Jump to content

Malware bytes comes back clean but I suspect I have an infection


MSWD

Recommended Posts

I run Malwarebyes and Mcafee and both are clean. I think I may have some sort of password key logger or something. I manage a bunch of web sites and the ftp accounts for these sites keep getting hijacked. This has happened to about 3 sites now across three hosts now. At first I blammed Godaddy that someone was guessing my passwords. But now on a different host its happening. I store these passwords on my local machine.

Could there be some sort of keyword logger installed on my machine that is stealing my user name and passowrds for ftp accounts?

This is a realatively new machine. I have only had one really weird occurance and that happened a few months ago. I was working and each window I had open started closing and then the entire machine rebooted itself. Other than that nothing weird. It's not slow. Nothing else comes to mind.

Are there any other malware progams I could scan with or anything that might pick up something the malware bytes is missing?

Thanks in advance for your input.

Kathy

Link to post
Share on other sites

Hello Kathy! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thank you for your reply. I have followed your instructions. Please find 2 files attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Kathy2012 at 14:19:36 on 2012-12-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8155.4856 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files (x86)\dESCO\ESC Connections Server\ESC Connections Server.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\dESCO\ESC Connections Server\ESC Connections Server Administrator.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.ESC\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\dESCO\ESC\ESC.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe

C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe

C:\PROGRA~2\Intuit\QUICKB~1\dbextclr11.exe

C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120806113114.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ESCCON~1.LNK - C:\Windows\Installer\{00869D9D-8A28-4D0A-A8AA-508BA39B8AC1}\_F5E5803B4561E545AF2490.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{B81604EA-1AC8-4B5C-A1A9-74199D2BC444} : DHCPNameServer = 75.75.76.76 75.75.75.75

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120802144156.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kathy2012\AppData\Roaming\Mozilla\Firefox\Profiles\nnq6xalw.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-27 16152]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-12 56208]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-27 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 204288]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]

R2 ESC Connections Server;ESC Connections Server;C:\Program Files (x86)\dESCO\ESC Connections Server\ESC Connections Server.exe [2012-11-2 1118128]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-27 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-25 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 676936]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-7-27 237920]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-7-27 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-27 177144]

R2 MSSQL$ESC;SQL Server (ESC);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESC\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-27 1695040]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-27 363800]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-27 76960]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-27 93712]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-27 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-27 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-27 787736]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-25 25928]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]

R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-27 648808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-25 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-7-27 224704]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-2 1255736]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]

S4 SQLAgent$ESC;SQL Server Agent (ESC);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESC\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-12-07 11:42:31 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{125EAB70-342B-4F6B-B53E-9C944ED30E86}\offreg.dll

2012-12-07 11:38:50 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{125EAB70-342B-4F6B-B53E-9C944ED30E86}\mpengine.dll

2012-12-06 15:10:07 -------- d-----w- C:\Users\Kathy2012\AppData\Local\{E6E96B91-6B3A-4B3F-B8C0-476D173ECD22}

2012-12-04 21:57:34 -------- d-----w- C:\Users\Kathy2012\AppData\Local\{F5545BA3-4C90-403C-A5DB-D9AD5C2FC68D}

2012-11-30 16:11:15 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-11-30 16:10:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-30 16:10:54 -------- d-----w- C:\Program Files\iTunes

2012-11-30 16:10:54 -------- d-----w- C:\Program Files\iPod

2012-11-30 16:10:54 -------- d-----w- C:\Program Files (x86)\iTunes

2012-11-28 18:48:12 -------- d-----w- C:\Users\Kathy2012\AppData\Local\{ED448461-4168-4275-AD36-E2883AEB26EA}

2012-11-28 18:48:11 -------- d-----w- C:\Users\Kathy2012\AppData\Local\{BCBCDAA4-E372-4EC1-BA55-E41BAF527805}

