Jump to content

MichaelN

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by MichaelN

  1. I have Malwarebytes Premium 3. As this should render my AVG unnecessary I am considering uninstalling it. I assume this will free up resources. Is this ill advised?
  2. FYI C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}>attribA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429aA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\kwq.tmpA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\oiyg.tmpA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ok.tmp I removed the Hidden attribute from the files and they showed this in dir Directory of C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 12/09/2014 06:41 PM 316,744 8afc49b02429a11/25/2014 10:45 AM 0 kwq.tmp11/26/2014 08:59 PM 0 oiyg.tmp11/20/2014 02:54 PM 0 ok.tmp The date of 11/20 is about the time I started getting problems. I removed the folder and files within. Any idea what it has been doing? What has been exposed, etc?
  3. Ran the scans which said they found nothing. On an odd note, for the last several hours I haven't gotten a block.
  4. Nope. It started after I opened a link from a friend to what appeared to me a malicious site and I immediately killed the browser. So the MBR file didn't show anything? ... and I just got the attached while updating mam defs.
  5. MrC, 1. TFC run and files cleared 2. Rkill run. Log attached 3. FRST search on services.exe run. Log attached. 4. Router reset. At a hotel this week. That might be hard to get them to do. Thanks much, Michael Search.txt Rkill.txt
  6. MrC, Away from my PC yesterday. Sorry for the delay. 1. Correct. Even without a browser open. 2. Yes. Different WiFi routers and Ethernet too. 3. Rogue Killer log attached. It might have found something. Thanks, Michael RKreport_SCN_12082014_121119.log
  7. All run with logs attached. AdwCleaner didn't like New Tab redirect. Nothing for JRT. Two suspicious but explainable files for HP. Thoughts? AdwCleanerR1.txt AdwCleanerS1.txt JRT.txt
  8. I turned off the AV firewall briefly and explorer.exe started connecting with all kind of stuff. See the attached print screen. Malwarebytes blocked some of it. Malwarebytes log attached. I turned the AV firewall back on but had to restart for the machine to be usable. mam.txt
  9. MrC, FRST scan logs attached. We may have had a mis-communication. The popups indicating blocks are on the desktop from Malware bytes program or AVG program saying the problem is with explorer.exe. Nothing in or from the browsers. Thanks, Michael Addition.txt FRST.txt
  10. Attached is another print screen ... Note if I block explorer.exe in the AVG firewall it seems to go dormant. Any of this help? Thanks for the persistence
  11. Disabled Windows Sidebar and Gadgets Downloaded and ran Zoek, This was a little weird. I couldn't download the exe but got the zip and rar. When I tried opening them in Winzip, it crashed. I got them open in WinRar but it reported "unexpected end of archive". In it was zoek.exe.com. zoek.exe.pif and zoek.exe.scr which I wasn't expecting. I ran the com as admin. I had put the script in a text file to make sure I didn't skip steps. Zoek automatically found the script and asked to run it. I wasn't expecting that either. Anyway, it rebooted then displayed the log file attached. Ran Software removal tool. It said it found nothing then reset the Chrome browser. (Note that I have to occasionally use ie too) Monitoring behavior. Nothing odd thus far. I will report back after observing for several hours. This post was posted from a different PC. zoek-results.log zoek-results.log
  12. MrC, Print screens from Process Explorer attached. Getting access denied in normal mode as seen in one print screen. The others grabbed in safe mode. Is this what you had in mind? Thanks, Michael
  13. Also entries like this in the event viewer DNS Client Events Name resolution for the name mochibot.com timed out after none of the configured DNS servers responded.
  14. I use Chrome mostly. There can be popups if I am not browsing. Attached is some logging from MAM. Also a print screen from AVG. I don't see how to export it. mam.txt
  15. MrC, ComboFix ran successfully in safe mode, log attached. TFC ran successfully. No reboot required. Something is still trying to connect to malicious sites that at least some are being blocked. Occasionally dllhost instances are appearing and disappearing in task manager. Extra instances of explorer.exe appear in task manager and one will use up gigs of memory. Thanks for your assistance, Michael ComboFix.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.