Virus Dramas

[borojamie]

Jotti's malware scan

 

Filename: eauxx.exe Status: Scan finished. 3 out of 20 scanners reported malware.

Scan taken on: Mon 14 Dec 2009 08:27:18 (CET) Permalink

 

Additional info

 

File size: 188416 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 6fe7ca112a9a6eee439968473f516f74 SHA1: 45ae814edbab81b76154efd0878ce3e3ad9345a6

 

 

GDATA

2009-12-14 Win32:VB-NYL

 

SOPHOS

2009-12-14 Mal/VBKrypt-A

 

AVAST

2009-12-13 Win32:VB-NYL

[borojamie]

Hi Chiaz

 

Please also see the virustotal result - more info

 

File 8C173E4400CE89D3E00902687B7FDA007E549150.exe received on 2009.12.09 03:31:25 (UTC)

Current status: finished

Result: 3/40 (7.50%)

 

http://extremetechsupport.com/img/compress-icon.png Compact

Print results http://extremetechsupport.com/img/print-icon.png

 

 

AntivirusVersionLast UpdateResulta-squared4.5.0.432009.12.09-AhnLab-V35.0.0.22009.12.09-AntiVir7.9.1.1022009.12.08-Antiy-AVL2.0.3.72009.12.08-Authentium5.2.0.52009.12.02-Avast4.8.1351.02009.12.08Win32:VB-NYLAVG8.5.0.4262009.12.08-BitDefender7.22009.12.09-CAT-QuickHeal10.002009.12.08-ClamAV0.94.12009.12.09-Comodo31032009.12.01-DrWeb5.0.0.121822009.12.09-eSafe7.0.17.02009.12.08-eTrust-Vet35.1.71652009.12.08-F-Prot4.5.1.852009.12.08-F-Secure9.0.15370.02009.12.07-Fortinet4.0.14.02009.12.08-GData192009.12.09Win32:VB-NYL IkarusT3.1.1.74.02009.12.09-Jiangmin13.0.9002009.12.02-K7AntiVirus7.10.9152009.12.08-Kaspersky7.0.0.1252009.12.09-McAfee58262009.12.08-McAfee+Artemis58262009.12.08-McAfee-GW-Edition6.8.52009.12.09-Microsoft1.53022009.12.09-NOD3246712009.12.08-Norman6.03.022009.12.08-nProtect2009.1.8.02009.12.08-Panda10.0.2.22009.12.08-PCTools7.0.3.52009.12.09-Rising22.25.02.012009.12.09-Sophos4.48.02009.12.09Mal/VBKrypt-ASunbelt3.2.1858.22009.12.09-Symantec1.4.4.122009.12.09-TheHacker6.5.0.2.0882009.12.07-TrendMicro9.100.0.10012009.12.08-VBA323.12.12.02009.12.08-ViRobot2009.12.8.20762009.12.08-VirusBuster5.0.21.02009.12.08-Additional informationFile size: 188416 bytesMD5 : 6fe7ca112a9a6eee439968473f516f74SHA1 : 45ae814edbab81b76154efd0878ce3e3ad9345a6SHA256: 77052e3d30ae1924f70fdca67fb965aec96e8fb6c9914b6f14cc773cf6ed39dbPEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x118C

timedatestamp.....: 0x4B181A55 (Thu Dec 3 21:06:45 2009)

machinetype.......: 0x14C (Intel I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xE44C 0xF000 5.08 f5197f42a04496e049dc431c9abf3f0c

.data 0x10000 0xEE0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 0x11000 0x3E30 0x4000 4.51 7fec8f7b6c17c5ba7b1508e8bdac707a

.fcknxcd 0x15000 0x1000 0x1A000 7.79 bb5d2ae33eafa380f793baa7630aa366

 

( 1 imports )

 

> msvbvm60.dll: EVENT_SINK_GetIDsOfNames, MethCallEngine, EVENT_SINK_Invoke, -, -, -, -, Zombie_GetTypeInfo, -, -, -, -, -, -, EVENT_SINK_AddRef, DllFunctionCall, Zombie_GetTypeInfoCount, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -

 

( 0 exports )

ssdeep: 3072:/0fPMFbd0bovZeYcgzDHnUEeikYle6HMtLkojo6LQUr88n3:8MFhtcgzQEeikv6Qjoyrn3PEiD : -RDS : NSRL Reference Data Set

-

[chiaz]

Rename eauxx.exe to eauxx.exr

 

How's your PC running at this point in time?

[borojamie]

Hi Chiaz,

 

I've renamed the file exr however it did not ask me to confirm change to the file extension and its tpe still remains an application.