2012-11-14 09:08:48 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 09:08:47 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 09:08:47 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 09:08:47 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 09:01:59 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 09:01:59 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 09:01:58 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 09:01:58 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 09:01:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 09:01:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 09:01:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-12 21:44:00 -------- d-----w- C:\Users\Kathy2012\AppData\Local\{B930F762-3150-40C5-A156-4E7970DDA664}

2012-11-12 21:38:40 -------- d-----w- C:\Users\Kathy2012\AppData\Roaming\PACE Anti-Piracy

2012-11-12 21:38:40 -------- d-----w- C:\Users\Kathy2012\AppData\Local\PACE Anti-Piracy

2012-11-12 21:38:40 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2012-11-12 21:34:49 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-11-12 21:34:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2012-11-12 21:34:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2012-11-12 21:34:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared

2012-11-12 21:34:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-11-12 21:34:42 -------- d-----w- C:\Program Files (x86)\My Company Name

2012-11-12 21:32:58 -------- d-----w- C:\adobeTemp

2012-11-12 12:50:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M ====================

.

2012-12-06 18:39:04 60864 ----a-w- C:\Users\Kathy2012\g2mdlhlpx.exe

2012-11-12 13:09:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 13:09:57 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-24 20:49:38 103784 ----a-w- C:\Users\Kathy2012\GoToAssistDownloadHelper.exe

2012-09-24 01:43:48 55432 ----a-w- C:\Windows\System32\AdobePDF.dll

2012-09-24 01:43:42 26768 ----a-w- C:\Windows\System32\AdobePDFUI.dll

2012-09-19 19:01:46 1393736 ----a-w- C:\Users\Kathy2012\gotomypc_626.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-13 13:13:39 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-13 13:13:39 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-12 18:52:38 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-09-12 18:52:35 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-12 18:52:35 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

.

============= FINISH: 14:20:05.99 ===============

dds.txt

attach.txt

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.11.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kathy2012 :: KATHY2012-PC [administrator]

Protection: Enabled

12/11/2012 9:41:56 AM

mbam-log-2012-12-11 (09-41-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 282839

Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

===================================================

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

=====================================================

Here are the list of what it found and cleaned

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Users\Kathy2012\My Web Sites\Gypsy-Vanner.org-website\gypsyhorse\wp-content\plugins\akismet\akismet.php PHP/Obfuscated.F application cleaned by deleting - quarantined

C:\Users\Kathy2012\My Web Sites\Gypsy-Vanner.org-website\gypsyhorse\wp-content\plugins\sidebar-photoblog\sidebar-photoblog.php PHP/Obfuscated.F application cleaned by deleting - quarantined

J:\KATHY2012-PC\Backup Set 2012-11-11 190002\Backup Files 2012-11-11 190002\Backup files 17.zip a variant of Win32/HiddenStart.A application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-11-11 190002\Backup Files 2012-11-11 190002\Backup files 33.zip PHP/Obfuscated.F application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-11-11 190002\Backup Files 2012-11-18 190001\Backup files 19.zip a variant of Win32/HiddenStart.A application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-11-11 190002\Backup Files 2012-11-18 190001\Backup files 39.zip PHP/Obfuscated.F application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-12-02 190001\Backup Files 2012-12-02 190001\Backup files 19.zip a variant of Win32/HiddenStart.A application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-12-02 190001\Backup Files 2012-12-02 190001\Backup files 43.zip PHP/Obfuscated.F application deleted - quarantined

J:\KATHY2012-PC\Backup Set 2012-12-02 190001\Backup Files 2012-12-09 190008\Backup files 4.zip a variant of Win32/HiddenStart.A application deleted - quarantined

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Kap scan:

Status: Disinfected (events: 50)

12/18/2012 7:44:48 AM Disinfected Trojan program Trojan-FakeAV.Win32.SecurityShield.gpi Outlook\Archives\Top of Outlook data file\Deleted Items\[From:FedEx Customer Service][subject:FedEx Delivery Problem No#6823][Time:2012/06/09 10:58:44]/FedEx_Label_ID_Order_83-27-4534US.zip High

