Exarsere

Members
  • Content count

    29
  • Joined

  • Last visited

About Exarsere

  • Rank
    New Member
  1. Hi again MrC, wanted to thank you on here before the thread closed. I've just recovered from some ill-timed internet-fail.I've been able to clean up everything and my computer remains completely clear. Very grateful for your help
  2. I really appreciate the time you spent with me on this!

  3. Here we are... Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Flash Player 11.5.502.149 Adobe Reader XI Mozilla Firefox (18.0.2) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````
  4. Oh I don't BELIEVE it. That was what it was detecting. The scan came back empty!
  5. In reference to: "Don't forget you zipped up that folder for me so the scan may have spotted that." I didn't realise what _OTL held until now. So it has likely doubled up as it is reading this? This folder couldnt be the only thing that Safety Scanner is detecting now could it? Delete and see?
  6. I've attached a Silent Runners log and a run a fresh version of RK: RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Exarsere [Admin rights] Mode : Scan -- Date : 02/09/2013 11:20:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SanDisk SDSSDP128G ATA Device +++++ --- User --- [MBR] bfde35aa2b583edf389a20b5d1fbdc6d [bSP] 7dfd818262f4af8a7a7b66e84806f6c4 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1001FALS-403AA0 ATA Device +++++ --- User --- [MBR] df189d113589d76184cbba56bf86fe56 [bSP] 3b0061e7675c15a8eb0e45e66d5c1f7c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02092013_02d1120.txt >> RKreport[1]_S_02092013_02d1120.txt Startup Programs (EXARSERE-DRAGON) 2013-02-09 11.24.21.txt
  7. I don't have Chrome installed, and thanks for that suggestion but another false hope Startup was one of the first places I checked. There's nothing suspicious going on there at all.
  8. Back to where we were - Medfos.B I think we're just going in circles Should anything we've done already be tried in safe mode, or is there anything else we could try? Richard
  9. Wow, so apparently the issue is getting worse. Safety Scanner spotted 4 infections - it's only ever seen one before. It claims to have "partially removed" Medfos.B and "removed" Medfos.A. The counter stayed on zero until almost the last minute. As far as I could tell by the file folders zipping past it was scanning Program Files on my X:\ drive. This only contains games/steam. I have re-set Firefox and will now re-run the scan to see if it has had any effect. Richard
  10. Slightly different results... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows 7 Home Premium x64 Ran by Exarsere on 09/02/2013 at 0:57:54.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Exarsere\AppData\Roaming\mozilla\firefox\profiles\j8wzfqr4.default\prefs.js user_pref("browser.newtabpage.blocked", "{\"1gfPbQOdu3iwo8aqLvckDw==\":1,\"4c8bOdaOrM8qaB5wxAs0BQ==\":1,\"k+0J9fYILrgCekZsH4fabQ==\":1,\"TB89QivobJ2sY98gHc18QA==\":1,\"la8dJB7 ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09/02/2013 at 1:01:34.52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Running Safety Scanner ATM...
  11. Scanning with NPE returned this: File:C:\Windows\system32\Drivers\rikvm_38F51D56.sys Seems to be a rootkit that came with PowerDVD? :S http://answers.microsoft.com/en-us/windows/forum/windows_7-security/rikvm-38f51d56sys-virus/eb7db138-07ca-4b3b-8a69-4d893b0e1656 Do you think it's a genuine threat? Richard
  12. This one was produced on my X:\ drive, since i'm running from a desktop stored on that drive. MovedFiles.zip
  13. Hi MrC, I re-ran OTL. Bizarrely or not, this time it didn't produce an Extras.txt, but I have attached OTL.txt Richard OTL.Txt
  14. Unfortunately the safety scanner doesn't give any further detail, just a few links to some useless generic MS pages. The computer seems to be running okay, but then the effects of medfos were limited to begin with. We know it was there before now because of OTL and virus total. Worth trying OTL again? In truth, I can live with medfos if it actually isn't doing anything, but for all I know its sitting there waiting to steal bank details etc...
  15. Unfortunately Safety Scanner doesn't produce a log, but here's JRT... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows 7 Home Premium x64 Ran by Exarsere on 07/02/2013 at 18:05:33.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Exarsere\AppData\Roaming\mozilla\firefox\profiles\j8wzfqr4.default\invalidprefs.js Successfully deleted the following from C:\Users\Exarsere\AppData\Roaming\mozilla\firefox\profiles\j8wzfqr4.default\prefs.js user_pref("browser.newtabpage.blocked", "{\"1gfPbQOdu3iwo8aqLvckDw==\":1,\"4c8bOdaOrM8qaB5wxAs0BQ==\":1,\"k+0J9fYILrgCekZsH4fabQ==\":1,\"TB89QivobJ2sY98gHc18QA==\":1,\"la8dJB7 ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/02/2013 at 18:09:18.36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~