Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot boot computer after running Norton Power Eraser


  • This topic is locked This topic is locked
20 replies to this topic

#1 jcornell16

jcornell16

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 29 January 2012 - 11:52 AM

Here's my story, hope someone out there can help me fix this on my own! I have a Dell Inspiron 570, AMD Athlon II X4-630 processor, Windows 7 64 bit...purchased May 2011. I came with 3 free years of McAfee, theres my mistake! Firewall kept shutting itself down so I have a virus. Couldn't fix it, bought Norton 360. Ran a scan, found tracking cookies. Still had the virus. Could not access Google, kept getting messages stating I was out of memory at line 35, etc, walked past my computer and caught it sending emails to a bank. Ugh! So I ran Power Eraser and now I can't boot my computer. Tried safe mode, system repair, Dell Data Safe, restore from a previous point, nothing works. This was yesterday, now today that previous restore point doesn't even show up on the list. What should I do?

Saw a post from a few days ago on this forum about getting a flash drive and downloading something. Shall I try that? I'm good with computers if I have good instructions. Please help, thanks!

Mod Edit: OP posted FRST log, moved to MRL ~ Hamluis.

Edited by hamluis, 29 January 2012 - 09:49 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 29 January 2012 - 12:09 PM

Also, I believe the virus it found was called backdoor.bot. And one more piece of info you may need...I do not have a Windows 7 disc, it came pre-installed on my computer from Dell.

Edited by jcornell16, 29 January 2012 - 01:10 PM.


#3 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 29 January 2012 - 02:12 PM

I ran the Farbar recovery scan that another user with the same issue as told to do by Surgeon General from the malware team. Here is my log:

Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-01-28 15:06:58
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM\...\RunOnce: [EDocs] C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe /s [1499648 2010-04-28] (Dell Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

==================== Services (Whitelisted) ======

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-28 16:09 - 2012-01-28 16:09 - 0000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk
2012-01-28 16:09 - 2012-01-28 16:09 - 0000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk
2012-01-28 16:02 - 2012-01-28 16:02 - 0000000 ____D C:\Emergency
2012-01-28 15:42 - 2012-01-28 15:42 - 0000000 ____D C:\Windows\SMINST
2012-01-28 15:06 - 2012-01-28 15:07 - 0000000 ____D C:\FRST

============ 3 Months Modified Files and Folders =============

2012-01-28 16:09 - 2012-01-28 16:09 - 0000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk
2012-01-28 16:09 - 2012-01-28 16:09 - 0000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk
2012-01-28 16:02 - 2012-01-28 16:02 - 0000000 ____D C:\Emergency
2012-01-28 16:02 - 2011-05-09 09:21 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-01-28 15:42 - 2012-01-28 15:42 - 0000000 ____D C:\Windows\SMINST
2012-01-28 15:07 - 2012-01-28 15:06 - 0000000 ____D C:\FRST

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 5886.98 MB
Available physical RAM: 5265.19 MB
Total Pagefile: 5885.13 MB
Available Pagefile: 5248.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:889.97 GB) NTFS
4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
7 Drive i: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3819 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 13 GB 40 MB
Partition 3 Primary 917 GB 13 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partition 13 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 917 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy


==========================================================
TDL4: custom:26000022
==========================================================

Last Boot: 2011-05-09 11:04

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 AM

Posted 30 January 2012 - 02:42 PM

Hello jcornell16,

Welcome to this forum.

Please download Attached File  fixlist.txt   157bytes   87 downloads
Save it to your flash drive.
Boot to System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart the computer, let it boot normally and tell me how it went.

#5 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 30 January 2012 - 05:12 PM

I booted to system recovery options and I get
startup repair
system restore
system image recovery
windows memory diagnostic
command prompt
dell datasafe restore

I assume you want me to go to the command prompt. From there the screen says x:\windows\system32>. Now what?

Curious why it is looking at the x drive. Shouldn't it be c?

#6 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 30 January 2012 - 05:25 PM

Ok, just figured it out. Here it is:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-01-29 14:16:46 R:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

I just booted and it seems to be working. Its setting it up for first time use. Will all my data be somewhere? Like my program for my camera, itunes? Dell datasafe? Its up and running.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 AM

Posted 30 January 2012 - 05:28 PM

Great. :thumbup2:

Will all my data be somewhere? Like my program for my camera, itunes? Dell datasafe?


What do you mean?

Please don't run any program or scan or cleaner until I let you know it is safe.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 AM

Posted 30 January 2012 - 05:39 PM

I just see you were online but not replying to my query.

Just to let you know I'm going to sleep now. I'm in another time zone.:)

#9 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 30 January 2012 - 06:02 PM

Well it turns out that I am finding all of my files, such as, saved e-mails from my Windows Live mail client, internet favorites, etc. How do I get these old saved e-mail messages back into Windows Live again? How do I get my favorites restored? How do I restore my e-mail contacts and where do I find them? It appears that my Dell Data Safe backed up everything. I can find all of it on the hard drive, I just need help figuring out how to get it all back where it goes.

I have a camera program. Do I need to re-install it? Do I need to re-install my printer? Do I need to re-install iTunes for my iPod? These are things I need help with now.

Edited by jcornell16, 30 January 2012 - 09:18 PM.


#10 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 30 January 2012 - 06:03 PM

And thanks again for all of your help! I am so grateful to have my computer back and you will be compensated for this!

Edited by jcornell16, 30 January 2012 - 09:20 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 AM

Posted 31 January 2012 - 04:08 AM

Ok, I'm up and running!! I used Dell datasafe and everything went back on my hard drive. However, online how do I get my favorites back, my Windows Live email? And how do I find my programs? Example, Olympus Master 2 is my camera program. Its all there but does not show up under all programs from the start menu. How do I access it?

As I understand Dell data safe restores the computer to the factory default isn't it?

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    Dir /a c:\ >log.txt
    Dir /a/b/s "%temp%" >>log.txt
    notepad log.txt
    
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop.Posted Image
    • Right-click to run it as administrator.
    • A notepad opens, copy and paste the content (log.txt) to your reply.
  • Please download unhide.exe to your desktop and run it.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#12 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 31 January 2012 - 06:54 AM

I won;t be able to do this until this afternoon, about 8 hours from now, heading to work. But I will do it, thanks!

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:23 AM

Posted 31 January 2012 - 06:59 AM

:thumbup2:

#14 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 31 January 2012 - 05:29 PM

First: Yes, Dell data safe restored it to factory settings.
Second: Here is the look.bat file.....will post reply to last steps in another post.......
Volume in drive C is OS
Volume Serial Number is 3206-3198

