Sean_M84
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Sean_M84
-
-
I had reinstalled AdwCleaner so the log is going to be named R1 again.
-
-
I haven't used the Internet Browser since the fixes, I'm going to use our other PC for surfing until I can find a antivirus program that is compatible with the paid version of Malwarebytes AntiMalware. The system seems fine and I haven't experienced any blue screens at all.
Thanks again for all your help, it is greatly appreciated.
-
Sorry for the delay.
-
Ok, I'll have to run Combofix tomorrow morning unfortunately since I won't have 30-45 mins to leave my register locked. I'm extremetly grateful for your help thus far.
-
I did do a quick scan and MBAM did find the svchost.exe trojan again. But no longer am I prompted upon restarting to Quarantine that item.
-
Upon finishing the scan with TDSSKiller, there were no threats detected. I made sure Malwarebytes AntiMalware wasn't active in the background. Upon restarting, MBAM didn't detect the SVChost.exe trojan.
-
-
RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ryans Comics Vaio [Admin rights]
Mode : Scan -- Date : 11/02/2012 11:08:16
¤¤¤ Bad processes : 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Run : dinrt ("C:\Windows\System32\rundll32.exe" "C:\Users\Ryans Comics Vaio\AppData\Roaming\dinrt.dll",NewException) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 700fecc1cccaff4e4552432ff261bd8e
[bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] ca562baced8ede3066907aa5a28a378e
[bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] ca562baced8ede3066907aa5a28a378e
[bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
My Sony Vaio PC that I use as a cash register for the business that I work for as contracted a virus via Google Toolbar and I've hence deleted anything Google related and tried my best to remove the Trojan, but it doesn't go away. It shows up everytime I scan with Malwarebytes AntiMalware scanner. It shows up as "svchost.exe." is infected and quarantined everytime I start up the PC.
Thank you for help and time. We open the store soon, but I'll try to work some fixes inbetween customers.
svchost.exe Trojan Detected/Quarantined
in Resolved Malware Removal Logs
Posted
My boss was fairly adamant that Microsoft Security Essentials was being mimicked by the virus. So he wanted me to ask if there is an alternative to use for now until he's sure of MSE being safe. We had it prior and it failed to recognize the virus or trojans. The little window would pop up in the corner informing us that the computer needed cleaning.