Jump to content

randomid

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by randomid

  1. randomid
    Thank you for all your help here. No, I do not appear to be having any other problems that relate to the issue that started this thread. What other steps would you recommend to keep malware off of my pc in the future? I have McAffee Security, and it runs a virus scan every week.
  2. randomid
    I ran the "AVPTool' and it completed. It did not find any threats. It stopped responding while I was attempting to copy the log to post here.
  3. randomid
    I rebooted into Safe Mode, and went to the link for ESET online scanner, and same result as before. It did NOT get to the "allow ActiveX control to install" step. It stopped after I clicked "Start" in the window at this site. The pc is running Windows Vista, if that makes a difference. Any other scan methods to try? Thanks.
  4. randomid
    I attempted to follow the instructions in the previous post, but I was not able to complete the steps and post a log. I started Internet Explorer, and followed the instructions, but it did NOT get to the "allow ActiveX control to install" step. It stopped after I clicked "Start" in the window at this site. Any more suggestions?
  5. randomid
    I attempted to follow the instructions in the previous post, but I was not able to complete the steps and post a log. I started Internet Explorer, and followed the instructions, but it did get to the "allow ActiveX control to install" step. It stopped after I clicked "Start" in the window at this site. Any more suggestions?
  6. randomid
    Yes, everything appears to be fine, and back to normal. Thank you for your help. I scanned multiple times with Malwarebytes Anti-Malware, and the reports are all clear: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.18.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Steve :: HP-DV2815NR [administrator] Protection: Enabled 11/18/2012 11:14:07 PM mbam-log-2012-11-18 (23-14-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254494 Time elapsed: 13 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Is there anything else I need to check/scan?
  7. randomid
    Before I read your last reply/post, I tried a System Restore point, because I figured I had nothing to lose at that point. It restored back Normal Mode, and Wi-fi/internet is back! I re-installed MalwareBytes in Normal mode, and ran updates. I ran MalwareBytes and here is the log from the first run: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.17.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Steve :: HP-DV2815NR [administrator] 11/17/2012 7:06:59 AM mbam-log-2012-11-17 (07-06-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259838 Time elapsed: 41 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32 (Trojan.Agent) -> Data: C:\Users\Steve\userinit.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Agent) -> Data: C:\Users\Steve\AppData\Roaming\Microsoft\svchost.exe -> Quarantined and deleted successfully. HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\users\steve\appdata\local\temp\msimg32.dll (Trojan.Ransom) -> Quarantined and deleted successfully. (end) Restarted per instructions to clear threats and here is the result from the second run: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.17.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Steve :: HP-DV2815NR [administrator] 11/17/2012 7:57:49 AM mbam-log-2012-11-17 (07-57-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259585 Time elapsed: 37 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) So do I need to do anything else, or am I all clear now?
  8. randomid
    I attempted to run the mbar.exe from Normal mode as the instructions indicated. I could not because it was "not an installed service." I ran it in Safe Mode, and it did not find anything and returned the message "No cleanup is required." Normal mode now hangs after a re-start. I still cannot access the internet/wi-fi from that PC. Any suggestions on a next step?
  9. randomid
    Here the results from running farbar FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-11-2012 Ran by SYSTEM at 2012-11-16 17:07:11 Run:1 Running from F:\ ============================================== C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 moved successfully. C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} moved successfully. C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888 moved successfully. ==== End of Fixlog ====
  10. randomid
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012 Ran by SYSTEM at 15-11-2012 17:13:00 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [NvSvc] VSVCSTART [x] HKLM\...\Run: [NvCplDaemon] VSTARTUP [x] HKLM\...\Run: [NvMediaCenter] IT [x] HKLM\...\Run: [Apoint] T.EXE [x] HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.) HKLM\...\Run: [QlbCtrl] S\QLBCTRL.EXE /START [x] HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [uCam_Menu] K\YOUCAM\1.0" [x] HKLM\...\Run: [hpqSRMon] [x] HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x] HKLM\...\Run: [hpWirelessAssistant] .EXE [x] HKLM\...\Run: [WAWifiMessage] T\WIFIMSG.EXE [x] HKLM\...\Run: [symantec PIF AlertEng] G.DLL" [x] HKLM\...\Run: [ALUAlert] OTIFY.EXE [x] HKLM\...\Run: [HotSync] C.EXE" -ALLUSERS [x] HKLM\...\Run: [blspcloader] ET TOOLS\BLSLOADER.EXE [x] HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.) HKLM\...\Run: [mcui_exe] KEY [x] HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard) HKLM\...\Run: [] [x] HKLM\...\Run: [APSDaemon] .EXE" [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x] HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x] HKLM\...