AOKay Posted November 24, 2010 ID:350517 Share Posted November 24, 2010 I recently reformatted my computer after having troubles with starting windows. After loading my backup, windows wouldn't start again, and my restore points didn't change anything, so I reformatted again. I have not yet loaded my backup, but have run MBAM as well as HJT. The log files are below. Should I run them once again after loading my backup? Please advise.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5184Windows 6.1.7600Internet Explorer 8.0.7600.1638511/24/2010 12:27:43 PMmbam-log-2010-11-24 (12-27-43).txtScan type: Full scan (C:|D:|E:|F:|)Objects scanned: 220201Time elapsed: 25 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:27 PM, on 11/24/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exeC:Program Files (x86)Hewlett-PackardSharedhpqToaster.exec:Program Files (x86)Hewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exeC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files (x86)Internet Exploreriexplore.exeC:WindowsSysWow64MacromedFlashFlashUtil10c.exeC:Program Files (x86)AIMaim.exeC:UsersKev.TrieuAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE56IO8ENIELeagueofLegends[1].exeC:Program Files (x86)Pando NetworksMedia BoosterPMB.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembam.exeC:UsersKev.TrieuDesktopHijackThis.exeC:WindowsSysWOW64NOTEPAD.EXEC:Program Files (x86)Internet Exploreriexplore.exeC:Program Files (x86)AVGAVG10avgtray.exeC:Program Files (x86)AVGAVG10avgui.exeC:Program Files (x86)AVGAVG10Identity Protectionagentbinavgidsmonitor.exeC:WindowsSysWOW64NOTEPAD.EXER1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htmR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG10avgssie.dllO4 - HKLM..Run: [QlbCtrl.exe] C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /StartO4 - HKLM..Run: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exeO4 - HKLM..Run: [HPCam_Menu] "c:Program Files (x86)Hewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "c:Program Files (x86)Hewlett-PackardMediaWebcam" UpdateWithCreateOnce "SoftwareHewlett-PackardMediaWebcam"O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG10avgtray.exeO4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silentO4 - HKCU..Run: [Aim] "C:Program Files (x86)AIMaim.exe" /d locale=en-USO4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG10avgpp.dllO23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_d15ed671de43d681AESTSr64.exeO23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG10avgfws.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG10avgwdsvc.exeO23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exeO23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)O23 - Service: HP Health Check Service - Hewlett-Packard - C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exeO23 - Service: HP Service (hpsrv) - Unknown owner - C:Windowssystem32Hpservice.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: Intel Link to post Share on other sites More sharing options...
AOKay Posted November 25, 2010 Author ID:350627 Share Posted November 25, 2010 Anything? Link to post Share on other sites More sharing options...
Gammo Posted November 27, 2010 ID:351899 Share Posted November 27, 2010 Hi,Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete clean~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Start Malwarebytes' Anti-MalwareOnce the program has loaded, click the "Update" tab and click the "Check For updates" button.Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please download DDS and save it to your desktop.Disable any script blocking protection.Double click dds.com to run the tool..When done, DDS will open two logs (DDS.txt and Attach.txt).Save both reports to your desktop.Please include the contents of DDS.txt in your next reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 8, 2011 Staff ID:386179 Share Posted February 8, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts