Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    Member
    Join Date
    Nov 2008
    Posts
    34
    Points
    0

    Default

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software


    Detection, 12/22/2014 12:50:41 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:51:08 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:51:09 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:51:09 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:51:09 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:51:09 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 64013, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:32 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:32 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:41 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:46 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:48 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:50 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.145.244, 54993, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 12/22/2014 12:55:51 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.39.142, 27032, Outbound, C:\Program Files (x86)\WarThunder\launcher.exe,
    Detection, 12/22/2014 12:55:51 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 218.9.39.142, 27032, Outbound, C:\Program Files (x86)\WarThunder\launcher.exe,
    Update, 12/22/2014 1:21:47 AM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.1, 2014.12.22.2,
    Protection, 12/22/2014 1:21:47 AM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 1:21:47 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 1:21:47 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 1:22:08 AM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 1:22:08 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 1:22:09 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Update, 12/22/2014 2:06:14 AM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.2, 2014.12.22.3,
    Protection, 12/22/2014 2:06:14 AM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 2:06:14 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 2:06:14 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 2:06:22 AM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 2:06:22 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 2:06:23 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Scan, 12/22/2014 2:21:28 AM, SYSTEM, HOME-PC, Manual, Start:12/22/2014 2:11:27 AM, Duration:9 min 13 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
    Scan, 12/22/2014 2:38:22 AM, SYSTEM, HOME-PC, Manual, Start:12/22/2014 2:29:08 AM, Duration:8 min 27 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
    Detection, 12/22/2014 9:27:44 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 54.68.99.67, fastvideoupgrader.com, 65198, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
    Detection, 12/22/2014 9:27:45 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 54.68.99.67, fastvideoupgrader.com, 65198, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
    Detection, 12/22/2014 9:27:45 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, IP, 54.68.99.67, fastvideoupgrader.com, 65199, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
    Update, 12/22/2014 10:24:58 AM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.3, 2014.12.22.4,
    Protection, 12/22/2014 10:24:58 AM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 10:24:58 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 10:24:59 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 10:25:17 AM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 10:25:17 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 10:25:18 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Detection, 12/22/2014 10:37:43 AM, Home, HOME-PC, Protection, Malware Protection, File, PUP.Optional.SoftPulse, C:\Users\Home\Downloads\Setup.exe, Quarantine, [7f5da1c4314bf83e60eb36c27889aa56]
    Protection, 12/22/2014 10:45:32 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 10:45:32 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 10:45:32 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 10:45:46 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Detection, 12/22/2014 10:54:44 AM, Home, HOME-PC, Protection, Malware Protection, File, PUP.Optional.SoftPulse, C:\Users\Home\Downloads\Setup (1).exe, Quarantine, [ac30204588f457dfd873f2067d84ec14]
    Detection, 12/22/2014 10:55:18 AM, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.SoftPulse, C:\Users\Home\Downloads\Setup.exe, Quarantine Failed, 5, Access is denied. , [03d9075eb2caa98daaa1de1a9c65867a]
    Detection, 12/22/2014 10:55:28 AM, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.SoftPulse, C:\Users\Home\Downloads\Setup.exe, Quarantine, [03d9075eb2caa98daaa1de1a9c65867a]
    Protection, 12/22/2014 10:56:50 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Stopping,
    Protection, 12/22/2014 10:56:50 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Stopped,
    Protection, 12/22/2014 10:58:36 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 10:58:36 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 11:02:55 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 11:02:55 AM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 11:02:55 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 11:03:00 AM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Scan, 12/22/2014 11:40:56 AM, SYSTEM, HOME-PC, Manual, Start:12/22/2014 11:27:14 AM, Duration:12 min 35 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections,
    Update, 12/22/2014 12:20:03 PM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.4, 2014.12.22.5,
    Protection, 12/22/2014 12:20:03 PM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 12:20:03 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 12:20:04 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 12:20:22 PM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 12:20:22 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 12:20:23 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Protection, 12/22/2014 12:40:20 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 12:40:20 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 12:40:21 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 12:40:27 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Scan, 12/22/2014 12:46:26 PM, SYSTEM, HOME-PC, Manual, Start:12/22/2014 12:45:12 PM, Duration:0 min 21 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
    Detection, 12/22/2014 1:21:08 PM, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.FlashCoupon.A, C:\ProgramData\FlaShCoupOn\xfTmG0qMhWOx3f.dll, Quarantine, [a63751140973d4622d19b591a3600bf5]
    Detection, 12/22/2014 1:21:14 PM, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.FlashCoupon.A, C:\ProgramData\FlaShCoupOn\xfTmG0qMhWOx3f.x64.dll, Quarantine, [f6e7fc69de9ec96d60e680c60af957a9]
    Update, 12/22/2014 1:24:44 PM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.5, 2014.12.22.7,
    Protection, 12/22/2014 1:24:45 PM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 1:24:45 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 1:24:45 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 1:24:50 PM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 1:24:50 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 1:24:51 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Protection, 12/22/2014 8:15:55 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 8:15:55 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 8:15:55 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 8:16:04 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Update, 12/22/2014 8:16:39 PM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.7, 2014.12.22.11,
    Protection, 12/22/2014 8:16:39 PM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 8:16:39 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 8:16:39 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 8:16:44 PM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 8:16:44 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 8:16:45 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Protection, 12/22/2014 8:21:33 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 8:21:33 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 8:21:33 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 8:21:39 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Protection, 12/22/2014 8:59:29 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
    Protection, 12/22/2014 8:59:30 PM, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
    Protection, 12/22/2014 8:59:30 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 8:59:35 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
    Update, 12/22/2014 9:12:42 PM, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.12.22.11, 2014.12.23.1,
    Protection, 12/22/2014 9:12:43 PM, SYSTEM, HOME-PC, Protection, Refresh, Starting,
    Protection, 12/22/2014 9:12:43 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 12/22/2014 9:12:43 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 12/22/2014 9:12:52 PM, SYSTEM, HOME-PC, Protection, Refresh, Success,
    Protection, 12/22/2014 9:12:52 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
    Protection, 12/22/2014 9:12:52 PM, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,

