 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51
 ·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
| reply to signmeuptoo
Checkup & ESET Results of screen317's Security Check version 0.99.30
Windows Vista x64 (UAC is enabled)
[color=red]Out of date service pack!![/color]
Internet Explorer 8 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 22
Java(TM) 6 Update 3
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aecb6e5693a4a944bd1712b9bb35eb19
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 02:46:34
# local_time=2012-01-07 09:46:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 0 162585687 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132701
# found=25
# cleaned=25
# scan_time=3813
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7516388f-205cf176 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\5e0e0013-403df8ba multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\346c2815-4043b359 a variant of Java/Agent.DU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\473233e1-297ee062 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\126ba0a9-7c33bdc8 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\37e24bea-28636e8e multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-213f7285 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-283d3f94 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-2f64dd36 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-4641c9c5 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-548f68b8 a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-62c4cd5b a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6bba7172-2ceb0339 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6d16b872-3bdc7792 Java/Exploit.CVE-2009-3867.AL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3e61fef3-7ae2ec80 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-6acc738d multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\44a48177-1b5c4cc8 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30ee3746-60b8a547 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\AppData\Roaming\clfsw32R.dll Win32/Ponmocup.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\asc-setup(1).exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\asc-setup(2).exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\MyFunCards.exe Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Family\Downloads\video.exe a variant of Win32/Injector.HZU trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aecb6e5693a4a944bd1712b9bb35eb19
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2000-01-02 04:05:46
# local_time=2000-01-01 11:05:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=131380
# found=0
# cleaned=0
# scan_time=4833
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~ |
|
 signmeuptooLove those still alivePremium
join:2001-11-22
NanoParticle
kudos:4
·Comcast
·Optimum Online
 ·callwithus
| reply to signmeuptoo
Re: Computer shop didn't do the job, so I am Thank you so much, oh sage and beautiful stormy one! At first I tried posting that way and I ran over the max characters. I really appreciate you going through all that trouble!!!
Also, in network properties, the WAN miniport PPPOE kept trying to run, so I deleted it. I think they are using Optimum Online so...
--
Join Teams Helix and Discovery. Rest in Peace, Leonard David Smith, my best friend, you are missed badly! Rest in peace, Pop, glad our last years were good. Please pray for Colin, he has ependymoma, a brain cancer, donate to a children's Hospital. |
|
lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51 | ..don't worry, you owe me one  
..stand by for LPP |
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to signmeuptoo
What AntiVirus did he have installed at the time of the infection??
I did not see one installed now. |
|
signmeuptooLove those still alivePremium
join:2001-11-22
NanoParticle
kudos:4 Reviews:
·Comcast
·Optimum Online
·callwithus
| reply to signmeuptoo
Something called iobit and when I just installed avira, it said that pc cillin was on it, evidently it wasn't uninstalled properly, so I ran CCleaner and Avira still said something was there but I went ahead and installed avira and it says that it's clean, from the quick check...
Also, the miniport PPPOE WAN driver kept trying to run at times, so I removed in from network properties.
--
Join Teams Helix and Discovery. Rest in Peace, Leonard David Smith, my best friend, you are missed badly! Rest in peace, Pop, glad our last years were good. Please pray for Colin, he has ependymoma, a brain cancer, donate to a children's Hospital. |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to signmeuptoo
The OTL log shows signs (and pieces) of Iobit, Symantec/Nortom, Trend Micro (Pc Cillin) and AVG. But no Avira, so that must have been added after the logs were produced.
From you comments and the logs, the best option is to back up any needed data, then reformat and start over. Experience tells me that this computer has been unstable in the past and may still be.
Having a clean computer is only part of the job,the other is to be certain the OS is stable.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
|
signmeuptooLove those still alivePremium
join:2001-11-22
NanoParticle
kudos:4 Reviews:
·Comcast
·Optimum Online
·callwithus
1 edit | Ah. Well we don't have the OS disk, there IS a restore partition though. The utility to build a restore disk doesn't appear on the Windows Vista programs menu that I see.
I don't know how restores are done with such a partition...
EDIT: I put Avira on it after doing the steps.
Could you share more about the instability?
Also, do I use the F8 key - repair - ... To restore the system to factory? |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to signmeuptoo
The MBAM log show that AVG had been totally disabled and that the Internet Explorer search page directed to a malware site.
I suspect the computer was operated in this state for some. With no protection and linked to a malware site, it's only a matter of time before the computer is hit with serious malware. By that time the OS has been compromised and the only recourse is reformat.
See: »Security Cleanup FAQ »Noteworthy Comments About Compromised Computers
Visiting high risk sites certainly would not help the situation either.
Computer manufacturers use different F-keys to activate the restore program. There is not standard and you'll have to check the manual or the manufactureres web site for the one to use. F8 is universal for Boot into Safe Mode and won't help for a restore.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
|
