Jump to content

ptoye

Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Reading, UK
  • Interests
    Keeping my machine clean.
  1. Egg on my face - I'd left the tick boxes unchecked. Twice. Many apologies for the trouble I've caused.
  2. You didn't say so, but I assume that you want me to run MBAM as Admin (which I normally do). I ran it, and there were no errors. Here's the clipboard. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 17/10/2014Scan Time: 14:41:41Logfile: Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.17.04Rootkit Database: v2014.10.15.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AdminScan Type: Threat ScanResult: CompletedObjects Scanned: 435372Time Elapsed: 11 min, 17 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)This is terrible - I've just found out the problem. It's my own fault. I wasn't ticking the correct boxes in the Custom Scan. So it wasn't looking at the filesystem. In English we say "I've got egg on my face". I don't know the German for this, and my dictionary doesn't help. I owe you a HUGE apology. I hope my donation will help deflect your anger.
  3. Thanks for all of this. I've done as you asked, and here are the results. It seems that either I'm not infected, or it's a very clever rootkit! FRST output Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02Ran by Peter at 2014-10-16 14:54:11 Run:1Running from D:\PC Software\PC Utilities\MalwarebytesLoaded Profile: Peter (Available profiles: Admin & Peter & Spare Admin)Boot Mode: Normal==============================================Content of fixlist:*****************Hosts:EmptyTemp:*****************"C:\Windows\System32\Drivers\etc\hosts" => Could not move.Could not reset Hosts.EmptyTemp: => Removed 1.9 GB temporary data.The system needed a reboot. ==== End of Fixlog ====DIsk check results (I ran this on the C:drive - there are other partitions on the same hard drive, one's used for data, one for the swap file and onthers are unused). Log Name: ApplicationSource: Microsoft-Windows-WininitDate: 16/10/2014 15:47:03Event ID: 1001Task Category: NoneLevel: InformationKeywords: ClassicUser: N/AComputer: Peter-PC2Description:Checking file system on C:The type of the file system is NTFS.Volume label is SYSTEM.A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 380160 file records processed. File verification completed. 1037 large file records processed. 0 bad file records processed. 0 EA records processed. 72 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 487750 index entries processed. Index verification completed.CHKDSK is scanning unindexed files for reconnect to their original directory.Recovering orphaned file APAB1D~1.EXE (1168) into directory file 79463.Recovering orphaned file AppCrash_VueMinder.exe_9df537daa82a92726324d8fb5a1bf7e28a7705f_0df57203 (1168) into directory file 79463.Recovering orphaned file SA54D4~1.SDB (194797) into directory file 104365.Recovering orphaned file SASCORE-4-4-2013( 9-31-18 ).440.SDB (194797) into directory file 104365.Recovering orphaned file SA008C~1.SDB (212540) into directory file 104365.Recovering orphaned file SASCORE-4-2-2013( 9-31-49 ).422.SDB (212540) into directory file 104365.Recovering orphaned file {94688~1 (271883) into directory file 16063.Recovering orphaned file {94688FCB-88EF-4F2D-BAD6-213AC64F922E} (271883) into directory file 16063. 5 unindexed files scanned. Recovering orphaned file {26C92~1 (274399) into directory file 16063.Recovering orphaned file {26C92D15-5ABC-4BEE-B4A3-62F16CA5275B} (274399) into directory file 16063. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...Inserting an index entry with Id 4187 into index $SDH of file 9.Repairing the security file record segment. 380160 file SDs/SIDs processed. Cleaning up 1784 unused index entries from index $SII of file 9.Cleaning up 1784 unused index entries from index $SDH of file 9.Cleaning up 1784 unused security descriptors.Security descriptor verification completed. 53796 data files processed. CHKDSK is verifying Usn Journal... 37561728 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 380144 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 7516633 free clusters processed. Free space verification is complete.Windows has made corrections to the file system. 81803978 KB total disk space. 51093152 KB in 260351 files. 155584 KB in 53797 indexes. 0 KB in bad sectors. 488710 KB in use by the system. 65536 KB occupied by the log file. 30066532 KB available on disk. 4096 bytes in each allocation unit. 20450994 total allocation units on disk. 7516633 allocation units available on disk.Internal Info:00 cd 05 00 30 cb 04 00 9a 3f 08 00 00 00 00 00 ....0....?......05 6b 00 00 48 00 00 00 00 00 00 00 00 00 00 00 .k..H...........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.Please wait while your computer restarts.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-10-16T14:47:03.000000000Z" /> <EventRecordID>96160</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Peter-PC2</Computer> <Security /> </System> <EventData> <Data>Checking file system on C:The type of the file system is NTFS.Volume label is SYSTEM.A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 380160 file records processed. File verification completed. 1037 large file records processed. 0 bad file records processed. 0 EA records processed. 72 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 487750 index entries processed. Index verification completed.CHKDSK is scanning unindexed files for reconnect to their original directory.Recovering orphaned file APAB1D~1.EXE (1168) into directory file 79463.Recovering orphaned file AppCrash_VueMinder.exe_9df537daa82a92726324d8fb5a1bf7e28a7705f_0df57203 (1168) into directory file 79463.Recovering orphaned file SA54D4~1.SDB (194797) into directory file 104365.Recovering orphaned file SASCORE-4-4-2013( 9-31-18 ).440.SDB (194797) into directory file 104365.Recovering orphaned file SA008C~1.SDB (212540) into directory file 104365.Recovering orphaned file SASCORE-4-2-2013( 9-31-49 ).422.SDB (212540) into directory file 104365.Recovering orphaned file {94688~1 (271883) into directory file 16063.Recovering orphaned file {94688FCB-88EF-4F2D-BAD6-213AC64F922E} (271883) into directory file 16063. 5 unindexed files scanned. Recovering orphaned file {26C92~1 (274399) into directory file 16063.Recovering orphaned file {26C92D15-5ABC-4BEE-B4A3-62F16CA5275B} (274399) into directory file 16063. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...Inserting an index entry with Id 4187 into index $SDH of file 9.Repairing the security file record segment. 380160 file SDs/SIDs processed. Cleaning up 1784 unused index entries from index $SII of file 9.Cleaning up 1784 unused index entries from index $SDH of file 9.Cleaning up 1784 unused security descriptors.Security descriptor verification completed. 53796 data files processed. CHKDSK is verifying Usn Journal... 37561728 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 380144 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 7516633 free clusters processed. Free space verification is complete.Windows has made corrections to the file system. 81803978 KB total disk space. 51093152 KB in 260351 files. 155584 KB in 53797 indexes. 0 KB in bad sectors. 488710 KB in use by the system. 65536 KB occupied by the log file. 30066532 KB available on disk. 4096 bytes in each allocation unit. 20450994 total allocation units on disk. 7516633 allocation units available on disk.Internal Info:00 cd 05 00 30 cb 04 00 9a 3f 08 00 00 00 00 00 ....0....?......05 6b 00 00 48 00 00 00 00 00 00 00 00 00 00 00 .k..H...........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.Please wait while your computer restarts.</Data> </EventData></Event>SFC output C:\Windows\system32>sfc /scannowBeginning system scan. This process will take some time.Beginning verification phase of system scan.Verification 100% complete.Windows Resource Protection did not find any integrity violations.C:\Windows\system32>
  4. Marius - one question. I've just had a Microsoft notification of 11 "important" updates. Should I apply them now or wait until my machine is cleaned up? You asked me not to add/remove software.
  5. Marius. Thank you for helping me. I am sure that your English is better than my German, so I will try not to use idions as you ask. I ran both of the scans that you suggested. Both of them finished without finding anything. Ark.txt has zero bytes, and TDSSKiller also finished without any log file.
  6. I've been advised to post here from the thread https://forums.malwarebytes.org/index.php?/topic/158317-custom-scan-isnt-scanning-drives/#entry888265 That basically says that when I do a Custom scan, the file systems seleced aren't scanned. I ran Farbar again and am attaching the latest log - the original one is in the thread I just mentioned. By the way, your instructions don't say whether I should run Farbar as Admin or as a normal user. I ran it as Admin, but don't know if it makes a difference. If it does, maybe you could update the web page to let us know. FRST.txt Addition.txt
  7. Thanks for this. I tried again today in case anything has changed, but it hadn't. So as well as the logs I'm attaching a screenshot so you can see that there isn't a file scan there. I also tried lauching MBAM as a normal user (usually I run it as Admin to make sure I've got an up-to-date database), but no change. MBAM logs.zip
  8. I ran a custom scan on a couple of drives, and it finished suspiciously quickly (about 10 mins - nowhere near as long as it used to). Tried again an I noticed that it's not testing the Filesystem objects (which is the whole point of my doing the scan!). Any idea why not? Using MBAM free v 2.0.2.1012 with up-to-date database.
  9. Thanks for the help. Yes, it is a bit confusing. I regularly use MSE to scan for malware, but occasionally I use MBAM as an extra precaution, and got a bit worried when the "threat" scan only took 15 mins! So far I've had only one infection in the last 10 years, and want to keep it that way, Or all the infections are getting in under the radar.
  10. I'm not sure what the exact difference is between the "Threat" and "Custom" scans. I note that on my machine a "Threat" scan takes about 15 mins, and a custom scan on my C: drive over a hour, so the former obviously isn't a thorough as the latter. So what else is the Custom scan doing, please?
  11. I usually do a custom scan, and I've found that there's nothing in the log to indicate which disk drives were scanned. Ditto when I use right-click in Explorer to scan a file. It might be helpful if the log file gave an indication of which disks, folders, files were scanned.
  12. Tell me about Java breaking between versions... BTGTGTMM I didn't know that WIndows sometime changes settings without even asking you. But most people (possibly including myself) would be confused by the question, unless it were properly worded - something that software writers aren't always too good at doing. After all, they know what they're talking about, so obviously you should too. </rant>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.