12/18/2012 7:44:48 AM Disinfected Trojan program Trojan-FakeAV.Win32.SecurityShield.gpi Outlook\Archives\Top of Outlook data file\Deleted Items\[From:FedEx Customer Service][subject:FedEx Delivery Problem No#6823][Time:2012/06/09 10:58:44]/FedEx_Label_ID_Order_83-27-4534US.zip/FedEx_Label_ID_Order_83-27-4534US.exe High

12/18/2012 7:45:01 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.ow Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]DHL Package delivery report][Time:2012/06/13 16:21:27]/DHL report.zip High

12/18/2012 7:45:01 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.ow Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]DHL Package delivery report][Time:2012/06/13 16:21:27]/DHL report.zip/DHL report.exe High

12/18/2012 7:45:14 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.ow Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]DHL Package delivery report][Time:2012/06/14 01:09:03]/DHL report.zip High

12/18/2012 7:45:14 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.ow Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]DHL Package delivery report][Time:2012/06/14 01:09:03]/DHL report.zip/DHL report.exe High

12/18/2012 7:45:25 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.py Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]Your DHL delivery status.][Time:2012/06/20 05:28:45]/DHL document.zip High

12/18/2012 7:45:25 AM Disinfected Trojan program Trojan.Win32.Jorik.Androm.py Outlook\Archives\Top of Outlook data file\Deleted Items\[From:DHL Inc.][subject:[sPAM]Your DHL delivery status.][Time:2012/06/20 05:28:45]/DHL document.zip/DHL Doument.exe High

12/18/2012 7:45:55 AM Disinfected Trojan program Trojan-Dropper.Win32.Dapato.bklv Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Adobe Software][subject:Your order complete][Time:2012/06/28 10:34:23]/Adobe_License_Key_Order#1834-453.zip High

12/18/2012 7:45:54 AM Disinfected Trojan program Trojan-Dropper.Win32.Dapato.bklv Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Adobe Software][subject:Your order complete][Time:2012/06/28 10:34:23]/Adobe_License_Key_Order#1834-453.zip/Adobe_License_Key_Order#1834-453.exe High

12/18/2012 7:46:12 AM Disinfected Trojan program Trojan-Dropper.Win32.Dapato.bkvy Outlook\Archives\Top of Outlook data file\Deleted Items\[From:scan@marketsharewebdesign.com][subject:[sPAM]Fwd: Scan from a Hewlett-Packard ScanJet #15655][Time:2012/07/01 23:34:49]/Scan.zip High

12/18/2012 7:46:12 AM Disinfected Trojan program Trojan-Dropper.Win32.Dapato.bkvy Outlook\Archives\Top of Outlook data file\Deleted Items\[From:scan@marketsharewebdesign.com][subject:[sPAM]Fwd: Scan from a Hewlett-Packard ScanJet #15655][Time:2012/07/01 23:34:49]/Scan.zip/Hewlett-Packard_NetJet_XP888354-SCAN.exe High

12/18/2012 7:46:24 AM Disinfected Trojan program Trojan.Win32.Yakes.aglk Outlook\Archives\Top of Outlook data file\Deleted Items\[From:messages-noreply@bounce.linkedin.com][subject:[sPAM]Charter flight reservation.][Time:2012/07/10 05:07:32]/Report-D9935.zip High

12/18/2012 7:46:24 AM Disinfected Trojan program Trojan.Win32.Yakes.aglk Outlook\Archives\Top of Outlook data file\Deleted Items\[From:messages-noreply@bounce.linkedin.com][subject:[sPAM]Charter flight reservation.][Time:2012/07/10 05:07:32]/Report-D9935.zip/Details_EWK-88234.exe High

