Jump to content

randomid

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Posts posted by randomid

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    I rebooted into Safe Mode, and went to the link for ESET online scanner, and same result as before.

    It did NOT get to the "allow ActiveX control to install" step.

    It stopped after I clicked "Start" in the window at this site.

    The pc is running Windows Vista, if that makes a difference.

    Any other scan methods to try?

    Thanks.

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    I attempted to follow the instructions in the previous post, but I was not able to complete the steps and post a log.

    I started Internet Explorer, and followed the instructions, but it did NOT get to the "allow ActiveX control to install" step.

    It stopped after I clicked "Start" in the window at this site.

    Any more suggestions?

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    I attempted to follow the instructions in the previous post, but I was not able to complete the steps and post a log.

    I started Internet Explorer, and followed the instructions, but it did get to the "allow ActiveX control to install" step.

    It stopped after I clicked "Start" in the window at this site.

    Any more suggestions?

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    Yes, everything appears to be fine, and back to normal.

    Thank you for your help.

    I scanned multiple times with Malwarebytes Anti-Malware, and the reports are all clear:

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.18.01

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Steve :: HP-DV2815NR [administrator]

    Protection: Enabled

    11/18/2012 11:14:07 PM

    mbam-log-2012-11-18 (23-14-07).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 254494

    Time elapsed: 13 minute(s), 21 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Is there anything else I need to check/scan?

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    Before I read your last reply/post, I tried a System Restore point, because I figured I had nothing to lose at that point.

    It restored back Normal Mode, and Wi-fi/internet is back!

    I re-installed MalwareBytes in Normal mode, and ran updates.

    I ran MalwareBytes and here is the log from the first run:

    Malwarebytes Anti-Malware 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.17.02

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Steve :: HP-DV2815NR [administrator]

    11/17/2012 7:06:59 AM

    mbam-log-2012-11-17 (07-06-59).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 259838

    Time elapsed: 41 minute(s), 4 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 3

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32 (Trojan.Agent) -> Data: C:\Users\Steve\userinit.exe -> Quarantined and deleted successfully.

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Agent) -> Data: C:\Users\Steve\AppData\Roaming\Microsoft\svchost.exe -> Quarantined and deleted successfully.

    HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    c:\users\steve\appdata\local\temp\msimg32.dll (Trojan.Ransom) -> Quarantined and deleted successfully.

    (end)

    Restarted per instructions to clear threats and here is the result from the second run:

    Malwarebytes Anti-Malware 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.17.02

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Steve :: HP-DV2815NR [administrator]

    11/17/2012 7:57:49 AM

    mbam-log-2012-11-17 (07-57-49).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 259585

    Time elapsed: 37 minute(s), 27 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    So do I need to do anything else, or am I all clear now?

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    I attempted to run the mbar.exe from Normal mode as the instructions indicated.

    I could not because it was "not an installed service."

    I ran it in Safe Mode, and it did not find anything and returned the message "No cleanup is required."

    Normal mode now hangs after a re-start.

    I still cannot access the internet/wi-fi from that PC.

    Any suggestions on a next step?

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    Here the results from running farbar FRST:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-11-2012

    Ran by SYSTEM at 2012-11-16 17:07:11 Run:1

    Running from F:\

    ==============================================

    C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 moved successfully.

    C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} moved successfully.

    C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888 moved successfully.

    ==== End of Fixlog ====

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012

    Ran by SYSTEM at 15-11-2012 17:13:00

    Running from F:\

    Windows Vista Home Premium (X86) OS Language: English(US)

    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [NvSvc] VSVCSTART [x]

    HKLM\...\Run: [NvCplDaemon] VSTARTUP [x]

    HKLM\...\Run: [NvMediaCenter] IT [x]

    HKLM\...\Run: [Apoint] T.EXE [x]

    HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)

    HKLM\...\Run: [QlbCtrl] S\QLBCTRL.EXE /START [x]

    HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)

    HKLM\...\Run: [uCam_Menu] K\YOUCAM\1.0" [x]

    HKLM\...\Run: [hpqSRMon] [x]

    HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]

    HKLM\...\Run: [hpWirelessAssistant] .EXE [x]

    HKLM\...\Run: [WAWifiMessage] T\WIFIMSG.EXE [x]