 

My laptop seems totally fine with no other problems however i am holding off entering passwords due to the previous spyware issues

 

Thanks again for your help

[borojamie]

Hi Chiaz,

 

I logged on this morning and opened up internet explorer and mcafee flashed up 2 trogan virus alerts quarantined. I disconnected my wireless internet immediately and ran malware which came up with 8 problems ive cut and pasted the notebook file attached.

 

Malwarebytes' Anti-Malware 1.42

Database version: 3338

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

16/12/2009 13:25:35

mbam-log-2009-12-16 (13-25-27).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 255338

Time elapsed: 54 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAMIEP~1\APPLIC~1\MACROM~1\Common\9918001c1.dll) Good: (wdmaud.drv) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[chiaz]

Remove all that was found by MBAM.

 

Then download Dr. Web to the desktop:

Dr.Web CureIt! — ??????? ????????? ?????????! ??????? ???????, ?????? ?????????? ?????????!

 

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

PC Hell: How to Start Windows in Safe Mode

 

Doubleclick the drweb-cureit.exe file. It will then suggest to run an expressscan -- this you should allow.

After this (Dr.Web writes "Select object for Scanning" at the Bottom-left), you click Options->Change settings.

Choose the "Scan"-tab, remove the mark at "Heuristic analysis".

Choose the "Actions"-tab, and choose "Rename" under all the Malware-issues.

Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).

 

Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.

After the scan: Close Dr.Web. Click Start->search, find the following file: CureIt.log, and copy the last lines of this log into the thread (starting with: Scan statistics).

[borojamie]

Hi Chiaz,

 

i removed everything via mbam. And managed to download dr.web. However I was not able to start up in safe mode once i chose safe mode it appeared to boot up then blue screen dump then reverted back to prompt saying sorry for inconvenience could not start in safe mode.

 

I have then attempted to run dr web in normal mode and it flagged up 2 files - one a powerpoint presentation saying probably office.exploit16 and the other the c:\exuxx.exr.exe saying virus.trojan.pws.panda.122 which it has now deleted.

[borojamie]

I wasnt sure if this part was also of concern just because of the number of references to virus files

 

Dr.Web Scanner for Windows v5.00.10 (5.00.10.11260)

© Doctor Web, Ltd., 1992-2009

Log generated on: 2009-12-17, 00:18:33 [Jamie Panico]

Command line: "C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\33d7bXP.exe" /lng /ini:setup_XP.ini /fast

Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3

=============================================================================

DwShield started

Engine version: 5.00 (5.00.0.12182)

Engine API version: 2.02

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\8c9fede7 - 439 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\9b2ce459 - 8976 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\a20229e4 - 20989 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\98c7044a - 17133 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\071318f4 - 14984 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\3073981b - 33156 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\df297ea6 - 26201 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\6e6fed18 - 26893 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\30ef6c7d - 25927 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\d034c33d - 27494 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\ad9fda1d - 12425 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\22f24a24 - 4903 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\59472a2b - 3476 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\7b3d531e - 8537 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\9da37f73 - 5686 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\8004ac0c - 4308 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\14dcc735 - 5456 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\e4e6f82e - 6848 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\e0829fae - 5479 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\66d59609 - 8526 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\941413ba - 7640 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\c7dd5a55 - 6071 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\0c2cc0a0 - 4983 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\e26c67fc - 2139 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\31321791 - 3732 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\53519f29 - 6424 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\98f621a3 - 5242 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\42b5eaab - 2770 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\836e0686 - 2685 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\3f2e89c6 - 3327 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\4b942ae5 - 4697 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\730112c7 - 2792 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\655209c4 - 5841 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\1ef172ed - 2260 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\f5fc0158 - 4796 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\e1711443 - 5098 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\1906e331 - 4891 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\22080439 - 5033 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\cad70beb - 3254 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\02446fd2 - 5206 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\51523d5c - 7585 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\0e5e4393 - 5298 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\89837be1 - 5947 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\84a4da71 - 6039 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\f62e6822 - 5309 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\7bf84f8d - 3511 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\38f7aa98 - 2495 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\8d128828 - 4565 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\fd36b07d - 4467 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\dc0f13b7 - 5196 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\d6a69be5 - 2359 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\b02dfa70 - 1938 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\9b38208c - 3335 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\fe8958d2 - 3185 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\4a2db87b - 1468 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\53871e0e - 280 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\874ec4be - 567 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\340cc7e8 - 1194 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\392e1742 - 423328 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\3809c628 - 183 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\38502dec - 397 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\6b33950b - 663 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\2c10032a - 575 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\fe0685eb - 508 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\7fafeb9a - 665 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\616b8316 - 626 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\7d8a3689 - 552 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\93be9109 - 1103 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\e0c7c518 - 907 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\82856237 - 864 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\eef7efa2 - 1459 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\9f81d881 - 753 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\22cef4f4 - 597 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\5e8ab580 - 554 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\8529d202 - 680 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\b88c3306 - 712 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\4702e719 - 925 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\55f3678e - 840 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\1c3b8cf0 - 3316 virus records

[Virus database] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\794b73ca - 19303 virus records

Total virus records: 880965

[self-checking] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\33d7bXP.exe

Key file: C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RarSFX1\setup.key

License key number: 0011097003

Registered to: An unauthorized User

License key activates on: 2009-09-14

License key expires on: 2010-03-17

Process in memory: System:4 - OK

Process in memory: C:\WINDOWS\ehome\mcrdsvc.exe:184 - OK

Process in memory: C:\Program Files\Acer\OrbiCam\CameraAssistant.exe:204 - OK

Process in memory: C:\WINDOWS\system32\rundll32.exe:364 - OK

Process in memory: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:392 - OK

Process in memory: C:\WINDOWS\ehome\ehtray.exe:416 - OK

Process in memory: C:\Program Files\McAfee.com\Agent\mcagent.exe:464 - OK

Process in memory: \SystemRoot\System32\smss.exe:520 - OK

Process in memory: C:\WINDOWS\system32\ElkCtrl.exe:584 - OK

Process in memory: C:\WINDOWS\eHome\ehmsas.exe:632 - OK

Process in memory: C:\WINDOWS\system32\spoolsv.exe:748 - OK

Process in memory: C:\WINDOWS\Explorer.EXE:756 - OK

Process in memory: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:804 - OK

Process in memory: C:\Acer\Empowering Technology\admServ.exe:820 - OK

Process in memory: C:\Acer\Empowering Technology\eRecovery\Monitor.exe:840 - OK

Process in memory: C:\WINDOWS\RTHDCPL.EXE:944 - OK

Process in memory: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:992 - OK

Process in memory: \??\C:\WINDOWS\system32\csrss.exe:1012 - OK

Process in memory: \??\C:\WINDOWS\system32\winlogon.exe:1040 - OK

Process in memory: C:\WINDOWS\system32\services.exe:1084 - OK

Process in memory: C:\WINDOWS\system32\lsass.exe:1104 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1256 - OK

Process in memory: C:\Acer\Empowering Technology\admtray.exe:1324 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1340 - OK

Process in memory: C:\Program Files\Windows Defender\MsMpEng.exe:1412 - OK

Process in memory: C:\WINDOWS\System32\svchost.exe:1452 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1492 - OK

Process in memory: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe:1660 - OK

Process in memory: C:\Program Files\Windows Defender\MSASCui.exe:1684 - OK

Process in memory: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe:1688 - OK

Process in memory: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:1720 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1804 - OK

Process in memory: C:\PROGRA~1\LAUNCH~1\LManager.exe:1816 - OK

Process in memory: C:\WINDOWS\system32\LVCOMSX.EXE:1836 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1848 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:1888 - OK

Process in memory: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:2036 - OK

Process in memory: C:\WINDOWS\system32\ctfmon.exe:2112 - OK

Process in memory: C:\WINDOWS\system32\wbem\unsecapp.exe:2136 - OK

Process in memory: C:\Program Files\Windows Live\Messenger\msnmsgr.exe:2168 - OK

Process in memory: C:\Program Files\Bonjour\mDNSResponder.exe:2196 - OK

Process in memory: C:\Program Files\Checkit\softinfo.exe:2240 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:2260 - OK

Process in memory: C:\WINDOWS\eHome\ehRecvr.exe:2280 - OK

Process in memory: C:\WINDOWS\system32\wuauclt.exe:2324 - OK

Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:2360 - OK

Process in memory: C:\WINDOWS\eHome\ehSched.exe:2452 - OK

Process in memory: C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE:2508 - OK

Process in memory: C:\Program Files\Common Files\LightScribe\LSSrvc.exe:2696 - OK

Process in memory: C:\WINDOWS\system32\dllhost.exe:2748 - OK

Process in memory: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe:2808 - OK

Process in memory: C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\RtkBtMnt.exe:2820 - OK

Process in memory: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe:3200 - OK

Process in memory: c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe:3224 - OK

Process in memory: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe:3360 - OK

Process in memory: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:3460 - OK

