Jump to content

pchope

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kevin, thank you very much for your time and help. Malwarebytes has always proven useful and effective for me, and your help here is just another possitive notch in my experience with Malwarebytes. i think we are good to go. this thread can be closed out now. no amount of compensation can repay a person for their time, in my opinion...but we shall see what we can do....*wink
  2. i ran frst without updating, worked fine, deleted qaurantine successfully. deleted frst from desktop as well as frst folder from C: drive. ran otc.exe, worked fine, rebooted pc. ran a full scan with mbam, showed no threats or anything wrong or malicious. computer seems to be nice and clean. pretty awesome job there Mr. Kevin!! i do have 1 more question... i am running windows 7. what do you recommend is the best way to save a permanent restore point to today's date, something where i can name and find later that will be permanent. i get a little confused when it comes to the restore and backup options and how to set them up. and thanks again, i truly appreciate your help with all of this. )
  3. when i click on FRST, it tells me my version is outdated and strongly recommends to DL the latest version..should i DL latest version..or continue without updating FRST?
  4. ok, done and done...here are the reports: All processes killed ========== FILES ========== C:\Program Files\FLVPlayer\Uninstall folder moved successfully. C:\Program Files\FLVPlayer folder moved successfully. C:\Program Files\Uninstaller folder moved successfully. C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CAG4TT5G\baqkyupnl_2razbave_info[1].htm moved successfully. C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GFMJX8TX\evwgrucntzm_3razbave_info[1].htm moved successfully. C:\Users\IronDragon\Desktop\Tools\keygen.exe moved successfully. C:\Users\IronDragon\Desktop\Tools\Grfx&Audio stuff\Random Program Files and Plugins\SetupImgBurn_2.5.7.0.exe moved successfully. C:\Users\IronDragon\Downloads\ARO2013_tbt.exe moved successfully. E:\Movies\GraboidVideoSetup-2.03b-Complete.exe moved successfully. E:\Tools n Stuff\Goldwave\keygen.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: IronDragon ->Temp folder emptied: 235300212 bytes ->Temporary Internet Files folder emptied: 26010881 bytes ->Java cache emptied: 88630653 bytes ->Google Chrome cache emptied: 6654592 bytes ->Flash cache emptied: 523 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16938841 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 144400628 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 494.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 10262013_083231 Files moved on Reboot... File C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QCS7NOFD\on-big,BottomRight,-1,-1_ZAClip,2,76,16,137,verdenab,8,255,255,255,1_ZAon%2520IMDb,2,1,14,137,verdenab,7,255,255,255,1_ZA00_41,103,1,14,36,verdenab,7,255,255,255,1_[1].jpg not found! File C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4HTKKSS\1_ZAFull%2520Movie,2,76,16,137,verdenab,8,255,255,255,1_ZAat%2520Amazon%2520%25BB,2,1,14,137,verdenab,7,255,255,255,1_ZA135_00,103,1,14,36,verdenab,7,255,255,255,1_[1].jpg not found! File C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5CSWRWNC\,137,verdenab,8,255,255,255,1_ZAon%2520IMDb,2,1,14,137,verdenab,7,255,255,255,1_ZA01_12,103,1,14,36,verdenab,7,255,255,255,1_PIimdb-HDIconMiniWhite,BottomLeft,2,-2_[1].jpg not found! File C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5CSWRWNC\1_ZAFull%2520Movie,2,76,16,137,verdenab,8,255,255,255,1_ZAat%2520Amazon%2520%25BB,2,1,14,137,verdenab,7,255,255,255,1_ZA125_00,103,1,14,36,verdenab,7,255,255,255,1_[1].jpg not found! Registry entries deleted on Reboot... -------------------------------------------------------------------------------------------------------------------------------------------------------------------- CKScanner 2.4 - Additional Security Risks - These are not necessarily bad c:\users\irondragon\desktop\tools\grfx&audio stuff\3ds max\3dsmax2012\crack\install.txt c:\users\irondragon\desktop\tools\grfx&audio stuff\3ds max\crack\install.txt c:\users\irondragon\desktop\tools\grfx&audio stuff\random program files and plugins\video copilot - optical flares (complete package) for adobe after effects\optical flares (pc)\opticalflarescrack(spider).exe c:\_otm\movedfiles\10262013_083231\c_users\irondragon\desktop\tools\keygen.exe c:\_otm\movedfiles\10262013_083231\e_tools n stuff\goldwave\keygen.exe scanner sequence 3.BC.11.DIAPHZ ----- EOF -----
  5. i did see that 'HTML/Iframe.B.Gen virus' was listed in 2 of the threats. from what ive read up on, this can be nasty....or is it from the 0access problem which is quarantined now?
