Jump to content

PatDoo

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Ran the scan this morning and again this evening. Both scans detected zero threats. History on scan indicates all are in quarantine. Think I am now clean. Thank You.
  2. Not 100 percent sure? Odd things are happening. First of all yesterday I might have made a mistake according to my friend. I got on FireFox an 'urgent' tab open up about a Java update is needed. I ran it, the file was FIREFOX-PATCH.JS. Called my friend and he got on my PC and couldn't locate anything from it or the file. Today I ran MalwareBytes and the scan said I was AGAIN infected. I selected FIX... ran scan again after a re-boot, system clean. Did a SHUTDOWN and boot, again clean. However some stuff HAS returned in the ca0f3 folder? =========================== C:\Users\Patti\AppData\Local\ca0f3>dir Volume in drive C is OS Volume Serial Number is F641-BD4C Directory of C:\Users\Patti\AppData\Local\ca0f3 08/13/2016 09:25 AM <DIR> . 08/13/2016 09:25 AM <DIR> .. 08/13/2016 09:24 AM 42,064 a4bb8.73fb72 08/13/2016 11:00 AM 1,347 ba3db.lnk 2 File(s) 43,411 bytes 2 Dir(s) 943,920,775,168 bytes free ==================== The lnk file points to C:\Users\Patti\AppData\Local\ca0f3\a52cc.bat which doesn't exist (although it is in my Quarantine folder)? Operational wise I don't see any degradation nor signs of any malware running. Hijack Hunter didn't seem to see anything either? See log attached. What do you think? Tried some other utilities, rootkit scanners, nothing. Hitman Pro found some stuff, but not the infection. logs_8-13-2016_11_00_46_AM.log
  3. OK, did it and I have a friend who is familiar with Windows. He found some stuff and thinks he has the 'answer'. First the log you want... He found these lines in it... ========== O4 - Startup: 6c53b.lnk = C:\Windows\System32\cmd.exe O4 - Startup: d0eee.lnk = ? =========== Confirms what he saw... The windows appeared on re-boot and he use PROCESS MONITOR to identify the task putting them up. First the LINK error.... Task PID 6416, points back to CMD.EXE... Next the JAVA SCRIPT ERROR, that also shows CMD with 3 other processes and PID's, but they appear to not be there, probably closed as the data couldn't be found. Of course, he did find them in STARTUP and I think all he needs to do it DELETE the two entries in STARTUP ================= C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup>dir Volume in drive C is OS Volume Serial Number is F641-BD4C Directory of C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 08/09/2016 11:05 PM <DIR> . 08/09/2016 11:05 PM <DIR> .. 08/10/2016 05:06 PM 1,049 6c53b.lnk 08/10/2016 05:09 PM 1,058 d0eee.lnk 2 File(s) 2,107 bytes 2 Dir(s) 945,473,359,872 bytes free ======================= Comments? zoek-results.txt
  4. I'm still getting either pop-ups or programs opening on boot minimized to the taskbar. Pop-up I got (first one added) On boot I noticed something on the taskbar and opened it (it closed shortly after by itself) which is the second capture. I did look in the REGISTRY using REGEDIT and that it NOT there?
  5. Wow!!!! I think we're good!!! Those files that worried me are GONE!!! Malware scans are not finding ANYTHING!!! THANK YOU!!!!
  6. OK, done... log attached. Fixlog.txt
  7. OK, did this, files attached, MBAM's scan and Protection file. mbam_prot.txt mbam1.txt
  8. My PC was acting strange, like something was running and slowing down typing. Asked a friend and found these files he didn't know about? --------------- C:\Users\Patti\AppData\Local\ca0f3>dir Volume in drive C is OS Volume Serial Number is F641-BD4C Directory of C:\Users\Patti\AppData\Local\ca0f3 08/07/2016 12:58 PM <DIR> . 08/07/2016 12:58 PM <DIR> .. 08/07/2016 12:58 PM 27,576 a4bb8.73fb72 08/07/2016 12:58 PM 58 a52cc.bat 08/07/2016 12:58 PM 1,013 ba3db.lnk 3 File(s) 28,647 bytes ----------------- If you delete them, they reappear almost immediately... Ran FRST, logs attached. I did call McAfee (I've got McAfee Live Safe with a valid license) and they got on my PC, did a lot of things but said I was OK and found nothing. Do I have a problem? Thanks for you help. Addition_07-08-2016_13-04-39.txt FRST_07-08-2016_13-04-39.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.