Process in memory: C:\Program Files\McAfee\MPF\MPFSrv.exe:3508 - OK

Process in memory: C:\Program Files\McAfee\MSK\MskSrver.exe:3612 - OK

Process in memory: C:\WINDOWS\system32\nvsvc32.exe:3744 - OK

Process in memory: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe:3800 - OK

Process in memory: C:\WINDOWS\system32\wbem\wmiprvse.exe:3884 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:3920 - OK

Process in memory: C:\WINDOWS\system32\svchost.exe:3956 - OK

Process in memory: C:\WINDOWS\system32\UAService7.exe:4088 - OK

Process in memory: C:\WINDOWS\system32\wbem\wmiprvse.exe:4108 - OK

[Memory scanning] No viruses found

[borojamie]

Chiaz,

 

Here is the scan statistics part you requested altho please note this was run in normal mode as safe mode was unaccessable

 

can statistics

-----------------------------------------------------------------------------

Scanned: 65

Infected: 0

Modifications: 0

Suspicious: 0

Adware: 0

Dialers: 0

Jokes: 0

Riskware: 0

Hacktools: 0

Cured: 0

Deleted: 0

Renamed: 0

Moved: 0

Ignored: 0

Scan speed: 0 Kb/s

Scan time: 00:00:49

[chiaz]

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean.

 

Run your computer for a few days, and let me know how everything goes OK?

[borojamie]

Hi Chiaz

 

Thanks for your help Ive ran oldtimer and it cleared lots of temp files. Thanks for your help..

 

Are you content for me to start using programmes which require passwords, hotmail and the like?

 

Ive avoided them so far as i didnt want any oof the passwords bein hacked?

 

My MS office Icons are still the unknown file type I can change this manually if you think its not a problem

[chiaz]

I suggest you run a full scan with MBAM again. If nothing comes up, then you should be able to use your PC per normal (including entering sites requiring a password).

 

Let me know.

[borojamie]

Hi Chiaz, yeah no problems at all with the latest malware log thanks for your help i will let you know how i get on.

 

I noticed you guys dont ask for money but like donations are these for a charity?

 

Im very careful about what websites i use so am not sure where these came from altho a friend suggested flash players/video players on sites like utube and the like could have virus' embedded in the links?

 

Since ive come back to my house my main pc has serious problems too :-( please would you mind talkin me through that once i have some spare time to fix it?

 

Thanks for all your help mate hope you and your family have a good Christmas and Happy New Year

 

I will let you know how my laptop fares up over the next few days

[borojamie]

sorry one other question lol bet you are sick of me by now lol!

 

do i need to manually reset the ms-office icons on the desktop as they are not current office ico files?

[chiaz]

Hey,

You can donate to FPCH here:

Computer Support Forums - FreePCHelp.co.uk - PayPal Donate

 

Otherwise you can simply share the joy of Christmas by donating to any charity of your choice. :)

 

 

Im very careful about what websites i use so am not sure where these came from altho a friend suggested flash players/video players on sites like utube and the like could have virus' embedded in the links?

This is true. But Youtube is generally safe. Not saying the same thing about other less-moderated video sites though.

 

do i need to manually reset the ms-office icons on the desktop as they are not current office ico files?

Not very sure about that, but I found a page of suggestions here:

Microsoft Office Icons Gone - Windows

 

If you need further help on this, I could get the staff (who have far more technical expertise than me for sure) to come in. Just let me know.

[RandyL]

I can think of two things to try.

 

1. Navigate to where the program is installed and right click the application, click properties, and try changing the icon from a list.

 

2. Try repairing Office by going to add/remove programs. Click uninstall and you should see an option to repair or uninstall.

 

 

Like chiaz said not all sites with video players or flash players can be trusted like youtube.

 

If you don't know the site don't install the player.

 

If a site uses an ordinary flash player just make sure you are using the latest version of flash.

 

But consider this. Some sites will try to trick you. For instance it might say you need flashplayer or a newer version to view the video. Never ever click on a link or click OK to install it. Always go to the flashplayer site and get it from there. Many times they trick you to install malware by doing this. Even if you have the latest version you will get such a message.

 

 

Donations are used to defray some of the costs of FPCH as stated in the link provided by chiaz. All staff members are volunteers and receive nothing. We simply offer our time for free in order to provide help.

[borojamie]

Hi Chiaz & Randy please accept my sincerest apologies in the massive delay, I was detached short notice to another RAF base and had no internet access on my PC. I have now used my laptop and it appears to be fine - malware does not pick any isues at all and my virus checkers seem to be working fine.

 

Thank you for your help sorry about the delay & I will send a dontation tomorrow.

 

Thank you once again

 

Jamie

[RandyL]

Glad everything is working Jamie. Keep up the good work.