  6. there were threats found. i ran the scan without ticking the 'scan archives' box...i could scan again with it ticked if needed. here is the report: C:\Program Files\FLVPlayer\FLVPlayer.exe Win32/InstallCore.A application C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CAG4TT5G\baqkyupnl_2razbave_info[1].htm HTML/Iframe.B.Gen virus C:\Users\IronDragon\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GFMJX8TX\evwgrucntzm_3razbave_info[1].htm HTML/Iframe.B.Gen virus C:\Users\IronDragon\Desktop\Tools\keygen.exe a variant of Win32/Keygen.AD application C:\Users\IronDragon\Desktop\Tools\Grfx&Audio stuff\Random Program Files and Plugins\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\IronDragon\Downloads\ARO2013_tbt.exe a variant of Win32/Bundled.Toolbar.Ask.D application E:\Movies\GraboidVideoSetup-2.03b-Complete.exe Win32/Graboid application E:\Tools n Stuff\Goldwave\keygen.exe a variant of Win32/Keygen.AD application
  7. should i tick the 'scan archives' below the 'remove threats' box option?
  8. not sure i copied the whole report as it went off my screen... here it is again: www.malwarebytes.org Database version: v2013.10.24.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 IronDragon :: IRONDRAGON-PC [administrator] 10/25/2013 7:01:02 AM MBAM-log-2013-10-25 (07-58-34).txt Scan type: Full scan (C:\|E:\|K:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 403681 Time elapsed: 56 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\000000cb.@ (Rootkit.0Access) -> No action taken. c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\80000000.@ (Trojan.0Access) -> No action taken. c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\80000032.@ (Trojan.0Access) -> No action taken. (end)
  9. i have not run the eset online scanner yet. i just got home and ran a full scan of mbam, and it showed 3 rootkit 0access bugs, 2 which were labeled trojans. they seemed to be in the quarantine area of frst. i did not check or delete these, i just ignored and saved the log. then i ran a quick scan with mbam, and it showed no malicious items. should i continue with the eset online scanner now? what is my next step? thanks in advance and here are the 2 mbam reports: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.24.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 IronDragon :: IRONDRAGON-PC [administrator] 10/25/2013 7:01:02 AM MBAM-log-2013-10-25 (07-58-34).txt Scan type: Full scan (C:\|E:\|K:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 403681 Time elapsed: 56 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\000000cb.@ (Rootkit.0Access) -> No action taken. c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\80000000.@ (Trojan.0Access) -> No action taken. c:\frst\quarantine\install\install\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\ \...\‮ﯹ๛\{4676ddbd-18b7-68a5-0b98-81dbf1ee8805}\u\80000032.@ (Trojan.0Access) -> No action taken. (end) --------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.24.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 IronDragon :: IRONDRAGON-PC [administrator] 10/25/2013 8:01:43 AM mbam-log-2013-10-25 (08-01-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216000 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. oh, yes i had run eset repair tool prior to previous logs, and it had not fixed the probs. here is the current mbam log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.24.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 IronDragon :: IRONDRAGON-PC [administrator] 10/24/2013 4:41:51 PM mbam-log-2013-10-24 (16-41-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216341 Time elapsed: 2 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. sooo..after i did a restore to prior date, i ran mbam..and it showed rootkit.0access in its early stages. i was able to still DL stuff at this stage and went through through the processes you gave me one more time, in the exact order with fixit. here is the new log for FSS: Farbar Service Scanner Version: 24-10-2013 Ran by IronDragon (administrator) on 24-10-2013 at 16:36:32 Running from "C:\Users\IronDragon\Downloads" Microsoft Windows 7 Ultimate (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-02-13 07:42] - [2013-01-03 21:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-10-10 09:35] - [2012-06-01 21:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  12. hey Kevin, i just restored my pc to an earlier time.....and all is well, can DL, security is back, etc. thx for your help. i do appreciate your time. Guinness bro, enjoy.
  13. still unable to DL from internet. same message when trying as before.
  14. Farbar Service Scanner Version: 24-10-2013 Ran by IronDragon (administrator) on 24-10-2013 at 12:34:47 Running from "C:\Users\IronDragon\Desktop\Tools\fss folder" Microsoft Windows 7 Ultimate (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist. Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-02-13 07:42] - [2013-01-03 21:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-10-10 09:35] - [2012-06-01 21:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected. C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  15. im still here, just got off work and am now waiting for friend with clean pc to wake up. will have results reply shortly.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.