ih8viruses

PUP.Optional.BoostInterProcess.A are not being removed after scan?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

I'm glad to know it's just a false positive! I don't need any other help, so thank you for letting me know there's nothing to worry about.

PUP.Optional.BoostInterProcess.A are not being removed after scan?

ih8viruses posted a topic in Resolved Malware Removal Logs

Hello, I just discovered this "PUP.Optional.BoostInterProcess.A" after a MalwareBytes Update (my last update was 10 days ago) and scan. I allowed MalwareBytes to remove the files, but after the computer rebooted, I found the infected files in C:\ProgramData\boost_interprocess\ again. So I did another MalwareBytes scan and the files have been detected again. I have not noticed anything unusual while using my computer. My last MalwareBytes scan was on February 14 - it came back clean. I don't know what this PUP thing is or where it came from. The last program I downloaded was iTunes on January 28. Since then, I have downloaded one Rich Text File from a government website and five photos. I avoid websites that are unfamiliar to me, though I did visit a three new websites today just before my MalwareBytes scan. They are Polish-language genealogy sites. I will admit I don't know much about computer viruses... anyway, here is the second MalwareBytes log. Although it says "no action taken" but I will try to remove the files again. Thanks. ------------------- Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.19.09 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16798Sammy :: SAMMY [administrator] 2/19/14 12:17:40 PMMBAM-log-2014-02-19 (12-27-04).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 242141Time elapsed: 7 minute(s), 49 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> No action taken. Files Detected: 2C:\ProgramData\boost_interprocess\Nobu64AgentService (PUP.Optional.BoostInterProcess.A) -> No action taken.C:\ProgramData\boost_interprocess\Nobu64TrayIcon (PUP.Optional.BoostInterProcess.A) -> No action taken. (end)

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

Hello, sorry for the delay in responding. I have done a few more scans with Malwarebytes after it removed the trojan and it still says my computer is clean. I didn't think it would be that easy to remove a trojan, but I hope Malwarebytes is right and that it really was removed completely from my computer.

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

It's a Samsung Series 3 NP300E5E-A05CA. The internet likes to randomly disconnect whenever I'm on it (and it has done that since it was nearly brand new), so if that was a symptom of this virus, I wouldn't have noticed it. Other than that, everything else has been acting completely normal. I just went through my Chrome history and found something that could be the culprit. In my first post, I mentioned that only one pop-up has appeared since I bought this computer. Someone sent me a link to one of those free tv viewing websites (they live overseas and wanted to show me a new tv show). I'm normally very cautious about what links I click, but I did click on it, and a pop-up appeared, despite having AdBlock. I closed it before it even loaded properly so I don't know what it said. The thing is, that was on September 27 - the day after my last Malwarebytes scan. Just thinking out loud here!

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

Okay, it gets even weirder: I have RES and am a regular Redditor. I hope it's not against the rules here to brainstorm with other people who have viruses, but I have heard of people getting viruses through Imgur links (though I have no clue if it was through the ads), so I wonder if that's a possibility, or a false positive related to new Samsungs, or just a really strange coincidence. I should also add that I updated Malwarebytes right before it picked up the trojan during my quick scan.

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

ismyvirusgone - interesting! I've done two quick scans and a full scan since the initial detection, and like you, nothing has popped up since then. Do you use AdBlock too? I guess I was wrong in my initial post - my last scan was on September 26, so this AudioTest thing must've happened between then and this morning. The only things I have downloaded since the 26th and today were some photos from a very well-known website. I really hope it's a false positive...

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.06.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Sammy :: SAMMY [limited] 10/06/13 10:34:16 AM mbam-log-2013-10-06 (10-34-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223947 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------------------------------------- RogueKiller V8.7.1 [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Sammy [Admin rights] Mode : Remove -- Date : 10/06/2013 10:43:11 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST750LM022 HN-M750MBB +++++ --- User --- [MBR] 84c715495513ceb40e77ef002daedf3d [bSP] 53236564fceea3158d55668e62010107 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_10062013_104311.txt >> RKreport[0]_S_10062013_104223.txt

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

"Attach.txt - the other website said don't pay attention to zipping it, so I'll just post it here" I can't figure out how to edit my post, but I meant to type other "link," not "other website."

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

Attach.txt - the other website said don't pay attention to zipping it, so I'll just post it here: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 8/05/13 3:32:51 PMSystem Uptime: 10/06/13 1:39:40 AM (9 hours ago).Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP300E5E-A06CAProcessor: Intel® Core i3-3120M CPU @ 2.50GHz | CPU Socket - U3E1 | 2500/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 677 GiB total, 592.728 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP9: 9/18/13 5:23:32 PM - Scheduled CheckpointRP10: 9/25/13 4:11:32 PM - Windows UpdateRP11: 10/06/13 1:22:13 AM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Photoshop Elements 11Adobe Reader X (10.1.3) MUIBitcasa version 0.9.20.4133CyberLink Power2Go 8CyberLink PowerDVD 10D-Fend Reloaded 1.3.3 (deinstall)D3DX10E-POPEasy File ShareElements 11 OrganizerFamilySearch Indexing 3.19.3Galerie de photosGalería de fotosGoogle ChromeGoogle Update HelperGrampsAIO64Help DeskIntel AppUp(SM) centerIntel® Manageability Engine Firmware Recovery AgentIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Trusted Connect Service ClientLexmark 3600-4600 SeriesMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Application Error ReportingMicrosoft OfficeMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Movie MakerMSVCRTMSVCRT110MSVCRT110_amd64Norton Internet SecurityNorton Online BackupNorton Online Backup ARAPhoto CommonPhoto GalleryPlants vs. ZombiesPSE11 STI InstallerQualcomm Atheros Bluetooth Suite (64)Qualcomm Atheros Client Installation ProgramRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRecoveryS AgentSettingsStellarium 0.12.2Support CenterSupport Center FAQSW UpdateSynaptics Pointing Device DriverTrillianUser GuideVLC media player 2.0.8Windows LiveWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackZip Motion Block Video codec (Remove Only).==== Event Viewer Messages From Past Week ========.10/06/13 1:40:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect.10/06/13 1:40:12 AM, Error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/04/13 12:27:27 PM, Error: Service Control Manager [7034] - The lxdx_device service terminated unexpectedly. It has done this 1 time(s).10/01/13 8:33:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Sammy\Sammy SID (S-1-5-21-275444049-347170542-1178166326-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.10/01/13 8:33:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A188DB29-2ABC-46CB-9A38-40B82CF5D051} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Sammy\Sammy SID (S-1-5-21-275444049-347170542-1178166326-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool..==== End Of File ===========================

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses replied to ih8viruses's topic in Resolved Malware Removal Logs

Here is DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688Run by Sammy at 10:18:55 on 2013-10-06Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.7894.6214 [GMT -6:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\windows\system32\dashost.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\windows\system32\lxdxcoms.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Samsung\SW Update\SWMAgent.exeC:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\dwm.exeC:\windows\system32\msiexec.exeC:\windows\system32\taskhostex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\windows\Explorer.EXEC:\windows\system32\igfxext.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Samsung\Settings\sSettings.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Bluetooth Suite\BtTray.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\taskhost.exeC:\Program Files\Samsung\Support Center\GuaranaAgent.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dllmRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemPolicies-System: DisableCAD = dword:1TCP: NameServer = 64.59.176.15 64.59.177.227TCP: Interfaces\{F80B304C-FF08-402F-94C4-8B0CE051BC2B} : DHCPNameServer = 64.59.176.15 64.59.177.227TCP: Interfaces\{F80B304C-FF08-402F-94C4-8B0CE051BC2B}\14D6075646F53525 : DHCPNameServer = 192.168.1.100TCP: Interfaces\{F80B304C-FF08-402F-94C4-8B0CE051BC2B}\A425F636 : DHCPNameServer = 64.59.176.15 64.59.177.227Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [btTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"x64-Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startupx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"x64-mPolicies-System: DisableCAD = dword:1x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-9 645952]R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-1-9 56336]R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-1-9 352456]R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-1-9 168608]R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-1-9 92536]R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-11-5 171664]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-31 231040]R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-19 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-1-9 128896]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-9 165760]R2 lxdx_device;lxdx_device;C:\windows\System32\lxdxcoms.exe -service --> C:\windows\System32\lxdxcoms.exe -service [?]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-8-6 144368]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-14 3943104]R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-12-21 2878152]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-9 364416]R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-31 323584]R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2013-1-9 88728]R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-23 1525848]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2013-1-9 344216]R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2013-1-9 114840]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-1-9 33944]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-1-9 178840]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2013-1-9 76952]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2013-1-9 135832]R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2013-1-9 576152]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-8-6 169048]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131004.001\IDSviA64.sys [2013-10-4 520280]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-1-9 719504]R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-8-6 493656]R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-8-6 1139800]R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-8-6 224416]R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-8-6 433752]S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxdxserv.exe [2013-8-12 29184]S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-8-6 23448].=============== Created Last 30 ================.2013-09-21 23:04:13 -------- d-----w- C:\Users\Sammy\AppData\Roaming\gramps2013-09-21 23:01:42 -------- d-----w- C:\Program Files\GrampsAIO64.==================== Find3M ====================.2013-09-18 23:26:35 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-18 23:26:35 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll2013-08-06 08:22:40 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS2013-08-03 04:30:14 4038144 ----a-w- C:\windows\System32\win32k.sys2013-07-13 06:18:21 337408 ----a-w- C:\windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe2013-07-09 06:07:17 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll.============= FINISH: 10:19:31.03 ===============

Malwarebytes picked up a trojan - how can I be sure it's gone?

ih8viruses posted a topic in Resolved Malware Removal Logs

Hello, I have just finished doing my bi-weekly quick scan on Malwarebytes when a trojan popped up - "Trojan.PWS.Zbot" from a file in my recycle bin called "AudioTest.exe." I quarantined it immediately, but now I'm wondering if it's gone completely. I have no clue how I received it. This laptop, a Samsung, is barely two months old and I rarely check my email on my computer. I have only downloaded programs from trusted companies - no music downloads, torrents, attachments from sketchy emails... nothing like that. I use AdBlock and only one pop-up has magically opened since this laptop was purchased. I also don't understand how it ended up in my recycle bin if I didn't even know there was anything on here called AudioTest.exe. Here is the log; I'm not sure if I've posted it properly. It's really late, I'm tired and stressed out due to this trojan, so I apologize if I haven't posted this correctly. I just want to make sure it's gone forever and there aren't any traces left of it on the laptop. Thanks in advance! ------------ Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.06.01 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688Sammy :: SAMMY [limited] 10/06/13 1:34:59 AMmbam-log-2013-10-06 (01-34-59).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 223798Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\$Recycle.Bin\S-1-5-18\$RKFVFFD\AudioTest.exe (Trojan.PWS.Zbot.AI) -> Quarantined and deleted successfully. (end)

Sign In

Posts

Joined

Last visited

Reputation

PUP.Optional.BoostInterProcess.A are not being removed after scan?

PUP.Optional.BoostInterProcess.A are not being removed after scan?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Malwarebytes picked up a trojan - how can I be sure it's gone?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information