Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee found trojan - PWS-FBLS!5AFD201578AB


  • This topic is locked This topic is locked
20 replies to this topic

#1 NotAgain!

NotAgain!

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 03 December 2013 - 03:28 PM

My real time scan (Mcafee) displays a message that reads that a trojan was detected and prompts a restart to allow its removal.  This message always appears immediately when I connect my external hard drive to my PC.  The name of the trojan that Mcafee gave me is shown in the topic title, and it claims it was quarantined at the location G:\iomega encryption utility.exe (the external is an iomega).  I ran DDS with the external connected and powered on (not sure if that helps).  The exact text from my message is "Mcafee detected an infected file on your PC.  Restart your PC so we can fix it."  In the more info sub-window, it reads the following:

"

About this Trojan

Detected: PWS-FBLS!5AFD201578AB (Trojan)

Quarantined from: G:\Iomega Encryption Utility.exe

 

We cannot remove a Trojan while the infected file is in use.  Restarting your PC frees up the infected fil allowing McAfee to fix this issue

"

Restarting the computer, as one might imagine, does not remove the problem.  For a little more info about the external hard drive, every time it is plugged in, the G:\ drive opens up with an autorun and iomega encryption utility.exe file.  The actual contents of the external hard drive are usually in a separate disk drive.  Below is the DDS text.  Thanks in advance for your help.

 

___

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005
Run by Steve at 14:06:48 on 2013-12-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1978.390 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Google Update] "c:\users\steve\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7DB687C1-18C6-4ADA-ADA5-3CAFB1A98A5A} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\rwb69frk.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\steve\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\steve\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\rwb69frk.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 23:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-14 571608]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-6 213200]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [2012-6-25 234140]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-7 281560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-15 103112]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-7 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-7 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-7 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-7 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-7 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-7 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-6 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 172416]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-6 60920]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2013-1-12 127488]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-14 235488]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-6 365256]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-11-7 147912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-14 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-14 40552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-11-14 00:01:39    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-14 00:01:38    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-08 01:44:17    147912    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
.
==================== Find3M  ====================
.
2013-11-19 01:58:50    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 01:58:50    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-13 00:34:10    17160    ----a-w-    c:\windows\help\oem\scripts\HPHCDisableObject.exe
2013-10-12 12:13:00    834048    ----a-w-    c:\windows\system32\wininet.dll
2013-10-12 12:12:15    53760    ----a-w-    c:\windows\apppatch\iebrshim.dll
2013-10-12 12:12:06    19456    ----a-w-    c:\windows\system32\corpol.dll
2013-10-12 10:52:18    389632    ----a-w-    c:\windows\system32\html.iec
2013-10-12 10:41:13    1383424    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-03 12:45:50    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 12:45:45    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-25 02:53:24    60920    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 02:49:20    213200    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 02:49:04    172416    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 02:45:46    571608    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 02:44:30    365256    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 02:44:00    65928    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2013-09-25 02:43:30    235488    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 02:42:44    133928    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-20 15:37:40    10152    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:37:24    80656    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37:10    301248    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 14:10:49.21 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 05 December 2013 - 08:03 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 December 2013 - 12:06 AM

Hey Jeff.  Thanks for the timely reply.  I have the logs you requested.  The ADW result is pasted below, and the TDSSKiller log is attached.  Let me know if you need any more information.

 

# AdwCleaner v3.014 - Report created 05/12/2013 at 22:55:50
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Steve - STEVE-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\rwb69frk.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1085 octets] - [05/12/2013 22:55:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1145 octets] ##########

Attached Files



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 06 December 2013 - 07:37 AM

Hi,
 
Good work.   :)
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 December 2013 - 12:51 AM

The ComboFix log is pasted below, as requested.

 

 

ComboFix 13-12-07.01 - Steve 12/06/2013  23:32:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1978.612 [GMT -6:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 05:45 . 2013-12-07 05:45    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-12-07 05:45 . 2013-12-07 05:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-06 04:55 . 2013-12-06 04:56    --------    d-----w-    C:\AdwCleaner
2013-11-14 00:01 . 2013-10-11 02:08    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-14 00:01 . 2013-10-11 02:07    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-08 01:44 . 2013-09-23 19:48    147912    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-04 00:50 . 2010-03-30 23:40    17160    ----a-w-    c:\windows\help\OEM\scripts\HPHCDisableObject.exe
2013-11-19 01:58 . 2013-09-11 02:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 01:58 . 2013-09-11 02:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-04 23:22 . 2011-01-07 01:50    60920    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-11-04 23:17 . 2011-01-07 01:50    213392    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 23:16 . 2011-01-07 01:50    172416    ----a-w-    c:\windows\system32\mfevtps.exe
2013-11-04 23:12 . 2009-02-14 16:31    572528    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-11-04 23:10 . 2011-01-07 01:50    365416    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-11-04 23:10 . 2009-02-14 16:31    65928    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2013-11-04 23:09 . 2011-09-15 01:52    236000    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 23:08 . 2011-01-07 01:50    133992    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-10-12 12:12 . 2013-11-14 00:02    53760    ----a-w-    c:\windows\apppatch\iebrshim.dll
2013-09-20 15:37 . 2013-09-20 15:37    10152    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:37 . 2013-09-20 15:37    80656    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37 . 2013-09-20 15:37    301248    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-24 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-24 172824]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 01:58]
.
2013-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415624051-3831988236-2379298781-1000Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 16:33]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415624051-3831988236-2379298781-1000UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 16:33]
.
2013-12-04 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\rwb69frk.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: !HIDDEN! 2009-09-01 23:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-06 23:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
.
c:\users\Steve\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-12-06  23:49:06
ComboFix-quarantined-files.txt  2013-12-07 05:49
.
Pre-Run: 39,340,376,064 bytes free
Post-Run: 39,306,440,704 bytes free
.
- - End Of File - - 2D0994CFD138FF9909A7DD534045CE30
588AE8F0C685C02BA11F30D9CD7E61A0
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 07 December 2013 - 03:07 PM

Hi,
 
There is probably nothing wrong with this but please do the following...
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\system32\drivers\mfeclnrk.sys

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------
 
Also let me know how your system is running.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 December 2013 - 03:25 PM

Hey Jeff,

 

Here's the link you requested:

https://www.virustotal.com/en/file/e5d23c68cced0a51d076a18f011934bedce46d7a40656ab97a771fd4d8dc4e1d/analysis/

 

I'm curious, in running combofix, should I have left my external hard drive powered on and connected to my PC?  I think I forgot to do this last night.

 

Thanks.



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 07 December 2013 - 03:28 PM

Hi,

 

How is your system running right now?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 07 December 2013 - 04:07 PM

Sorry, forgot to clarify that.  Mcafee is still giving me a notice that a trojan is detected when I power on my external hard drive.  It is also viewed the combofix download and that VirusTotal website as malicious.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 07 December 2013 - 09:25 PM

Ok let's do this.....attach the external hard drive and then run a full system scan with your antivirus.  If anything is found, please post the log that is made.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 08 December 2013 - 12:40 PM

Jeff,

 

The full scan found nothing.  I wanted to attach the log anyway, but I can't actually locate it.  It seems other people have the same problem.

 

I should also note that the scan had a lot of trouble completing and froze up a few times.  I had to leave it on overnight.



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 08 December 2013 - 12:45 PM

Hi,
 
Ok no problem.   :)  
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 08 December 2013 - 05:17 PM

The ESET scan is running exceptionally slow.  At nearly 4 hours, it's 20% done.  I will leave it running.


Edited by NotAgain!, 08 December 2013 - 05:18 PM.


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 08 December 2013 - 06:39 PM

Yes please leave it running.  It can take some time to finish.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 NotAgain!

NotAgain!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 December 2013 - 09:50 PM

Ok, it took awhile, but everything finished...

 

The malwarebytes log is pasted below:

 

---

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Steve :: STEVE-PC [administrator]

12/8/2013 12:11:40 PM
mbam-log-2013-12-08 (12-11-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219530
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

---

 

And the ESET results are shown below here:

 

C:\Users\Steve\Desktop\SetupImgBurn_2.5.5.0.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Steve\Downloads\accelerated-c-practical-programming-by-example.9780201703535.23645.pdf.exe    Win32/InstalleRex.I application

After these measures, it seems McAfee is no longer giving me the "Trojan Detected" notice when I connect my external hard drive.  I restarted and tried connecting it a few times, and it seems to have gone away.  Hopefully that took care of the problem!

 

Thanks again for your help Jeff.  Are there any additional measures to take given the results included?
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users