\Run: [iTunesHelper] ESHELPER.EXE" [x] HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Margie\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Mcx1\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation) HKU\Steve\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Steve\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Steve\...\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [x] HKU\Steve\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.) HKU\Steve\...\Run: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-22] (Google Inc.) HKU\Steve\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Steve\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [16052192 2012-10-25] (Google) HKU\Steve\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation) HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1081416 2012-01-13] (Malwarebytes Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 AppInit_DLLs: PGPmapih.dll Lsa: [Notification Packages] scecli PGPpwflt Startup: C:\Users\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk ShortcutTarget: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{A3CCAB46-A06E-4F47-96FC-886733BE9708}\Icon6560581611.exe () Startup: C:\Users\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies) Startup: C:\Users\Steve\Start Menu\Programs\Startup\PowerReg Scheduler.exe () ==================== Services (Whitelisted) =================== 3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) 2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95200 2012-01-13] (McAfee, Inc.) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [362008 2012-08-23] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.) 2 PGPserv; C:\Windows\system32\PGPserv.exe [103992 2008-05-21] (PGP Corporation) 2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] () 2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] () 2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] () 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation) 3 WLSetupSvc; "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" [266240 2007-10-25] (Microsoft Corporation) 2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x] 2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [x] 2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] ==================== Drivers (Whitelisted) ==================== 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.) 3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.) 3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.) 3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.) 3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.) 1 eabfiltr; [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 mfeavfk01; [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-15 17:12 - 2012-11-15 17:12 - 00000000 ____D C:\FRST 2012-11-15 03:46 - 2012-11-15 03:46 - 00000000 ____D C:\Windows\ERDNT 2012-11-15 03:44 - 2012-11-15 03:46 - 00000000 ____D C:\Qoobox 2012-11-15 03:44 - 2012-11-15 03:45 - 00000000 ___SD C:\32788R22FWJFW 2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-15 03:41 - 2011-12-10 13:24 - 00020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-11-14 16:33 - 2012-11-15 03:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-11-03 13:48 - 2012-11-03 13:53 - 00000094 ____A C:\Users\Steve\Desktop\Money.txt.txt 2012-10-22 17:30 - 2012-08-21 10:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Program Files\iTunes 2012-10-22 17:25 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iPod 2012-10-20 06:52 - 2012-10-20 06:53 - 09536008 ____A ( ) C:\Users\Steve\Downloads\YouCam.exe ==================== One Month Modified Files and Folders ======== 2012-11-15 17:12 - 2012-11-15 17:12 - 00000000 ____D C:\FRST 2012-11-15 14:58 - 2010-06-19 08:05 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-15 14:57 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-15 14:57 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-15 14:57 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-15 05:25 - 2012-04-25 18:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-11-15 05:25 - 2011-08-18 11:33 - 00000000 ____D C:\Users\All Users\McAfee Security Scan 2012-11-15 05:25 - 2011-08-18 11:33 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan 2012-11-15 05:25 - 2010-06-18 03:36 - 00000000 ____D C:\users\Margie 2012-11-15 05:25 - 2008-08-30 16:15 - 00000000 ____D C:\users\Mcx1 2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\Local Settings\QuickPlay 2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\QuickPlay 2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\QuickPlay 2012-11-15 05:25 - 2008-05-19 17:47 - 00000000 ____D C:\users\Steve 2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc 2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration 2012-11-15 05:25 - 2006-11-02 02:22 - 50069504 ____A C:\Windows\System32\config\software_previous 2012-11-15 05:25 - 2006-11-02 02:22 - 23592960 ____A C:\Windows\System32\config\system_previous 2012-11-15 05:21 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2012-11-15 05:21 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2012-11-15 04:44 - 2010-01-22 20:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071920978-3488033429-3191911494-1000UA.job 2012-11-15 04:42 - 2006-11-02 02:33 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-15 04:40 - 2008-03-09 06:54 - 00000218 ____A C:\Users\Public\Documents\hpqp.ini 2012-11-15 04:40 - 2008-03-09 06:54 - 00000218 ____A C:\Users\All Users\Documents\hpqp.ini 2012-11-15 03:46 - 2012-11-15 03:46 - 00000000 ____D C:\Windows\ERDNT 2012-11-15 03:46 - 2012-11-15 03:44 - 00000000 ____D C:\Qoobox 2012-11-15 03:45 - 2012-11-15 03:44 - 00000000 ___SD C:\32788R22FWJFW 2012-11-15 03:42 - 2012-07-24 11:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Steve\Desktop\k.exe 2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-15 03:41 - 2012-11-14 16:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-11-15 03:40 - 2012-08-10 20:41 - 00000000 ____D C:\Users\Steve\Downloads\tdsskiller 2012-11-15 03:19 - 2006-11-02 02:22 - 37486592 ____A C:\Windows\System32\config\components_previous 2012-11-15 03:19 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous 2012-11-15 01:55 - 2012-06-27 15:02 - 00000000 ____D C:\Users\Steve\Application Data\Skype 2012-11-15 01:55 - 2012-06-27 15:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype 2012-11-13 18:49 - 2008-01-20 18:47 - 00272534 ____A C:\Windows\PFRO.log 2012-11-13 14:57 - 2008-03-09 06:37 - 01129639 ____A C:\Windows\WindowsUpdate.log 2012-11-09 21:12 - 2010-06-19 08:05 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-09 00:43 - 2010-01-22 20:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071920978-3488033429-3191911494-1000Core.job 2012-11-07 18:03 - 2009-05-03 02:18 - 00000000 ___HD C:\Users\Steve\Downloads\New Folder 2012-11-07 00:47 - 2010-10-29 18:00 - 00002042 ____A C:\Users\Steve\Desktop\Google Chrome.lnk 2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-03 13:53 - 2012-11-03 13:48 - 00000094 ____A C:\Users\Steve\Desktop\Money.txt.txt 2012-10-31 13:15 - 2012-04-29 14:09 - 00000000 ___SD C:\Users\Steve\Google Drive 2012-10-29 16:01 - 2011-04-04 13:36 - 00000000 ___HD C:\Users\Steve\Application Data\HpUpdate 2012-10-29 16:01 - 2011-04-04 13:36 - 00000000 ___HD C:\Users\Steve\AppData\Roaming\HpUpdate 2012-10-28 18:05 - 2008-05-19 18:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-10-22 17:38 - 2006-11-02 05:01 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iTunes 2012-10-22 17:25 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iPod 2012-10-22 17:25 - 2010-03-14 04:42 - 00000000 ____D C:\Program Files\Common Files\Apple 2012-10-20 06:53 - 2012-10-20 06:52 - 09536008 ____A ( ) C:\Users\Steve\Downloads\YouCam.exe 2012-10-20 06:51 - 2008-05-25 05:20 - 00000000 ____D C:\Users\Steve\My Documents\Youcam 2012-10-20 06:51 - 2008-05-25 05:20 - 00000000 ____D C:\Users\Steve\Documents\Youcam ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888 C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888\L C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888\U ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 ZeroAccess: C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-25 21:00:29 Restore point made on: 2012-10-26 21:01:54 Restore point made on: 2012-10-27 21:00:23 Restore point made on: 2012-10-28 19:17:54 Restore point made on: 2012-10-29 21:00:26 Restore point made on: 2012-10-30 21:00:38 Restore point made on: 2012-10-31 21:00:41 Restore point made on: 2012-11-01 21:00:35 Restore point made on: 2012-11-02 21:00:26 Restore point made on: 2012-11-03 21:00:26 Restore point made on: 2012-11-04 22:00:32 Restore point made on: 2012-11-05 22:00:22 Restore point made on: 2012-11-06 22:00:21 Restore point made on: 2012-11-07 22:00:23 Restore point made on: 2012-11-08 22:00:22 Restore point made on: 2012-11-09 22:00:27 Restore point made on: 2012-11-10 22:09:16 Restore point made on: 2012-11-11 22:00:23 Restore point made on: 2012-11-12 22:00:22 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3006.31 MB Available physical RAM: 2471.71 MB Total Pagefile: 2727.81 MB Available Pagefile: 2540.05 MB Total Virtual: 2047.88 MB Available Virtual: 1975.51 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:221.12 GB) (Free:108.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.98 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (SBUCHHOLZ) (Removable) (Total:3.81 GB) (Free:1.04 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 1528 KB Disk 1 Online 3908 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 221 GB 32 KB Partition 2 Primary 12 GB 221 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 C NTFS Partition 221 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3907 MB 32 KB ========================================================= Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F SBUCHHOLZ FAT32 Removable 3907 MB Healthy ========================================================= Last Boot: 2012-11-15 04:45 ==================== End Of Log ============================
  11. randomid
    ok, thanks for reply, i created new topic forum you recommended, option 1.
  12. randomid
    Hello, I need help removing a trojan.agent infection from a Windows Vista PC. I have run malwarebytes several times in SAFE MODE, because I cannot run in normal at this time. It finds the infection, removes it, and ask to restart PC. The PC restarts in normal mode, and it still appears to be infected, cannot access wi-fi, etc. I cannot post .log files at this time, since I cannot get to USB drive while in safe mode to copy log files. Suggestions on how to proceed? Thank you.
  13. randomid
    Hello, I need help removing a trojan.agent infection from a Windows Vista PC. I have run malwarebytes several times in SAFE MODE, because I cannot run in normal at this time. It finds the infection, removes it, and ask to restart PC. The PC restarts in normal mode, and it still appears to be infected, cannot access wi-fi, etc. I cannot post .log files at this time, since I cannot get to USB drive while in safe mode to copy log files. Suggestions on how to proceed? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.