08 13:59 - 2010-11-20 16:01 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-08 13:55 - 2013-11-08 13:55 - 00001063 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-08 13:55 - 2013-11-08 13:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-08 13:53 - 2012-07-05 09:08 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl 2013-11-08 13:52 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-08 13:52 - 2009-07-13 23:39 - 00044735 _____ C:\Windows\setupact.log 2013-11-08 13:43 - 2009-07-13 23:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-08 13:43 - 2009-07-13 23:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\KBW3HQKJLD 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\Users\dcollins\AppData\Local\ACZqHB7poi 2013-11-08 13:36 - 2013-11-08 13:36 - 00299520 _____ C:\ProgramData\ntN9v4aPVVt 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\BGGL6jWIdD 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\Users\dcollins\AppData\Local\z0EVe60la0 2013-11-08 13:34 - 2013-11-08 13:34 - 00299520 _____ C:\ProgramData\hm5LUHBahL 2013-11-08 13:33 - 2013-11-08 13:29 - 00000000 ____D C:\Users\dcollins\AppData\Local\Nxrzwh3By5 2013-11-08 13:31 - 2012-07-03 12:02 - 01485501 _____ C:\Windows\WindowsUpdate.log 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\Users\dcollins\AppData\Roaming\QbiJfO82 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\Users\dcollins\AppData\Local\iNXChPq3d 2013-11-08 13:30 - 2013-11-08 13:30 - 00299520 _____ C:\ProgramData\ewRQE8JscJ 2013-11-08 09:22 - 2012-07-06 09:53 - 00046785 _____ C:\Windows\MKDEMSG.LOG 2013-11-08 09:22 - 2012-07-06 09:53 - 00001024 _____ C:\Windows\MKDEWE.TRN 2013-11-06 16:17 - 2013-11-06 16:17 - 00103364 _____ C:\Users\dcollins\Desktop\Remote Chat Application Mock Up 10 30 13.pptx 2013-11-05 18:30 - 2013-11-05 11:25 - 00113437 _____ C:\Users\dcollins\Desktop\TRACFONE.cap 2013-11-05 17:57 - 2013-11-05 17:57 - 00026624 _____ C:\Users\dcollins\Desktop\FS Inquiries vs Hours.xls 2013-10-24 12:33 - 2013-10-24 12:33 - 00288549 _____ C:\Users\dcollins\Desktop\Olsen Race Picture.pptx 2013-10-17 12:50 - 2013-10-17 12:22 - 00011840 ____N C:\Users\dcollins\Desktop\Updated Review report for Dan 2013.xlsx 2013-10-14 14:33 - 2013-10-03 16:41 - 00010832 ____N C:\Users\dcollins\Desktop\Queue Server Problem Tracking.xlsx Files to move or delete: ==================== C:\Users\dcollins\AppData\Local\Nxrzwh3By5\XnlY1NVWa.exe Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\ose00000.exe C:\Users\dcollins\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\dcollins\AppData\Local\Temp\~tmf919980727443332709.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 09:58 ==================== End Of Log ============================ Addition.txt
  4. bcurtis65nj
    Malwarebytes found nothing when run under Administrator but under the user account it is all locked up, clock ticking down and demanding $300 be wired to some scum. Here is the log, thanks in advance. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 2:32:15 PM, on 11/8/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Administrator\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://jacada.webex.com/client/WBXclient-T28L10NSP8EP1-15699/event/ieatgpc1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmpdirect.ad O17 - HKLM\Software\..\Telephony: DomainName = tmpdirect.ad O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tmpdirect.ad O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tmpdirect.ad O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: ININ Tracing Initialization (ININ Tracing) - Interactive Intelligence, Inc. - C:\Program Files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe O23 - Service: Interactive Update Client - Interactive Intelligence, Inc. - C:\Program Files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 5857 bytes hijackthis.log
  5. bcurtis65nj
    Here you go: c:\users\bcurtis\AppData\Roaming\iasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll - https://www.virustotal.com/file/64e4c8ef5f25222f27529c2ce8ba13225488bec7db1c88f6ee469342e64ac214/analysis/1357704864/ c:\users\bcurtis\g2ax_expert_downloadhelper_win32_x86.exe - https://www.virustotal.com/file/4aaf34bf828fa10804bd3ee0a1fbc581e5508d6f8599abdf70c51ad57055b89e/analysis/1357705021/ c:\users\bcurtis\g2mdlhlpx.exe - https://www.virustotal.com/file/407168a8d891526b37bc66c2f7fa97df91fa11dd0810bb274c89ff9d66105423/analysis/ c:\users\bcurtis\GoToAssistDownloadHelper.exe - https://www.virustotal.com/file/2701804c1a4b5b536c3f1eecade14d692850a57b96d62e3188cafd19925c1294/analysis/1357705124/ c:\windows\SysWow64\instsrv.exe - https://www.virustotal.com/file/f7b0a444b590eb8a6b46cedf544bcb3117c85cab02b599b45d61b8a590095c9c/analysis/
  6. bcurtis65nj
    No, they are back due to the fact that I went to a restore point prior to running combo fix. at least one looks like a legit file for my Citrix Go To Assist s/w but it may be masquerading as such.
  7. bcurtis65nj
    No, they are back due to the fact that I went to a restore point prior to running combo fix. at least one looks like a legit file for my Citrix Go To Assist s/w but it may be masquerading as such.
  8. bcurtis65nj
    mbar found the same item it did last time, see log post from earlier tonight. Since I had to restore to the restore point it created prior to the original scan it needed to be re-run, see attached. As I did prior the oldest of these two mb logs is the one where it found something, the second should show the restults of the 2nd scan, nothing. mbar-log-2013-01-08 (22-22-41).txt mbar-log-2013-01-08 (22-38-12).txt system-log.txt
  9. bcurtis65nj
    !!!!!! ComboFix hosed my machine - after it re-booted I could not login with any user or password getting "Request Not Supported" Could login in safe mode though. This is a Dell Precision with a fingerprint reader running win 7 pro in an active directory domain, although I am at home now. Read on answers.microsoft.com this can occur and no fix was available. I had to restore to restore point created with MB rootkit. Combo fix restore point was not there. Re-running MB anti-rootkit now. Please advise. fyi - combo fix did complete and when I got into safe mode it created the log file, attached. log.txt
  10. bcurtis65nj
    attached are the logs, still having google re-direct issues. I included the mbar-log from the initial run where it did find malware and the one where it did not. nasty bugger this one is... mbar-log-2013-01-08 (20-38-52).txt mbar-log-2013-01-08 (21-07-02).txt system-log.txt
  11. bcurtis65nj
    here you go, thanks. RKreport1_S_01082013_02d2001.txt
  12. bcurtis65nj
    This one is just nasty. Any help would be greatly appreciated. Thanks in advance. See attached. Attach.txt DDS.txt
  13. bcurtis65nj
    had to restore to combofix restore point. Please advise, re-scan using Combofix?
  14. bcurtis65nj
    HELP! ComboFix ran, re-booted now I cannot login - "the request is not supported" windows 7 Pro. Tried local admin as well, same error. Locked out and bumming....
  15. bcurtis65nj
    Here you go. I did not "fix" the infected file, see attached. aswMBR.txt
  16. bcurtis65nj
    not all the time but 25% of the time getting re-direct on google, see attached. thanks in advance. DDS.txt Attach.txt
  17. bcurtis65nj
    not every time but random re-directs from google. See attached and thanks in advance! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.