Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop won't boot, already made AVG CD and ran that,. Please Help


  • This topic is locked This topic is locked

#31
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
MBAM log


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frank :: THEARGO [administrator]

2/19/2012 8:09:29 PM
mbam-log-2012-02-19 (20-09-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206084
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Frank\AppData\Roaming\Microsoft\53CE\D24C.tmp_1329325688.arl (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#32
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frank :: THEARGO [administrator]

2/19/2012 8:09:29 PM
mbam-log-2012-02-19 (20-09-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206084
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Frank\AppData\Roaming\Microsoft\53CE\D24C.tmp_1329325688.arl (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#33
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
So far so good.
  • 0

#34
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Below is the Eset log, I had to run it 3 times to get the log- the first time it said there were 11 infections but it didn't save the log, the second time the machine shut down before i came back to it, and this last time it says it deleted them even though I made certain that unchecked the Remove Found Threats option. I will now run Security Check.

C:\ProgramData\Microsoft\Windows\DRM\B05D.tmp_1329325688.arl Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\B0DB.tmp_1329325688.arl Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\53CE\888.tmp_1329325688.arl.vir a variant of Win32/Kryptik.AAJB trojan cleaned by deleting - quarantined
C:\Users\Frank\Downloads\avc-free.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Frank\Downloads\ConnectifyInstaller(2).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Frank\Downloads\ConnectifyInstaller(3).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Frank\Downloads\ConnectifyInstaller.exe Win32/OpenCandy application deleted - quarantined
  • 0

#35
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Here is the log from Security Check
thanks again for all your assistance

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Java™ 6 Update 27
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
Mozilla Thunderbird 3.1.10 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````
  • 0

#36
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
You will need to update the programs that appear in red above. Older versions make the computer vulnerable to infections.

How is the computer doing?
  • 0

#37
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
We've updated the browsers but haven't had a chance to do Java and Adobe yet. It was working fine last night. My son took it to school today, might be tomorrow before I can check with him to see how it's been.
  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
:thumbsup:
  • 0

#39
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
It seems to be working good. Is there any other scans you would like us to run on it? Thanks again.
  • 0

#40
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
No everything seems clear. Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.
Remove the folder C:\FRST. Click here for instruction on how to remove ESET quarantine.

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP