Szocs Posted August 13, 2012 ID:584444 Share Posted August 13, 2012 MrCharlie,It seems everything is clean now - nothing detected in MWB. Sending a big stern handshake and thanks your way. I'm on my way to your paypal site!Could I trouble you to take a peak at my laptop's mbam log? - and would you recommend that I follow the same steps there?.......Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.12.06Windows 7 Service Pack 1 x86 FAT32Internet Explorer 9.0.8112.16421qxlocates :: A10782 [administrator]Protection: Enabled8/12/2012 9:15:30 PMmbam-log-2012-08-12 (22-05-20).txtScan type: Full scan (C:\|E:\|H:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 371089Time elapsed: 30 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 1C:\Windows\System32\diskexnt.dll (Trojan.Agent) -> No action taken.Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 12C:\Windows\System32\diskexnt.dll (Trojan.Agent) -> No action taken.C:\Users\Administrator.A10782\AppData\Local\tafyvp.exe (Trojan.LameShield) -> No action taken.C:\Users\qxlocates\AppData\Local\nvfarle.exe (Trojan.LameShield) -> No action taken.C:\Users\qxlocates\AppData\Local\Temp\sgwe3t.exe (Trojan.Inject) -> No action taken.C:\Users\qxlocates\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\839df2c-6e687be5 (Trojan.Inject) -> No action taken.C:\Users\qxlocates\Downloads\installer_plants_vs_zombies.exe (PUP.BundleInstaller.BT) -> No action taken.C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\00000004.@ (Rootkit.Zaccess) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\000000cb.@ (Rootkit.0Access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\80000000.@ (Rootkit.0Access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\80000032.@ (Rootkit.0Access) -> No action taken.(end) Link to post Share on other sites More sharing options...
Szocs Posted August 13, 2012 Author ID:584445 Share Posted August 13, 2012 Proceed with FRST logs? Link to post Share on other sites More sharing options...
Staff screen317 Posted August 13, 2012 Staff ID:584453 Share Posted August 13, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
Szocs Posted August 13, 2012 Author ID:584466 Share Posted August 13, 2012 Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.12.06Windows 7 Service Pack 1 x86 FAT32Internet Explorer 9.0.8112.16421qxlocates :: A10782 [administrator]Protection: Enabled8/12/2012 11:05:22 PMmbam-log-2012-08-12 (23-08-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 218891Time elapsed: 3 minute(s), 5 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 9C:\Users\qxlocates\AppData\Local\Temp\sgwe3t.exe (Trojan.Inject) -> No action taken.C:\Users\qxlocates\Downloads\installer_plants_vs_zombies.exe (PUP.BundleInstaller.BT) -> No action taken.C:\Users\Administrator.A10782\Local Settings\Application Data\tafyvp.exe (Trojan.LameShield) -> No action taken.C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\00000004.@ (Rootkit.Zaccess) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\000000cb.@ (Rootkit.0Access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\80000000.@ (Rootkit.0Access) -> No action taken.C:\Windows\Installer\{f935cc66-766e-6d60-1eaa-31aeda77fbc6}\U\80000032.@ (Rootkit.0Access) -> No action taken.(end) Link to post Share on other sites More sharing options...
Staff screen317 Posted August 13, 2012 Staff ID:584467 Share Posted August 13, 2012 Hi,Why aren't your quarantining what MBAM is finding?? Link to post Share on other sites More sharing options...
Szocs Posted August 13, 2012 Author ID:584479 Share Posted August 13, 2012 oh i am, just posting log files first. w/ DDS , I'm getting a 'stopped working' message. Link to post Share on other sites More sharing options...
Szocs Posted August 13, 2012 Author ID:584489 Share Posted August 13, 2012 when I quarantine and reboot, the results just keep coming up the same.as for the DDS error message, it look like this... Link to post Share on other sites More sharing options...
Szocs Posted August 13, 2012 Author ID:584709 Share Posted August 13, 2012 Thanks for your assistance thus far. I managed to resolve the issues! All clean now. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 16, 2012 Staff ID:585952 Share Posted August 16, 2012 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts