Jump to content


Photo
- - - - -

EVERY Download is determined to contain virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 24 May 2011 - 03:11 PM

I have attempted to do everything on the malware forum at Geeks to Go and it landed me here.
I read about the different viruses and their symptoms and have nothing like the suggested logos in my taskbar.
absolutely every download attempt is deemed to be infected and consiquently destroyed. This pertains to statements, invoices, attachments and also all the attempts to download MBAM.
When I took my computer tower to the store where it was purchased to have it cleaned of any viruses etc as well as a literal cleaning, they gave it a clean bill of health and talked me into the NEW IMPROVED NORTON
360. after multiple issues with it and a tech that was very difficult to understand and a few weeks of delays and their attempt to use logmein to uninstall and download they gave me my money back because they were unable to use their removal tool to get everything out to let the comp do a clean installation/download. wanted to do it this way in case their disk the store sold me had a problem. Subsequently, i was able to use Recuva uninstaller to locate and remove the previously hidden from their tech files and bits. **I am not telling you this to bash the company just thought it might be helpful and perhaps i had not found all of the files.
also, I am wondering if this can have anything to do with having updated to Internet Explorer 9 with the weekly updates.
so sorry if i am putting too much info in here and confusing the issue.

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 May 2011 - 03:09 PM

Hi and welcome to Malwarebytes.


What is telling you that every download is infected, and what infection is being reported?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 26 May 2011 - 03:57 PM

Oh thank you so so very much for responding.
There is a "bar" at the bottom of the page that asks if i want to run, save or cancel.
So, whether I CHOOSE RUN OR SAVE at the end of the countdown, a message with the border of the mesage board changes to red and says that the download had a virus and has been deleted. There is a red jewel like smaller than a dime sized logo on the (L) side of the message. I have tried to capture this to include it in a message and it has yet to work.

One time the message said that Security Scan had determined that there was a virus and the downloaded message had been deleted.
I have tried to do a search for the Security Scan to see if it was something i could modify or delete. No success.
I have also looked in downloads to see if anything had made it to that file despite the messages.
I have tried to do the steps in malware forum but nothing will download.
I do have spyware but nothing has been detected.

Again, thank you so much for responding.

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 30 May 2011 - 01:07 PM

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 May 2011 - 01:44 PM

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.



#6 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 May 2011 - 01:46 PM

i cannot download anything. i cannot save to my desktop. that is why i am here.
sorry

#7 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 May 2011 - 02:03 PM

Is the initial log that i posted of no help???

#8 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 31 May 2011 - 10:22 AM

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Brenda at 8:09:17 on 2011-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2247 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Windows\system32\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Users\Brenda\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vsnp2std.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Brenda\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
L:\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpyBrowser] "C:\Program Files (x86)\SpyBro\SpyBro.exe" /autostart
uRun: [ABBYY Screenshot Reader Retail] "C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ABBYY Screenshot Reader Retail] "C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenShotReader.exe" -autorun
StartupFolder: C:\Users\Brenda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HP SimpleSave Monitor.lnk - C:\Users\Brenda\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\general.ini
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MySoftware NewsFlash.lnk - C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: cnet.com\download
Trusted Zone: download.com
Trusted Zone: live.com\co105w.col105.mail
Trusted Zone: msn.com\www
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [snp2std] C:\Windows\vsnp2std.exe
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\system32\drivers\amdide64.sys --> C:\Windows\system32\drivers\amdide64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\N360x64\0500000.07D\SYMTDIV.SYS --> C:\Windows\system32\drivers\N360x64\0500000.07D\SYMTDIV.SYS [?]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BackupService;BackupService;C:\Users\Brenda\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2011-3-28 83512]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS [?]
S2 !SASCORE;SAS Core Service;"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" --> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9aa7a751d840c;Google Update Service (gupdate1c9aa7a751d840c);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-21 133104]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2010-5-18 122880]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-21 133104]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
S3 PCWinSoft;ScreenCamera HR;C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys --> C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-05-28 22:55:42 -------- d-----w- C:\ProgramData\ABBYY
2011-05-28 22:55:42 -------- d-----w- C:\Program Files (x86)\ABBYY Screenshot Reader
2011-05-27 15:11:50 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DEF2133-E1E1-4FC7-AB32-29F0E57CB239}\mpengine.dll
2011-05-16 21:49:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 15:12:06 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-11 15:12:06 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-10 16:57:13 -------- d-----w- C:\Users\Brenda\AppData\Local\{6BBC6F2A-AF9A-4DE9-9F52-CB7530139D64}
.
==================== Find3M ====================
.
2011-05-14 22:12:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-28 15:36:23 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-03-12 22:52:03 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 21:55:52 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:59:49 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:13 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 14:00:00 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-03-03 13:35:36 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-03-02 16:12:21 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
.
============= FINISH: 8:10:10.35 ===============

#9 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 31 May 2011 - 10:25 AM

i had to use a flash drive downloading on another computer.I am going to try to send it to my desktop now and I am trying to review what you wanted dobne with the other log.

#10 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 June 2011 - 08:06 PM

Hi,

That's what I meant by download; transfer with a flash drive.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 03 June 2011 - 08:18 PM

Hi,

That's what I meant by download; transfer with a flash drive.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317

I was going to use the flash drive for the ComboFix but am not sure if this is ok. also, i was going to try the MBAM with the flash drive. should i bypass that and go for the CommboFix only??? Thank you so much for getting back with me. not sure what i would do if i did not have the laptop for backup BUT it does not have my work accounting program on here so I REALLY REALLY appreciate this.

#12 brendalynne

brendalynne

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 June 2011 - 12:26 PM

Hi,

That's what I meant by download; transfer with a flash drive.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

04/06/2011 10:17:46 AM
mbam-log-2011-06-04 (10-17-46).txt

Scan type: Full scan (C:\|L:\|)
Objects scanned: 331148
Time elapsed: 35 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Brenda\AppData\Roaming\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\fast browser search\IE\fastbrowsersearchprotection.exe (PUP.Fbsearch) -> Not selected for removal.
c:\program files\fast browser search\IE\fbssearchprotectionuninstall.exe (PUP.Fbsearch) -> Not selected for removal.
c:\program files\fast browser search\IE\update.exe (PUP.Fbsearch) -> Not selected for removal.
c:\Users\Brenda\AppData\Roaming\error fix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Logs\2010-10-22 15-39-380.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\Brenda\AppData\Roaming\error fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

THIS IS THE MBAM RESUKTS. I have the ComboFix on a flash drive but have to take care of MIL's errands etc for her today.
I have another question about combofix-- I noticed remarks about having to redo the internet etc. Not sure how to get things worked out if there will not be an internet connection after ComboFix runs. ?? Guess I am doing what i do best - worry.Can you tell if this looks good compared with the previous reports ??

#13 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 07 June 2011 - 05:53 PM

Hi,


Yes please run ComboFix. If you can't connect after running it (very rare), reboot and it should be fine.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 14 June 2011 - 12:48 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users