12/18/2012 7:46:43 AM Disinfected Trojan program Trojan-FakeAV.Win32.Agent.fyy Outlook\Archives\Top of Outlook data file\Deleted Items\[From:FedEx Service][subject:FedEx Delivery Problem No#1510][Time:2012/07/18 14:13:18]/FedEx_Label_ID_Order_4548-657-4US.zip High

12/18/2012 7:46:43 AM Disinfected Trojan program Trojan-FakeAV.Win32.Agent.fyy Outlook\Archives\Top of Outlook data file\Deleted Items\[From:FedEx Service][subject:FedEx Delivery Problem No#1510][Time:2012/07/18 14:13:18]/FedEx_Label_ID_Order_4548-657-4US.zip/FedEx_Label_ID_Order_4548-657-4US.exe High

12/18/2012 7:47:21 AM Disinfected Trojan program HEUR:Trojan.Win32.Generic Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Groupon][subject:[sPAM]Groupon dicount gifts][Time:2012/07/26 14:51:10]/Discount gift certificate.zip High

12/18/2012 7:47:24 AM Disinfected Trojan program Trojan.Win32.Yakes.aigd Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Groupon][subject:Groupon dicount gifts][Time:2012/07/28 00:28:47]/Gift coupon.zip High

12/18/2012 7:47:24 AM Disinfected Trojan program Trojan.Win32.Yakes.aigd Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Groupon][subject:Groupon dicount gifts][Time:2012/07/28 00:28:47]/Gift coupon.zip/Gift coupon.exe High

12/18/2012 7:47:36 AM Disinfected virus Worm.Win32.Cridex.gt Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Booking.com][subject:Reservation Confirmation [2735119], Wed, 1 Aug 2012 12:29:36 -0600 ][Time:2012/08/01 12:29:36]/Booking_Confirmation_N0801201201067310.zip High

12/18/2012 7:47:36 AM Disinfected virus Worm.Win32.Cridex.gt Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Booking.com][subject:Reservation Confirmation [2735119], Wed, 1 Aug 2012 12:29:36 -0600 ][Time:2012/08/01 12:29:36]/Booking_Confirmation_N0801201201067310.zip/Booking_Confirmation_08012012.exe High

12/18/2012 7:47:39 AM Disinfected virus Worm.Win32.Cridex.gt Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Booking.com][subject:Reservation Confirmation [9797144], Wed, 1 Aug 2012 13:22:03 -0500 ][Time:2012/08/01 12:22:03]/Booking_Confirmation_N0801201287891124.zip High

12/18/2012 7:47:39 AM Disinfected virus Worm.Win32.Cridex.gt Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Booking.com][subject:Reservation Confirmation [9797144], Wed, 1 Aug 2012 13:22:03 -0500 ][Time:2012/08/01 12:22:03]/Booking_Confirmation_N0801201287891124.zip/Booking_Confirmation_08012012.exe High

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #734752631495 - Tue, 7 Aug 2012 10:26:17 +0100][Time:2012/08/07 03:26:17]/FedEx_Tracking_Notification-08_2012652127227060.zip High

12/18/2012 7:48:22 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #734752631495 - Tue, 7 Aug 2012 10:26:17 +0100][Time:2012/08/07 03:26:17]/FedEx_Tracking_Notification-08_2012652127227060.zip/FedEx_Tracking_Notification-08_2012.exe High

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #291388516142 - Tue, 7 Aug 2012 18:18:22 +0900][Time:2012/08/07 03:18:22]/FedEx_Tracking_Notification-08_2012636038523021.zip High

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #291388516142 - Tue, 7 Aug 2012 18:18:22 +0900][Time:2012/08/07 03:18:22]/FedEx_Tracking_Notification-08_2012636038523021.zip/FedEx_Tracking_Notification-08_2012.exe High

12/18/2012 7:48:24 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #513486575217 - Tue, 7 Aug 2012 11:04:51 +0200][Time:2012/08/07 03:04:51]/FedEx_Tracking_Notification-08_2012075173089232.zip High

12/18/2012 7:48:24 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #513486575217 - Tue, 7 Aug 2012 11:04:51 +0200][Time:2012/08/07 03:04:51]/FedEx_Tracking_Notification-08_2012075173089232.zip/FedEx_Tracking_Notification-08_2012.exe High

12/18/2012 7:51:01 AM Disinfected Trojan program Trojan-Downloader.Win32.Kuluoz.bw Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:American Airlines][subject:[sPAM]Order #ID4119 is processed][Time:2012/10/01 14:44:18]/AA_Ticket_Print_Document.zip High

12/18/2012 7:51:01 AM Disinfected Trojan program Trojan-Downloader.Win32.Kuluoz.bw Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:American Airlines][subject:[sPAM]Order #ID4119 is processed][Time:2012/10/01 14:44:18]/AA_Ticket_Print_Document.zip/AA_Ticket_Print_Document.exe High

12/18/2012 7:51:32 AM Disinfected Trojan program HEUR:Trojan.Win32.Generic Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:FedEx Service][subject:[sPAM]You need to get a parcel][Time:2012/10/11 20:36:55]/Label_Fedex_Print_document.zip High

12/18/2012 7:52:07 AM Disinfected Trojan program Trojan-Spy.Win32.Zbot.geuw Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Mr Abdullah Raji][subject:$45,000 TT Copy][Time:2012/10/26 13:25:18]/Transfer-summary.exe High

12/18/2012 7:52:26 AM Disinfected Trojan program Trojan.Win32.Inject.evpa Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:UPS][subject:[sPAM]UPS notification 8042465600][Time:2012/11/02 18:30:03]/UPS document.zip High

12/18/2012 7:52:26 AM Disinfected Trojan program Trojan.Win32.Inject.evpa Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:UPS][subject:[sPAM]UPS notification 8042465600][Time:2012/11/02 18:30:03]/UPS document.zip/UPS document.exe High

12/18/2012 7:52:36 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.btyt Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Better Business Bureau][subject:[sPAM]Complaint report][Time:2012/11/07 22:26:21]/347B26B270A7.pdf.zip High

12/18/2012 7:52:36 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.btyt Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Better Business Bureau][subject:[sPAM]Complaint report][Time:2012/11/07 22:26:21]/347B26B270A7.pdf.zip/Better-Business-Bureau_Complaint_Report_ID_4357364582374075936802345283478231745435623456218934780231745087867038467305730732109472560247360957023045.pdf.exe High

12/18/2012 7:52:41 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.butn Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:The Electronic Payments Association][subject:ACH transaction (ID: 804ED8EB992E) was rejected][Time:2012/11/08 11:13:01]/ACH_Report-804ED8EB992E.pdf.zip High

12/18/2012 7:52:41 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.butn Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:The Electronic Payments Association][subject:ACH transaction (ID: 804ED8EB992E) was rejected][Time:2012/11/08 11:13:01]/ACH_Report-804ED8EB992E.pdf.zip/ACH_transaction_details_ID_5466767439823749865983614972300000000000005863028462085623740318740238574085723046240586230408234082.pdf.exe High

12/18/2012 7:53:17 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.cfap Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:The Better Business Bureau][subject:[sPAM]FW:Case #25754638][Time:2012/11/19 10:11:45]/bbb_complaint_case~1.zip High

12/18/2012 7:53:17 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.cfap Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:The Better Business Bureau][subject:[sPAM]FW:Case #25754638][Time:2012/11/19 10:11:45]/bbb_complaint_case~1.zip/bbb_complaint_case~1.exe High

12/18/2012 7:53:21 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.chnp Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:SendSecure Support][subject:[sPAM]You have received a secure message from Bank Of Amerrica][Time:2012/11/26 09:20:45]/securedoc.zip High