    HKLM\...\Run: [symantec PIF AlertEng] G.DLL" [x]

    HKLM\...\Run: [ALUAlert] OTIFY.EXE [x]

    HKLM\...\Run: [HotSync] C.EXE" -ALLUSERS [x]

    HKLM\...\Run: [blspcloader] ET TOOLS\BLSLOADER.EXE [x]

    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)

    HKLM\...\Run: [mcui_exe] KEY [x]

    HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)

    HKLM\...\Run: [] [x]

    HKLM\...\Run: [APSDaemon] .EXE" [x]

    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

    HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]

    HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]

    HKLM\...\Run: [iTunesHelper] ESHELPER.EXE" [x]

    HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

    HKU\Margie\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)

    HKU\Mcx1\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)

    HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

    HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation)

    HKU\Steve\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)

    HKU\Steve\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

    HKU\Steve\...\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [x]

    HKU\Steve\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.)

    HKU\Steve\...\Run: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-22] (Google Inc.)

    HKU\Steve\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

    HKU\Steve\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [16052192 2012-10-25] (Google)

    HKU\Steve\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)

    HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation)

    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1081416 2012-01-13] (Malwarebytes Corporation)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.2

    AppInit_DLLs: PGPmapih.dll

    Lsa: [Notification Packages] scecli PGPpwflt

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk

    ShortcutTarget: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

    ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk

    ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{A3CCAB46-A06E-4F47-96FC-886733BE9708}\Icon6560581611.exe ()

    Startup: C:\Users\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

    Startup: C:\Users\Steve\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

    ==================== Services (Whitelisted) ===================

    3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)

    2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)

    2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95200 2012-01-13] (McAfee, Inc.)

    3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

    2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

    2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

    2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

    2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

    3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [362008 2012-08-23] (McAfee, Inc.)

    2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.)

    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.)

    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.)

    2 PGPserv; C:\Windows\system32\PGPserv.exe [103992 2008-05-21] (PGP Corporation)

    2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()

    2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()

    2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()

    2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation)

    3 WLSetupSvc; "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" [266240 2007-10-25] (Microsoft Corporation)

    2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [x]

    2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

    3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [x]

    2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

    ==================== Drivers (Whitelisted) ====================

    3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)

    3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)

    3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)

    3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

    3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)

    3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)

    3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)

    3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)

    0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)

    1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)

    3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)

    1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)

    3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)

    1 eabfiltr; [x]

    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

    3 mfeavfk01; [x]

    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2012-11-15 17:12 - 2012-11-15 17:12 - 00000000 ____D C:\FRST

    2012-11-15 03:46 - 2012-11-15 03:46 - 00000000 ____D C:\Windows\ERDNT

    2012-11-15 03:44 - 2012-11-15 03:46 - 00000000 ____D C:\Qoobox

    2012-11-15 03:44 - 2012-11-15 03:45 - 00000000 ___SD C:\32788R22FWJFW

    2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-15 03:41 - 2011-12-10 13:24 - 00020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    2012-11-14 16:33 - 2012-11-15 03:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2012-11-03 13:48 - 2012-11-03 13:53 - 00000094 ____A C:\Users\Steve\Desktop\Money.txt.txt

    2012-10-22 17:30 - 2012-08-21 10:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

    2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

    2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1

    2012-10-22 17:25 - 2012-10-22 17:30 - 00000000 ____D C:\Program Files\iTunes

    2012-10-22 17:25 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iPod

    2012-10-20 06:52 - 2012-10-20 06:53 - 09536008 ____A ( ) C:\Users\Steve\Downloads\YouCam.exe

    ==================== One Month Modified Files and Folders ========

    2012-11-15 17:12 - 2012-11-15 17:12 - 00000000 ____D C:\FRST

    2012-11-15 14:58 - 2010-06-19 08:05 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2012-11-15 14:57 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

    2012-11-15 14:57 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    2012-11-15 14:57 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    2012-11-15 05:25 - 2012-04-25 18:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

    2012-11-15 05:25 - 2011-08-18 11:33 - 00000000 ____D C:\Users\All Users\McAfee Security Scan

    2012-11-15 05:25 - 2011-08-18 11:33 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan

    2012-11-15 05:25 - 2010-06-18 03:36 - 00000000 ____D C:\users\Margie

    2012-11-15 05:25 - 2008-08-30 16:15 - 00000000 ____D C:\users\Mcx1

    2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\Local Settings\QuickPlay

    2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\QuickPlay

    2012-11-15 05:25 - 2008-05-19 18:01 - 00000000 ____D C:\Users\Steve\AppData\Local\QuickPlay

    2012-11-15 05:25 - 2008-05-19 17:47 - 00000000 ____D C:\users\Steve

    2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool

    2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc

    2012-11-15 05:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration

    2012-11-15 05:25 - 2006-11-02 02:22 - 50069504 ____A C:\Windows\System32\config\software_previous

    2012-11-15 05:25 - 2006-11-02 02:22 - 23592960 ____A C:\Windows\System32\config\system_previous

    2012-11-15 05:21 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous

    2012-11-15 05:21 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous

    2012-11-15 04:44 - 2010-01-22 20:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071920978-3488033429-3191911494-1000UA.job

    2012-11-15 04:42 - 2006-11-02 02:33 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI

    2012-11-15 04:40 - 2008-03-09 06:54 - 00000218 ____A C:\Users\Public\Documents\hpqp.ini

    2012-11-15 04:40 - 2008-03-09 06:54 - 00000218 ____A C:\Users\All Users\Documents\hpqp.ini

    2012-11-15 03:46 - 2012-11-15 03:46 - 00000000 ____D C:\Windows\ERDNT

    2012-11-15 03:46 - 2012-11-15 03:44 - 00000000 ____D C:\Qoobox

    2012-11-15 03:45 - 2012-11-15 03:44 - 00000000 ___SD C:\32788R22FWJFW

    2012-11-15 03:42 - 2012-07-24 11:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Steve\Desktop\k.exe

    2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-15 03:41 - 2012-11-15 03:41 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-15 03:41 - 2012-11-14 16:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2012-11-15 03:40 - 2012-08-10 20:41 - 00000000 ____D C:\Users\Steve\Downloads\tdsskiller

    2012-11-15 03:19 - 2006-11-02 02:22 - 37486592 ____A C:\Windows\System32\config\components_previous

    2012-11-15 03:19 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous

    2012-11-15 01:55 - 2012-06-27 15:02 - 00000000 ____D C:\Users\Steve\Application Data\Skype

    2012-11-15 01:55 - 2012-06-27 15:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype

    2012-11-13 18:49 - 2008-01-20 18:47 - 00272534 ____A C:\Windows\PFRO.log

    2012-11-13 14:57 - 2008-03-09 06:37 - 01129639 ____A C:\Windows\WindowsUpdate.log

    2012-11-09 21:12 - 2010-06-19 08:05 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2012-11-09 00:43 - 2010-01-22 20:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071920978-3488033429-3191911494-1000Core.job

    2012-11-07 18:03 - 2009-05-03 02:18 - 00000000 ___HD C:\Users\Steve\Downloads\New Folder

    2012-11-07 00:47 - 2010-10-29 18:00 - 00002042 ____A C:\Users\Steve\Desktop\Google Chrome.lnk

    2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2012-11-05 06:58 - 2008-08-30 16:18 - 00005632 ____A C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2012-11-03 13:53 - 2012-11-03 13:48 - 00000094 ____A C:\Users\Steve\Desktop\Money.txt.txt

    2012-10-31 13:15 - 2012-04-29 14:09 - 00000000 ___SD C:\Users\Steve\Google Drive

    2012-10-29 16:01 - 2011-04-04 13:36 - 00000000 ___HD C:\Users\Steve\Application Data\HpUpdate

    2012-10-29 16:01 - 2011-04-04 13:36 - 00000000 ___HD C:\Users\Steve\AppData\Roaming\HpUpdate

    2012-10-28 18:05 - 2008-05-19 18:16 - 00000000 ____D C:\Program Files\Mozilla Firefox

    2012-10-22 17:38 - 2006-11-02 05:01 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

    2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1

    2012-10-22 17:30 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iTunes

    2012-10-22 17:25 - 2012-10-22 17:25 - 00000000 ____D C:\Program Files\iPod

    2012-10-22 17:25 - 2010-03-14 04:42 - 00000000 ____D C:\Program Files\Common Files\Apple

    2012-10-20 06:53 - 2012-10-20 06:52 - 09536008 ____A ( ) C:\Users\Steve\Downloads\YouCam.exe

    2012-10-20 06:51 - 2008-05-25 05:20 - 00000000 ____D C:\Users\Steve\My Documents\Youcam

    2012-10-20 06:51 - 2008-05-25 05:20 - 00000000 ____D C:\Users\Steve\Documents\Youcam

    ZeroAccess:

    C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

    C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L

    C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U

    ZeroAccess:

    C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888

    C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888\L

    C:\$Recycle.Bin\S-1-5-21-1071920978-3488033429-3191911494-1000\$ff24043d55f85ce9a20a8337d9b4b888\U

    ZeroAccess:

    C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

    ZeroAccess:

    C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

    C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

    C:\Users\Steve\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-25 21:00:29

    Restore point made on: 2012-10-26 21:01:54

    Restore point made on: 2012-10-27 21:00:23

    Restore point made on: 2012-10-28 19:17:54

    Restore point made on: 2012-10-29 21:00:26

    Restore point made on: 2012-10-30 21:00:38

    Restore point made on: 2012-10-31 21:00:41

    Restore point made on: 2012-11-01 21:00:35

    Restore point made on: 2012-11-02 21:00:26

    Restore point made on: 2012-11-03 21:00:26

    Restore point made on: 2012-11-04 22:00:32

    Restore point made on: 2012-11-05 22:00:22

    Restore point made on: 2012-11-06 22:00:21

    Restore point made on: 2012-11-07 22:00:23

    Restore point made on: 2012-11-08 22:00:22

    Restore point made on: 2012-11-09 22:00:27

    Restore point made on: 2012-11-10 22:09:16

    Restore point made on: 2012-11-11 22:00:23

    Restore point made on: 2012-11-12 22:00:22

    ==================== Memory info ===========================

    Percentage of memory in use: 17%

    Total physical RAM: 3006.31 MB

    Available physical RAM: 2471.71 MB

    Total Pagefile: 2727.81 MB

    Available Pagefile: 2540.05 MB

    Total Virtual: 2047.88 MB

    Available Virtual: 1975.51 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:221.12 GB) (Free:108.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.98 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    4 Drive f: (SBUCHHOLZ) (Removable) (Total:3.81 GB) (Free:1.04 GB) FAT32

    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt

    -------- ---------- ------- ------- --- ---

    Disk 0 Online 233 GB 1528 KB

    Disk 1 Online 3908 MB 0 B

    Partitions of Disk 0:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 221 GB 32 KB

    Partition 2 Primary 12 GB 221 GB

    =========================================================

    Disk: 0

    Partition 1

    Type : 07

    Hidden: No

    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 0 C NTFS Partition 221 GB Healthy

    =========================================================

    Disk: 0

    Partition 2

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy

    =========================================================

    Partitions of Disk 1:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 3907 MB 32 KB

    =========================================================

    Disk: 1

    Partition 1

    Type : 0B

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 F SBUCHHOLZ FAT32 Removable 3907 MB Healthy

    =========================================================

    Last Boot: 2012-11-15 04:45

    ==================== End Of Log ============================

    trojan.agent infection

    in Resolved Malware Removal Logs

    Posted

    Hello,

    I need help removing a trojan.agent infection from a Windows Vista PC.

    I have run malwarebytes several times in SAFE MODE, because I cannot run in normal at this time.

    It finds the infection, removes it, and ask to restart PC.

    The PC restarts in normal mode, and it still appears to be infected, cannot access wi-fi, etc.

    I cannot post .log files at this time, since I cannot get to USB drive while in safe mode to copy log files.

    Suggestions on how to proceed?

    Thank you.

    trojan.agent infection

    in Malwarebytes for Windows Support Forum

    Posted

    Hello,

    I need help removing a trojan.agent infection from a Windows Vista PC.

    I have run malwarebytes several times in SAFE MODE, because I cannot run in normal at this time.

    It finds the infection, removes it, and ask to restart PC.

    The PC restarts in normal mode, and it still appears to be infected, cannot access wi-fi, etc.

    I cannot post .log files at this time, since I cannot get to USB drive while in safe mode to copy log files.

    Suggestions on how to proceed?

    Thank you.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.