Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown username logged on my computer


  • Please log in to reply
5 replies to this topic

#1 coffeelove

coffeelove

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 July 2012 - 10:41 PM

Hi,

I hope I can explain this accurately, as I have never experienced this before.

Two days ago I was on my laptop, reading an article on yahoo. When I finished reading the article, I went to log onto my yahoo email, and another username was already logged onto yahoo. When I clicked on the name, yahoo, asked me for the password, so I just pressed the "sign out" button. I copied the username down, googled it, and found the yahoo email address as the contact email on a website for some diet/fitness product. This was in the morning, and I am the only person with access to my computer, so there is no way anyone else used it, and anyhow, it's a pretty spam-y looking name. This hasn't happened again, but I'm worried about it.
I have a very basic pc laptop, I run Avast free antivirus, and have Windows 7 and have wireless dsl.
What I have done since:
Full Scan
Boot time Scan
Malwarebytes (scanning right now)

I would really appreciate any help or tips. Thanks for your time.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:07 AM

Posted 28 July 2012 - 09:35 PM

Hello, post the MBAM scan log when done.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


How are you connecting to the net,wired,wirelees,do you have a router?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 coffeelove

coffeelove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 29 July 2012 - 08:01 PM

Thank you for your response.
I have a dsl wireless connection. I have a small motorola router that hooks up to my d-link, not sure why it's hooked up like this, there was some reason.


I followed the steps, and I am pasting the results
:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

Protection: Enabled

7/27/2012 8:35:09 PM
mbam-log-2012-07-27 (20-42-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237259
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\owner\AppData\Local\Temp\is1598539481\5274054_Setup.DAT (PUP.SpyBoss) -> No action taken.
C:\Users\owner\Downloads\HackerFreezeSetup.exe (PUP.SpyBoss) -> No action taken.
C:\Users\owner\Downloads\ultimatemediaplayer_2.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)


MiniToolBox by Farbar Version: 23-07-2012
Ran by owner (administrator) on 29-07-2012 at 14:52:29
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dslextreme.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 70-F1-A1-64-AD-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : dslextreme.com
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 70-F1-A1-64-AD-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::956:8807:57a1:51f2%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.5.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 12:42:10 PM
Lease Expires . . . . . . . . . . : Sunday, August 05, 2012 2:45:07 PM
Default Gateway . . . . . . . . . : fe80::1eaf:f7ff:fed1:d46b%12
192.168.5.1
DHCP Server . . . . . . . . . . . : 192.168.5.1
DNS Servers . . . . . . . . . . . : 192.168.5.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 70-5A-B6-C1-0C-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dslextreme.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:38bd:3b4b:bb48:e571(Preferred)
Link-local IPv6 Address . . . . . : fe80::38bd:3b4b:bb48:e571%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4AAC1865-70C9-4D56-A74C-C1609AA0102E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8E308752-CC61-4D5B-84BD-B516D0FC336E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.5.1

Name: google.com
Addresses: 2001:4860:4001:801::1002
74.125.224.69
74.125.224.70
74.125.224.71
74.125.224.72
74.125.224.73
74.125.224.78
74.125.224.64
74.125.224.65
74.125.224.66
74.125.224.67
74.125.224.68


Pinging google.com [74.125.224.68] with 32 bytes of data:
Reply from 74.125.224.68: bytes=32 time=45ms TTL=58
Reply from 74.125.224.68: bytes=32 time=49ms TTL=58

Ping statistics for 74.125.224.68:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 49ms, Average = 47ms
Server: UnKnown
Address: 192.168.5.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=196ms TTL=55
Reply from 209.191.122.70: bytes=32 time=93ms TTL=56

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 93ms, Maximum = 196ms, Average = 144ms
Server: UnKnown
Address: 192.168.5.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 7ms, Average = 4ms
===========================================================================
Interface List
13...70 f1 a1 64 ad c9 ......Microsoft Virtual WiFi Miniport Adapter
12...70 f1 a1 64 ad c9 ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
10...70 5a b6 c1 0c 5e ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.5.1 192.168.5.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.5.0 255.255.255.0 On-link 192.168.5.100 281
192.168.5.100 255.255.255.255 On-link 192.168.5.100 281
192.168.5.255 255.255.255.255 On-link 192.168.5.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.5.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.5.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
12 281 ::/0 fe80::1eaf:f7ff:fed1:d46b
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:953c:38bd:3b4b:bb48:e571/128
On-link
12 281 fe80::/64 On-link
15 306 fe80::/64 On-link
12 281 fe80::956:8807:57a1:51f2/128
On-link
15 306 fe80::38bd:3b4b:bb48:e571/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2012 02:45:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5462438

Error: (07/29/2012 02:45:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5462438

Error: (07/29/2012 02:45:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2012 02:45:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5461408

Error: (07/29/2012 02:45:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5461408

Error: (07/29/2012 02:45:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2012 02:45:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5460347

Error: (07/29/2012 02:45:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5460347

Error: (07/29/2012 02:45:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2012 01:14:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8783


System errors:
=============
Error: (07/29/2012 09:18:17 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (07/28/2012 04:51:05 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/27/2012 01:53:38 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2012 01:52:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Error: (07/26/2012 07:06:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (07/26/2012 01:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2012 08:03:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Error: (07/25/2012 05:16:58 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2012 05:16:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (07/25/2012 11:50:41 AM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (12/05/2011 10:01:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15433 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Audible Download Manager (Version: 6.6.0.15)
avast! Free Antivirus (Version: 7.0.1456.0)
Best Buy pc app (Version: 3.2.0.0)
Bonjour (Version: 2.0.4.0)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Gem Drop
Google Chrome (Version: 20.0.1132.57)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
iDailyDiary 3.71
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Mega Codec Pack 8.0.0 (Version: 8.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Research AutoCollage 2008 version 1.1 (Version: 1.01.2008)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
OverDrive Media Console (Version: 3.2.5)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PreReq (Version: 6.2.2.60)
QuickTime (Version: 7.69.80.9)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA Media Controller (Version: 1.0.65)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.26.64)
ToshibaRegistration (Version: 1.0.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.27C)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Word Monaco
XHeader (Version: 1.215)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02 (Version: 1.10.02)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 2936.89 MB
Available physical RAM: 1336.03 MB
Total Pagefile: 5871.96 MB
Available Pagefile: 3987.14 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.91 MB

========================= Partitions: =====================================

1 Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:173.18 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Daddy Guest
owner Theresa


**** End of log ****


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 17:25:42
-----------------------------
17:25:42.780 OS Version: Windows x64 6.1.7601 Service Pack 1
17:25:42.780 Number of processors: 1 586 0x170A
17:25:42.781 ComputerName: OWNER-PC UserName: owner
17:25:43.365 Initialize success
17:25:43.479 AVAST engine defs: 12072901
17:25:47.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:25:47.892 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
17:25:47.929 Disk 0 MBR read successfully
17:25:47.932 Disk 0 MBR scan
17:25:47.936 Disk 0 Windows VISTA default MBR code
17:25:47.951 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:25:47.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227773 MB offset 3074048
17:25:48.001 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9201 MB offset 469553152
17:25:48.051 Disk 0 scanning C:\windows\system32\drivers
17:25:58.559 Service scanning
17:26:35.655 Modules scanning
17:26:35.667 Disk 0 trace - called modules:
17:26:35.701 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
17:26:36.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003dbb060]
17:26:36.040 3 CLASSPNP.SYS[fffff8800179b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d97050]
17:26:36.506 AVAST engine scan C:\windows
17:26:38.828 AVAST engine scan C:\windows\system32
17:29:12.462 AVAST engine scan C:\windows\system32\drivers
17:29:24.730 AVAST engine scan C:\Users\owner
17:41:10.358 AVAST engine scan C:\ProgramData
17:42:33.406 Scan finished successfully
17:49:58.799 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
17:49:58.810 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:07 AM

Posted 30 July 2012 - 01:31 PM

Thank you, may be a TDL4 infection so...



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Rerun aswMBR and post a new log,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 coffeelove

coffeelove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 July 2012 - 12:10 AM

Hi,

I ran the TDSSKiller, I checked off the Detect TDLFS file system box, and the scan results were "No threats found". Ran it twice to make sure, same result.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:07 AM

Posted 31 July 2012 - 09:38 AM

Hello, you have an infection we cannot kill here.
17:25:48.001 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9201 MB offset 469553152


We need to start a new topic.
We need a deeper look and different tools. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip GMER and post the aswMBR log above..

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users