12/18/2012 7:53:21 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.chnp Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:SendSecure Support][subject:[sPAM]You have received a secure message from Bank Of Amerrica][Time:2012/11/26 09:20:45]/securedoc.zip/securedoc.exe High

12/18/2012 7:54:03 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.cqwb Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Eric_Hairston@KeyBank.com][subject:[sPAM]You have received a secure message][Time:2012/12/05 08:06:50]/securedoc.zip High

12/18/2012 7:54:03 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.cqwb Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Eric_Hairston@KeyBank.com][subject:[sPAM]You have received a secure message][Time:2012/12/05 08:06:50]/securedoc.zip/securedoc.exe High

12/18/2012 7:54:15 AM Disinfected Trojan program HEUR:Trojan.Win32.Generic Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:support@digitalinsight.com][subject:[sPAM]Incoming Wire Notification][Time:2012/12/12 08:08:20]/incoming_wire_report.zip High

12/18/2012 7:54:18 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.czvs Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:American Express][subject:[sPAM] Recent Activity Report - Incident #L26WIH1R][Time:2012/12/13 10:25:17]/Incident#L26WIH1R.zip High

12/18/2012 7:54:18 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.czvs Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:American Express][subject:[sPAM] Recent Activity Report - Incident #L26WIH1R][Time:2012/12/13 10:25:17]/Incident#L26WIH1R.zip/Recent Acivity.exe High

12/18/2012 7:54:22 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.deed Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Fax Server][subject:[sPAM]***BULK*** INCOMING FAX REPORT : Remote ID: 766-767-8877][Time:2012/12/17 10:31:13]/Incoming_Fax.zip High

12/18/2012 7:54:22 AM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.deed Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Fax Server][subject:[sPAM]***BULK*** INCOMING FAX REPORT : Remote ID: 766-767-8877][Time:2012/12/17 10:31:13]/Incoming_Fax.zip/Incoming_Fax.exe High

Status: Quarantined (events: 3)

12/18/2012 7:47:21 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic Outlook\Archives\Top of Outlook data file\Deleted Items\[From:Groupon][subject:[sPAM]Groupon dicount gifts][Time:2012/07/26 14:51:10]/Discount gift certificate.zip/Discount gift certificate.exe High

12/18/2012 7:51:32 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:FedEx Service][subject:[sPAM]You need to get a parcel][Time:2012/10/11 20:36:55]/Label_Fedex_Print_document.zip/Label_Fedex_Print_document.exe High

12/18/2012 7:54:15 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:support@digitalinsight.com][subject:[sPAM]Incoming Wire Notification][Time:2012/12/12 08:08:20]/incoming_wire_report.zip/incoming_wire_report.exe High

Link to post
Share on other sites

Kaspersky found Backdoor.Win32.Androm.ep.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

Link to post
Share on other sites

If I format it and reinstall the OS is it safe to use then? This machine was new in August I purchased it to replace a machine that had a root kit virus on it. I'm assuming that when I copied over files from my old machine to my new machine. There must have been an infected file in the mix. Is that a safe assumption. If that is the case, do I absolutely leave everything behind and just recreate everything?

I don't mind doing the reformat, I just don't want to do it all for nothing.

1) How can I safely move files from my old machine to my newly formated machine.

2) will a format and reinstall really guarantee there is no virus? I was told with the root kit that even that couldn't guarantee a clean computer. The only guarantee was to buy a new machine.

3) What software / anti virus combinations should I run to ensure this doesn't happen again. I run McAfee & Malware bytes pn the infected machine

4) Could this possible be coming from another computer on my network? If there a 4 computers on the network, can it transfer from one to another without my knowledge?

Thank you for the information, I apprecaite your help. If you have any other advice, please let me know.

Kathy

Link to post
Share on other sites

I also have a mySql database that I must transfer from the old machine to the new (or reformated) machine. Is it safe to do this, is there a software that can make sure it is clean before I bring it over? This database is critical.

Please advise.

I'm just beating my head against the wall because I did this all in August and now I have to do it again. I don't want to have to do it again. Is there any software I can scan a file with before I transfer it to the new machine to make sure it is clean????

Please tell me how to do this safely.

Last time I just copied the folders across the network to my new machine..... and here I am INFECTED AGAIN!

Link to post
Share on other sites

another question: if these were copied from my old computer to my new computer and were never clicked on, how could they possible be active? All the files that list the backdoor.WIN32 are from my old archived outlook files:

These must have been copied over from the old infected machine????

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #734752631495 - Tue, 7 Aug 2012 10:26:17 +0100][Time:2012/08/07 03:26:17]/FedEx_Tracking_Notification-08_2012652127227060.zip High

12/18/2012 7:48:22 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #734752631495 - Tue, 7 Aug 2012 10:26:17 +0100][Time:2012/08/07 03:26:17]/FedEx_Tracking_Notification-08_2012652127227060.zip/FedEx_Tracking_Notification-08_2012.exe High

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #291388516142 - Tue, 7 Aug 2012 18:18:22 +0900][Time:2012/08/07 03:18:22]/FedEx_Tracking_Notification-08_2012636038523021.zip High

12/18/2012 7:48:23 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #291388516142 - Tue, 7 Aug 2012 18:18:22 +0900][Time:2012/08/07 03:18:22]/FedEx_Tracking_Notification-08_2012636038523021.zip/FedEx_Tracking_Notification-08_2012.exe High

12/18/2012 7:48:24 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #513486575217 - Tue, 7 Aug 2012 11:04:51 +0200][Time:2012/08/07 03:04:51]/FedEx_Tracking_Notification-08_2012075173089232.zip High

12/18/2012 7:48:24 AM Disinfected Trojan program Backdoor.Win32.Androm.ep Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:From: notification@fedex.com][subject:[sPAM]FedEx Tracking Notification #513486575217 - Tue, 7 Aug 2012 11:04:51 +0200]

Link to post
Share on other sites

Isn't it strange that the day I started my new computer the email came that gave me the new virus?

Here is a link to my discussion with the prior people that helped me:

http://www.bleepingcomputer.com/forums/topic462799.html/page__pid__2782949#entry2782949

I neve click links in emails like this, so how can the virus be active if I didn't click the link?

Link to post
Share on other sites

I format it and reinstall the OS is it safe to use then?

Absolutely yes.

If that is the case, do I absolutely leave everything behind and just recreate everything?

Probably that is the case. You shouldn't transfer any .exe , .com , .html, .htm files. It is safe for word documents and pictures.

1) How can I safely move files from my old machine to my newly formated machine.

You need to be sure that they are infected. One of the safe practice is to scan them in www.virustotal.com or to be sure they are not .exe , .com and so on.

2) will a format and reinstall really guarantee there is no virus? I was told with the root kit that even that couldn't guarantee a clean computer. The only guarantee was to buy a new machine.

If you format the entire hard disc, there is no way to be there after all.

3) What software / anti virus combinations should I run to ensure this doesn't happen again. I run McAfee & Malware bytes pn the infected machine

There are a lot of products.

http://www.microsoft.com/nz/windows/antivirus-partners/windows-7.aspx

It is your choice.

4) Could this possible be coming from another computer on my network? If there a 4 computers on the network, can it transfer from one to another without my knowledge?

Yes, could be an option.

I also have a mySql database that I must transfer from the old machine to the new (or reformated) machine. Is it safe to do this, is there a software that can make sure it is clean before I bring it over?

As I already suggest try to scan in www.virustotal.com

All the files that list the backdoor.WIN32 are from my old archived outlook files:

They are just a backup files, they are not active.

e that's infected is an outlook file- then should I stop using OUTLOOK? Would it be better to get my email via Gmail? I really don't want another infection.

GMail has a better SPAM filter in my opinion, I use it too, but if you are not careful, it's hard to defend.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.