Jump to content

smk

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by smk

  1. Outstanding help. Thanks again!

  2. I installed acrobat reader XI and the latest version of java (both 32 and 64 bit) I could find (java 7, update 10) Hopefully my assumption is correct that this was a good thing to do..... Look forward to your reply and, again, thanks for all the help. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 10 Java version out of Date! Adobe Reader XI Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Micah Desktop Anti Malware SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. apparently 64-bit java control panel does not give you the update tab..... I am currently installing both 32 and 64 bit versions of latest version of java
  4. One note: Java control panel is missing the update tab....
  5. Here's the info....(I've attached the adwcleaner log as an attachment) Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 10 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` AdwCleanerS1.txt
  6. going out now. Thanks for the help so far. Look forward to your response to the adwarecleaner results. Again, thank you for the help.
  7. All seems well. I was able to run Windows Update but it did not find any available updates. I've included the logs you've requested. I also ran a Malwarebytes quick scan and it showed no issues. system-log.txt mbar-log-2012-12-23 (11-52-01).txt
  8. I am in the process of following the removal instructions. I will forward your forum message to the pc's owner and let her decide how she's wants to proceed in terms of reformatting/reinstalling. I will post the scan results when it completes...
  9. Attached. fyi - RogueKiller says I have ZeroAccess Thanks in advance. RKreport1_S_12232012_02d1026.txt
  10. Friend (really) had ransomware (FBI warning, webcam showing her picture). I tried to help and we ran malwarebytes in safe mode, then again in normal boot. The computer is usable, but Malwarebytes shows two infections it can't remove (even after reboot). I have also run SurfRight Hitman Pro which detected nothing. I've attached the DDS and Attach.txt from DDS.com execution (I could not find DDS.scr). Win 7 did not give me the option to run the .com file as administrator (Win 7) so it was not run as an administrator. Thank you in advance for any assistance. Steve attach.txt dds.txt
  11. Excellent help, thanks!

  12. Please see attached. Going out for a couple of hours, will check your reply later.... checkup.txt
  13. It's very good. Again, thank you very much for the assistance.
  14. Sorry about my rudeness in not keeping the helper up to date on my delayed status. My bad, won't happen again..... I ran combofix and am attaching the combofix log as well as a hijack this log after combofix completed. Thanks, Steve ComboFix.txt hijackthis.log
  15. The little buggers won't go away.... Any other suggestions? (I am getting to the point that reinstall windows doesn't seem such a bad idea). The problem is I have no idea if this is actually an active problem. I have run eset, malwarebytes, the TDDSKiller, Hitman Pro (which cleaned up the original rootkit). Only Comodo cleaning essentials is reporting this but it can't clean it using Comodo. Appreciate any info or just let me know if I should punt and reinstall....
  16. Wireless. Have to sleep now, work in the morning (yes, Sunday). Will probably not get back to this until tomorrow evening. Thanks for the assist,will definitely paypal once we're done. Promise!
  17. Ok, all done. Could/Should I run the Comodo Cleaning Essentials again?
  18. There were 2 suspicious objects which I skipped. Please see attached. (thanks in advance) tddskiller.pdf TDSSKiller.2.8.10.0_22.09.2012_21.03.10_log.txt
  19. Over a year ago my computer was infected with a nasty AntiVirus 2011 infection. Used all kinds of antimalware and antivirus tools (Malwarebytes, TDDSkiller, unhide, etc) and the laptop has been functioning pretty well. However, I never could reinstall McAffee Antivirus, for example. Recently read a CNET article about software such as Comodo Cleaning Essentials and gave it a go. It found some more infections and cleaned many of them out. However, it reports that there are still 8 items that it failed to clean, all of them located in a subdirectory c:\windows\$NTUninstallKB5332$\2760683608\ I posted to the Comodo forum and they had me try a zeroaccess removal tool as well as Kapersky Rescue Disk 10, but neither did the trick. I googled and saw one post where ComboFix removed files in this subdirectory but, reading the combofix warnings, would not dare just running it unless told to do so. Wondering if any expert at this forum might have some suggestions. I've run the DDS.com program (Windows 7 - 32 bit machine, I did not have the option to run as administrator) and have attached the files, as well as a screen shot of the results of the Comodo Cleaning Essentials results. I do appreciate any assistance. Thank you. comodo results.pdf Attach.txt DDS.txt
  20. I've run all sorts of scans and the computer is up and running. However, I ran comodo cleaning essentials and it still can't remove some stuff all located at All of the items are located at c:\windows\$NTUninstallKB5332$\276063608 I have seen some posts indicating combofix has removed this, but I'm not so foolish to just run combofix. Does anyone in the Malwarebytes community have any suggestions? (I know it's not malwarebytes that reported this particular problem, but thought maybe the more forums I post the better chance someone might have an idea). Thanks, Steve
  21. The system had a virus (NTOSKRNL-HOOK). I removed the hard drive and put it in an external enclosure and managed to run antivirus and malwarybets to remove infections. I reinstalled the hard drive in the original computer. Now Malwarebytes reports HKEY_CLASSES_ROOT\CLSID\{9cb478a2-ca39-0cfd-efac-db80710601d3} (Rogue.AntiVirus.Gold) -> Delete on reboot However, the registry key is not deleted on reboot. I've tried this in normal boot and safe mode to no avail. Any help greatly appreciated. HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:57:25 PM, on 08/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online F2 - REG:system.ini: Shell=Explorer.exe O1 - Hosts: 83.102.165.14 bankofamerica.com O1 - Hosts: 83.102.165.14 www.bankofamerica.com O1 - Hosts: 65.109.102.103 wellsfargo.com O1 - Hosts: 65.109.102.103 www.wellsfargo.com O1 - Hosts: 83.102.207.5 paypal.com O1 - Hosts: 83.102.207.5 www.paypal.com O1 - Hosts: 83.102.207.7 www.lloydstsb.com O1 - Hosts: 83.102.207.7 lloydstsb.com O1 - Hosts: 83.102.207.7 www.lloydstsb.co.uk O1 - Hosts: 83.102.207.7 lloydstsb.co.uk O1 - Hosts: 83.102.207.10 www.bankone.com O1 - Hosts: 83.102.207.10 bankone.com O1 - Hosts: 83.102.207.10 hsbc.com O1 - Hosts: 83.102.207.10 www.hsbc.com O1 - Hosts: 83.102.207.10 hsbc.co.uk O1 - Hosts: 83.102.207.10 www.hsbc.co.uk O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\dbgwin.dll O20 - Winlogon Notify: rboqvqym - C:\Documents and Settings\CPK JR\Application Data\rboqvqym.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 9907 bytes MBAM LOG Malwarebytes' Anti-Malware 1.40 Database version: 2587 Windows 5.1.2600 Service Pack 3 08/10/2009 5:12:37 PM mbam-log-2009-08-10 (17-12-37).txt Scan type: Full Scan (C:\|) Objects scanned: 210664 Time elapsed: 1 hour(s), 52 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9cb478a2-ca39-0cfd-efac-db80710601d3} (Rogue.AntiVirus.Gold) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.