    (end)

  2. #12
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,189
    Points
    1308

    Default

    Hello,

    That's an incorrect log it's not telling me anything, I need a log that show files being deleted . Did Malwarebytes delete anything ?

    Here's the instruction for malwarebytes that we usually provide for users.
    You will not need to download because you already have it

    Please download Malwarebytes Anti-Malware to your desktop
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits



    Go back to the Dashboard and select Scan Now



    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Post that log


    Get log like this if needed,
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.



    I have to sign off for the nite, see what you can get accomplished.

    Try to get the farber recovery scan to me. If needed you can download that from a good computer onto a USB, Then insert the USB Into the bad computer and run it.

    I'd actually rather try a System restore and stabilize the computer so you can download directly. Farber recovery scan is just a scan, it does not fix anything. It shows us what might be wrong then we provide a fix based on it's showings.

  3. #13
    Member
    Join Date
    Nov 2008
    Posts
    34
    Points
    0

    Default

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:51:47 PM, on 12/22/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    C:\Program Files (x86)\Optimizer Pro 3.13\OptProReminder.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
    C:\Users\Home\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: LouckyCouuponu - {099dbcd5-4d50-4616-a749-073caa32a8b8} - C:\ProgramData\LouckyCouuponu\Xtkh2V8auztsex.dll
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: QueenCouppone - {da3f03b9-d17c-48a8-81ef-cf7f86b9dc4c} - C:\ProgramData\QueenCouppone\bZYwhAktNWSVnZ.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
    O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.13\OptProLauncher.exe
    O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419299963
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: HP SimpleSave Monitor.lnk = Home\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0321/CTPID.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\Home\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10653 bytes

  4. #14
    Member
    Join Date
    Nov 2008
    Posts
    34
    Points
    0

    Default

    Hi Joe: I am replying on my laptop. Malware is scanning my infected desktop now. I really appreciate you helping me...Joe

  5. #15
    Member
    Join Date
    Nov 2008
    Posts
    34
    Points
    0

    Default

    Thanks Joe I will keep trying

  6. #16
    Member
    Join Date
    Nov 2008
    Posts
    34
    Points
    0

    Default Updated Malware Log

    Quote Originally Posted by zep516 View Post
    Hello,

    That's an incorrect log it's not telling me anything, I need a log that show files being deleted . Did Malwarebytes delete anything ?

    Here's the instruction for malwarebytes that we usually provide for users.
    You will not need to download because you already have it

    Please download Malwarebytes Anti-Malware to your desktop
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits



    Go back to the Dashboard and select Scan Now



    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Post that log


    Get log like this if needed,
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.



    I have to sign off for the nite, see what you can get accomplished.

    Try to get the farber recovery scan to me. If needed you can download that from a good computer onto a USB, Then insert the USB Into the bad computer and run it.

    I'd actually rather try a System restore and stabilize the computer so you can download directly. Farber recovery scan is just a scan, it does not fix anything. It shows us what might be wrong then we provide a fix based on it's showings.

Page 2 of 2 FirstFirst 12