BlancheC
-
Posts
9 -
Joined
-
Last visited
-
Virus removed, but still need help
BlancheC replied to BlancheC's topic in Resolved Malware Removal Logs
Well, that's not happy news!! I didn't think it would be that bad, and that's odd because I never download anything, so how I got one of those is beyond me Let's clean the computer, but I'm doing all that you suggested anyway - I'll have to call everyone tomorrow to change my passwords and alert them about what's been going on. Can you tell me what is approximately the time it would take for the hackers to get to my information? Meaning, given that they usually gather information for many computers, how do they know when they got mine and how soon might they try accessing my info? I just wiped out all the passwords on this computer and won't be using it past today, but I don't know if I'd notice when they're accessing it... -
Virus removed, but still need help
BlancheC replied to BlancheC's topic in Resolved Malware Removal Logs
Thanks, Maniac - the aswMBR downloads just fine, but when I double-click it nothing happens. I've tried several times, rebooted a few times and re-downloaded t but still the same, nothing happens upon double-clicking it. So, I'm including the MBAM log but I don't know if you want me to re-run DDS without having run aswMBR. Please let me know what you need me to do. ++++++++++++++++++++++++++++++++++++++++ Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.05.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 PetiteMaman :: PETITEMAMAN [administrator] 11/4/2012 8:23:17 PM mbam-log-2012-11-04 (20-23-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194317 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$7a0daef9b8b6cb036950af24afb4d8e1\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-561347676-892244705-3722214740-1000\$7a0daef9b8b6cb036950af24afb4d8e1\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\$Recycle.Bin\S-1-5-18\$7a0daef9b8b6cb036950af24afb4d8e1\n (Trojan.Ransom) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-561347676-892244705-3722214740-1000\$7a0daef9b8b6cb036950af24afb4d8e1\n (Trojan.Ransom) -> Delete on reboot. C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot. (end) -
Virus removed, but still need help
BlancheC replied to BlancheC's topic in Resolved Malware Removal Logs
NOTE please that Kaspersky is no longer in my computer, I have already uninstalled it, so I'm not sure why all those entries with its name are coming up... -
Virus removed, but still need help
BlancheC replied to BlancheC's topic in Resolved Malware Removal Logs
Thanks, Maniac... here is the pasted text: +++++++++++++++++++++ DDS +++++++++++++++++++++ DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24 Run by PetiteMaman at 10:49:26 on 2012-11-03 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.1542 [GMT -7:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\RtkAudioService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Fitbit\fitbit.exe c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Sony\VAIO Care\collsvc.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Fitbit\fitbit-tray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\System32\mobsync.exe C:\Users\PetiteMaman\AppData\Roaming\mjusbsp\magicJack.exe C:\Windows\Explorer.EXE C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://facebook.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR uURLSearchHooks: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [cdloader] "c:\users\petitemaman\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1 mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe" mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe" mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: mswsock.dll DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: NameServer = 192.168.0.1 192.168.0.1 TCP: Interfaces\{244EED3D-6D0B-4CB7-963D-3D0D75B6186F} : DHCPNameServer = 192.168.0.1 192.168.0.1 TCP: Interfaces\{D10402C1-9CDE-4582-A6B7-6C0D33B0E7BC} : DHCPNameServer = 192.168.5.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\petitemaman\appdata\roaming\mozilla\firefox\profiles\jsxvaje4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://facebook.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc183c01e-0e23-4225-9a62-521496760e1d%7D&mid=9d3711a6fe1e47d0808cd154fc4d28c3-beb4591de9725bd388433d865b2a6bf2a2b19a58&ds=ft011&v=11.1.0.12〈=en&pr=sa&d=2012-07-07%2000%3A15%3A49&sap=ku&q= FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff10\abhelperxpcom10.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff11\abhelperxpcom11.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff12\abhelperxpcom12.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff4\abhelperxpcom4.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff5\abhelperxpcom5.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff6\abhelperxpcom6.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff7\abhelperxpcom7.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff8\abhelperxpcom8.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\kavantibanner@kaspersky.ru\components\ff9\abhelperxpcom9.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff10\kavlinkfilter10.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff11\kavlinkfilter11.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff12\kavlinkfilter12.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff4\kavlinkfilter4.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff5\kavlinkfilter5.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff6\kavlinkfilter6.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff7\kavlinkfilter7.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff8\kavlinkfilter8.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\ff9\kavlinkfilter9.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff10\ffvkplugin10.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff11\ffvkplugin11.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff12\ffvkplugin12.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff4\ffvkplugin4.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff5\ffvkplugin5.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff6\ffvkplugin6.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff7\ffvkplugin7.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff8\ffvkplugin8.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff9\ffvkplugin9.dll FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2012-5-24 788000] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-2 399432] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-29 104992] R2 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2011-2-16 122880] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-2-16 104960] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-29 415584] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-2-16 17920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-2 22856] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-29 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-2 676936] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-16 129976] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-5-24 21992] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2011-2-16 103712] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2011-2-16 353568] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2011-2-16 62752] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-2-16 337184] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-2-16 83232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2012-11-03 01:17:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-03 01:17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-03 01:16:51 10669952 ----a-w- c:\users\petitemaman\appdata\roaming\microsoft\windows\start menu\programs\virus\malwarebytes' anti-malware\mbam-setup-1.65.1.1000.exe 2012-10-24 06:28:49 -------- d-----w- c:\users\petitemaman\appdata\local\Apple Computer . ==================== Find3M ==================== . 2012-10-06 05:15:50 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-06 05:15:50 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6001 Disk: ST925031 rev.0001 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll 1 ntkrnlpa!IofCallDriver[0x82AC920F] -> \Device\Harddisk0\DR0[0x86A718B0] 3 CLASSPNP[0x8ADA5745] -> ntkrnlpa!IofCallDriver[0x82AC920F] -> [0x85695700] error: Read The request could not be performed because of an I/O device error. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! . ============= FINISH: 10:52:13.96 =============== +++++++++++++++++++++ ATTACH +++++++++++++++++++++ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/16/2011 8:53:06 PM System Uptime: 11/2/2012 9:00:18 PM (13 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | N/A | 2166/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 158.832 GiB free. D: is Removable E: is Removable F: is CDROM () H: is CDROM () I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP670: 10/25/2012 8:52:13 AM - Scheduled Checkpoint RP671: 10/25/2012 2:00:05 PM - Windows Update RP672: 10/26/2012 2:00:25 PM - Windows Update RP673: 10/27/2012 2:00:05 PM - Windows Update RP674: 10/28/2012 1:48:36 AM - Windows Update RP675: 10/28/2012 1:58:50 PM - Windows Update RP676: 10/29/2012 1:59:38 PM - Windows Update RP677: 10/30/2012 2:01:08 PM - Windows Update RP678: 10/31/2012 2:00:12 PM - Windows Update RP679: 11/2/2012 10:36:01 PM - Scheduled Checkpoint RP680: 11/3/2012 10:18:53 AM - VAIO Care Automatic Restore Point . ==== Installed Programs ====================== . Acrobat.com Ad-Aware SE Personal Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Apple Application Support Apple Software Update ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 2 Brother MFL-Pro Suite MFC-290C CamStudio Click to Disc Click to Disc Editor Compatibility Pack for the 2007 Office system Cucusoft YouTube Mate 8.15 doPDF 7.2 printer Fitbit Base Station (Driver Removal) Fitbit v2.1.0 HDAUDIO SoftV92 Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 24 Java SE Runtime Environment 6 magicJack Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Music Transfer OpenMG Secure Module 5.1.00 Opera 11.01 Primo Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Setting Utility Series Skype™ 5.10 Sony Picture Utility Sony Video Shared Library Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy 1.2 SupportSoft Assisted Service Synaptics Pointing Device Driver Trojan Remover 6.1.9 TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 wcaiper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VAIO Care VAIO Content Folder Setting VAIO Content Folder Watcher VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Setting VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Entertainment Platform VAIO Event Service VAIO Help and Support VAIO Launcher VAIO Media plus VAIO Media plus Opening Movie VAIO Movie Story VAIO Movie Story Template Data VAIO MusicBox VAIO MusicBox Sample Music VAIO My Memory Center VAIO OOBE and Welcome Center VAIO Original Function Setting VAIO Power Management VAIO Presentation Support VAIO Startup Assistant VAIO Survey VAIO Update 4 VAIO Wallpaper Contents VAIO Wireless Wizard VLC media player 1.1.7 WinDVD for VAIO WinRAR 4.10 (32-bit) WinZip 14.0 . ==== Event Viewer Messages From Past Week ======== . 11/2/2012 9:02:19 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/2/2012 9:01:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126 11/2/2012 2:55:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030} 11/2/2012 10:27:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/1/2012 9:25:44 PM, Error: Microsoft Antimalware [2001] - 11/1/2012 9:25:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/1/2012 9:13:51 PM, Error: EventLog [6008] - The previous system shutdown at 11:22:29 AM on 11/1/2012 was unexpected. 11/1/2012 11:06:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 11/1/2012 11:05:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/1/2012 11:01:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall MpFilter spldr Wanarpv6 11/1/2012 11:01:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/1/2012 11:00:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 11/1/2012 11:00:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/1/2012 11:00:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/1/2012 11:00:35 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21 10/29/2012 6:48:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 75.51.79.57 for the Network Card with network address 001DBAA9C130 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 10/29/2012 3:52:11 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 75.51.68.242 for the Network Card with network address 001DBAA9C130 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 10/27/2012 11:36:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service. 10/27/2012 11:26:31 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001DBAA9C130 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 10/27/2012 11:23:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 75.51.64.70 for the Network Card with network address 001DBAA9C130 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== -
File Restore virus - need xtra help
BlancheC replied to BlancheC's topic in Malwarebytes for Windows Support Forum
At any rate, I've followed your instsructions, thanks. You know, it's been a rather frustrating day (the entire day) of dealing with a virus for the first time, and fearing for my computer, so when I find something that gave me some hope and I get someone to tell me I'm wrong to try it, I'm sure you understand how that can be the proverbial icing on the cake. Written communication lacks entonation, so I'm sorry if I misread you but it's nearly impossible to read what's not there, I just had your words telling me I messed up. -
File Restore virus - need xtra help
BlancheC replied to BlancheC's topic in Malwarebytes for Windows Support Forum
I felt your first sentence was a bit condescending...like you were rebuking me for following steps one of your guys had outlined and which did solve my problem. It made me feel like you were rubbing it in that you know more than I do and it's not a comfortable feeling. -
Okay, per prior instructions, I'm posting this in here (I unknowingly posted it in the wrong section because I could not see a link to this one). Te below is what I'd originally posted; as I specify there, the virus is gone but I still have some minor problems (and yes, the infection was the same exact one, which is why I followed the instructions I found in the thread I'd referenced originally). So, please let me know if you're going to need the OTL reports or not. Thanks in advance for your help. +++++++++++++++++++++++ Hello! I'm going to reference this thread because it's practically already done everything for me: http://forums.malwar...showtopic=83625 So, I'm virus-free now, thanks to your software, and can see my desktop icons BUT I still can't see many of the programs that were hidden. I have performed this additional step in my DOS window: c:> attrib -h /s /d which gets me a lot of "Not resetting [filename]" and "Access denied" lines, but I don't know whether or not that's normal. My folder options are already set to view hidden files, inclusing system ones. What I can't see, for example, are some items under START>ACCESSORIES, like PAINT, CALCULATOR and shortcuts of those and other programs that I'd added to the top of my start menu and my desktop. I have run OTL per Spy Sentinel's instructions in the above-referenced thread, but I assume that the section I need to paste when running the fix is different, since my computer is not the same; can you please tell me what the pasting section would be? I'll post the specs from running OTL as soon as it's done - thanks in advance!!!
-
File Restore virus - need xtra help
BlancheC replied to BlancheC's topic in Malwarebytes for Windows Support Forum
Well, that's a little harsh for someone who's new around here - I'll post in the other link anyway - which I couldn't see because my browser, in safe mode, is HUGE and I can't display the whole page, so I did *the best I could* with what I had. I followed those instructions because my infection was exactly the same one, and I wanted to save you guys the extra steps - sorry for being considered! Sigh. -
Hello! I'm going to reference this thread because it's practically already done everything for me: http://forums.malwarebytes.org/index.php?showtopic=83625 So, I'm virus-free now, thanks to your software, and can see my desktop icons BUT I still can't see many of the programs that were hidden. I have performed this additional step in my DOS window: c:> attrib -h /s /d which gets me a lot of "Not resetting [filename]" and "Access denied" lines, but I don't know whether or not that's normal. My folder options are already set to view hidden files, inclusing system ones. What I can't see, for example, are some items under START>ACCESSORIES, like PAINT, CALCULATOR and shortcuts of those and other programs that I'd added to the top of my start menu and my desktop. I have run OTL per Spy Sentinel's instructions in the above-referenced thread, but I assume that the section I need to paste when running the fix is different, since my computer is not the same; can you please tell me what the pasting section would be? I'll post the specs from running OTL as soon as it's done - thanks in advance!!! ----------------------------