Directory of c:\

01/30/2012 04:24 PM <DIR> $RECYCLE.BIN
05/09/2011 09:46 AM <DIR> Apps
01/30/2012 04:33 PM <DIR> Cook'n
01/30/2012 07:38 PM <DIR> dell
05/09/2011 11:57 AM 30,880 dell.sdr
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
05/09/2011 11:25 AM <DIR> Drivers
01/29/2012 01:20 PM <DIR> Emergency
01/28/2012 03:07 PM <DIR> FRST
01/30/2012 07:38 PM 4,629,704,704 hiberfil.sys
01/28/2012 04:47 PM 80 log.txt
01/31/2012 03:55 PM <DIR> MSOCache
01/30/2012 07:38 PM 6,172,942,336 pagefile.sys
07/13/2009 09:20 PM <DIR> PerfLogs
01/30/2012 05:14 PM <DIR> Program Files
01/30/2012 05:30 PM <DIR> Program Files (x86)
01/30/2012 07:26 PM <DIR> ProgramData
01/30/2012 05:29 PM <DIR> System Volume Information
05/09/2011 09:22 AM <DIR> Temp
01/30/2012 04:37 PM <DIR> Users
01/30/2012 04:45 PM <DIR> WINDOWS
4 File(s) 10,802,678,000 bytes
17 Dir(s) 920,242,589,696 bytes free
C:\Users\Bobnjill\AppData\Local\Temp\01301739-00004094-p77y4bj207
C:\Users\Bobnjill\AppData\Local\Temp\01301958-00000328-mibfvvuecu
C:\Users\Bobnjill\AppData\Local\Temp\01302022-000038cc-k37jlxiqlv
C:\Users\Bobnjill\AppData\Local\Temp\01310553-000054e8-8xnw8oav7g
C:\Users\Bobnjill\AppData\Local\Temp\01311501-00005b54-d7bzv3u5jo
C:\Users\Bobnjill\AppData\Local\Temp\01311533-000055d0-vqv3mz6uji
C:\Users\Bobnjill\AppData\Local\Temp\AAWInstallerTemp
C:\Users\Bobnjill\AppData\Local\Temp\adaware-manifest.xml
C:\Users\Bobnjill\AppData\Local\Temp\au-descriptor-1.6.0_30-b12.xml
C:\Users\Bobnjill\AppData\Local\Temp\AUCHECK_CORE.txt
C:\Users\Bobnjill\AppData\Local\Temp\AUCHECK_PARSER.txt
C:\Users\Bobnjill\AppData\Local\Temp\BingBarInstallerLogs
C:\Users\Bobnjill\AppData\Local\Temp\Bobnjill.bmp
C:\Users\Bobnjill\AppData\Local\Temp\Commands.xml
C:\Users\Bobnjill\AppData\Local\Temp\CVHLauncher(201201311549516A68).log
C:\Users\Bobnjill\AppData\Local\Temp\CVR36F8.tmp.cvr
C:\Users\Bobnjill\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\Bobnjill\AppData\Local\Temp\hsperfdata_Bobnjill
C:\Users\Bobnjill\AppData\Local\Temp\jusched.log
C:\Users\Bobnjill\AppData\Local\Temp\Low
C:\Users\Bobnjill\AppData\Local\Temp\mavcperf-setup.log
C:\Users\Bobnjill\AppData\Local\Temp\mnyADA.tmp
C:\Users\Bobnjill\AppData\Local\Temp\mnypkg.log
C:\Users\Bobnjill\AppData\Local\Temp\mnyscost.log
C:\Users\Bobnjill\AppData\Local\Temp\mnysetup.log
C:\Users\Bobnjill\AppData\Local\Temp\mnysyspk.log
C:\Users\Bobnjill\AppData\Local\Temp\MSN3776.exe
C:\Users\Bobnjill\AppData\Local\Temp\MSN3776.tmp
C:\Users\Bobnjill\AppData\Local\Temp\nsg1123.tmp
C:\Users\Bobnjill\AppData\Local\Temp\OOBE(2012013017142415F4).log
C:\Users\Bobnjill\AppData\Local\Temp\Sonic.tmp
C:\Users\Bobnjill\AppData\Local\Temp\Sonic1.tmp
C:\Users\Bobnjill\AppData\Local\Temp\Sonic2.tmp
C:\Users\Bobnjill\AppData\Local\Temp\Sonic3.tmp
C:\Users\Bobnjill\AppData\Local\Temp\Sonic4.tmp
C:\Users\Bobnjill\AppData\Local\Temp\StructuredQuery.log
C:\Users\Bobnjill\AppData\Local\Temp\TASC9A4.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD27CF.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD2800.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD2812.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD42C5.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD43D0.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD43E1.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4441.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD459A.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4657.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD484D.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD48FA.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD495A.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD49B9.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4A19.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4AD6.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4E71.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD4F1E.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD51EE.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD54CD.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD54FE.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD5609.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD5734.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD5C64.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD5FC0.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD601F.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD607F.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD60DE.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD613E.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD61AD.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD620D.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD626C.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD62CC.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD632C.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD638B.tmp
C:\Users\Bobnjill\AppData\Local\Temp\TCD68CB.tmp
C:\Users\Bobnjill\AppData\Local\Temp\VirtualizationBootstrapper(20120130171443190C).log
C:\Users\Bobnjill\AppData\Local\Temp\wlsCCB2.tmp
C:\Users\Bobnjill\AppData\Local\Temp\wlsCD8D.tmp
C:\Users\Bobnjill\AppData\Local\Temp\wmsetup.log
C:\Users\Bobnjill\AppData\Local\Temp\WPDNSE
C:\Users\Bobnjill\AppData\Local\Temp\_ir_tu2_temp_0
C:\Users\Bobnjill\AppData\Local\Temp\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
C:\Users\Bobnjill\AppData\Local\Temp\~DF1B12A42A0EC5AB79.TMP
C:\Users\Bobnjill\AppData\Local\Temp\~DF8757803B9EBB0AD7.TMP
C:\Users\Bobnjill\AppData\Local\Temp\AAWInstallerTemp\v9.0.7
C:\Users\Bobnjill\AppData\Local\Temp\AAWInstallerTemp\v9.0.7\Ad-Aware.msi
C:\Users\Bobnjill\AppData\Local\Temp\BingBarInstallerLogs\i3800.tmp
C:\Users\Bobnjill\AppData\Local\Temp\BingBarInstallerLogs\i3801.tmp
C:\Users\Bobnjill\AppData\Local\Temp\BingBarInstallerLogs\un4901.tmp
C:\Users\Bobnjill\AppData\Local\Temp\BingBarInstallerLogs\un4930.tmp
C:\Users\Bobnjill\AppData\Local\Temp\Low\Cookies
C:\Users\Bobnjill\AppData\Local\Temp\Low\History
C:\Users\Bobnjill\AppData\Local\Temp\Low\Messenger Companion
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files
C:\Users\Bobnjill\AppData\Local\Temp\Low\Cookies\bobnjill@ebay[1].txt
C:\Users\Bobnjill\AppData\Local\Temp\Low\Cookies\bobnjill@main.ebayrtm[1].txt
C:\Users\Bobnjill\AppData\Local\Temp\Low\Cookies\index.dat
C:\Users\Bobnjill\AppData\Local\Temp\Low\History\History.IE5
C:\Users\Bobnjill\AppData\Local\Temp\Low\History\History.IE5\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\History\History.IE5\index.dat
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2D1JLGLN
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7Q6CPH10
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E5FEMBV4
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VGQSDHJ6
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2D1JLGLN\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2D1JLGLN\nm1d4ksdye4zhe2cwmea4nd4s[1].js
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7Q6CPH10\341wgvdjgy2abb1qzf3cxflzf[1].js
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7Q6CPH10\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7Q6CPH10\qicc5beyw2zejm0u4bus2lv3u[1].js
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E5FEMBV4\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E5FEMBV4\mboeyw2oh2ydjocnjvtfknynx[1].css
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E5FEMBV4\rb2d5vvjxi5xdh0j552zr5fom[1].css
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VGQSDHJ6\desktop.ini
C:\Users\Bobnjill\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VGQSDHJ6\tpmi3ixde21ktcyut0w0gqzck[1].js
C:\Users\Bobnjill\AppData\Local\Temp\mnyADA.tmp\swflash.inf
C:\Users\Bobnjill\AppData\Local\Temp\mnyADA.tmp\swflash.ocx
C:\Users\Bobnjill\AppData\Local\Temp\TCD4657.tmp\CleanGradient.thmx
C:\Users\Bobnjill\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG1.BMP
C:\Users\Bobnjill\AppData\Local\Temp\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\geodata.xml

#15 jcornell16

jcornell16
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:07:23 PM

Posted 31 January 2012 - 05:58 PM

Step 3: Unhide. Not sure what to do with it, saved to desktop but nothing happened. Opens up as a command prompt black screen.
Step 4: Here's the MBAM log....

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bobnjill :: BOBNJILL-PC [administrator]

1/31/2012 4:53:19 PM
mbam-log-2012-01-31 (16-53-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192550
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Another Question....are McAfee and Norton still on my computer? How do I completely remove if they still show up in the registry after uninstall? I am now using Spybot and Ad-Aware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users