I require some assistance

X

XxsoulwolfxX

Member
Ok so there may quite possible be a virus on my laptop i have scanned with
windows defender, Avira, Malwarebytes, Microsoft malicious software removal tool &
Microsoft support emergency response tool.

And all have come up blank a little while back i found a virus
(Java exploitation virus) and im shore i successfully removed it
but the thing im skeptical about is the fact that sometimes pop ups (from windows defender) show up from the task bar saying that changes have been made to a 'driver' and sometimes the (default)
cursor changes to the loading cursor with out me touching anything.

the last change i saw was in the driver (mbamswissarmy.sys) but now i cant find it
it seems to have vanished from the 'driver' folder i did recantly upgrade Malewarebytes to the trial version.

(ps) shortly after removing the java exploit virus i uninstalled java and got rid of the folder then re-downloaded it
 

My Computer

System One

If an updated definition base and a full scan with malwarebytes shows you clean, then more than likely you are in fact free of malware, And if your MSE shows no virus , then you should be clean. If you have latest java updates from java site and latest flash from adobe, and the latest Microsoft updates, you should be good, however, if you are seeing a problem after confirming your clean status or if not clean, then our Security Expert would need you to run some scans and give her some logs to read.
 

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    PS/2 Compatible Mouse
    Internet Speed
    http://www.speedtest.net/result/1538974261.png
This is the Malewarebytes lattest full scan log

Code: 
............
Malwarebytes' Anti-Malware 1.51.2.1300
[URL="http://www.malwarebytes.org"]Malwarebytes : Free anti-malware, anti-virus and spyware removal download[/URL]
 
Database version: 8028
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
 
10/27/2011 9:49:03 PM
mbam-log-2011-10-27 (21-49-03).txt
 
Scan type: Full scan (C:\|)
Objects scanned: 297290
Time elapsed: 3 hour(s), 2 minute(s), 46 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
 
 
 
This is the lattest scan done by Avira
 
 
............
 
 
Avira Free Antivirus
Report file date: Thursday, October 27, 2011  18:00
 
Scanning for 3439235 virus strains and unwanted programs.
 
The program is running as an unrestricted full version.
Online services are available:
 
Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows Vista
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : MATT-PC
 
Version information:
BUILD.DAT       : 12.0.0.861     41826 Bytes  10/19/2011 19:24:00
AVSCAN.EXE      : 12.1.0.18     490448 Bytes  10/26/2011 03:46:33
AVSCAN.DLL      : 12.1.0.17      54224 Bytes   9/23/2011 20:34:56
LUKE.DLL        : 12.1.0.17      68304 Bytes   9/23/2011 19:55:16
AVSCPLR.DLL     : 12.1.0.19      99536 Bytes   9/23/2011 19:02:36
AVREG.DLL       : 12.1.0.22     226512 Bytes  10/26/2011 03:46:48
VBASE000.VDF    : 7.10.0.0    19875328 Bytes   11/6/2009 03:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  12/14/2010 18:07:39
VBASE002.VDF    : 7.11.3.0     1950720 Bytes    2/9/2011 00:08:51
VBASE003.VDF    : 7.11.5.225   1980416 Bytes    4/7/2011 19:00:55
VBASE004.VDF    : 7.11.8.178   2354176 Bytes   5/31/2011 19:18:22
VBASE005.VDF    : 7.11.10.251  1788416 Bytes    7/7/2011 21:12:53
VBASE006.VDF    : 7.11.13.60   6411776 Bytes   8/16/2011 16:26:09
VBASE007.VDF    : 7.11.15.106  2389504 Bytes   10/5/2011 03:45:47
VBASE008.VDF    : 7.11.15.107     2048 Bytes   10/5/2011 03:45:48
VBASE009.VDF    : 7.11.15.108     2048 Bytes   10/5/2011 03:45:48
VBASE010.VDF    : 7.11.15.109     2048 Bytes   10/5/2011 03:45:49
VBASE011.VDF    : 7.11.15.110     2048 Bytes   10/5/2011 03:45:49
VBASE012.VDF    : 7.11.15.111     2048 Bytes   10/5/2011 03:45:50
VBASE013.VDF    : 7.11.15.144   161792 Bytes   10/7/2011 03:45:52
VBASE014.VDF    : 7.11.15.177   130048 Bytes  10/10/2011 03:45:54
VBASE015.VDF    : 7.11.15.213   113664 Bytes  10/11/2011 03:45:55
VBASE016.VDF    : 7.11.16.1     163328 Bytes  10/14/2011 03:45:58
VBASE017.VDF    : 7.11.16.34    187904 Bytes  10/18/2011 03:46:01
VBASE018.VDF    : 7.11.16.77    139264 Bytes  10/20/2011 03:46:03
VBASE019.VDF    : 7.11.16.112   162816 Bytes  10/24/2011 03:46:06
VBASE020.VDF    : 7.11.16.150   167424 Bytes  10/26/2011 23:41:31
VBASE021.VDF    : 7.11.16.151     2048 Bytes  10/26/2011 23:41:31
VBASE022.VDF    : 7.11.16.152     2048 Bytes  10/26/2011 23:41:32
VBASE023.VDF    : 7.11.16.153     2048 Bytes  10/26/2011 23:41:32
VBASE024.VDF    : 7.11.16.154     2048 Bytes  10/26/2011 23:41:36
VBASE025.VDF    : 7.11.16.155     2048 Bytes  10/26/2011 23:41:37
VBASE026.VDF    : 7.11.16.156     2048 Bytes  10/26/2011 23:41:37
VBASE027.VDF    : 7.11.16.157     2048 Bytes  10/26/2011 23:41:38
VBASE028.VDF    : 7.11.16.158     2048 Bytes  10/26/2011 23:41:39
VBASE029.VDF    : 7.11.16.159     2048 Bytes  10/26/2011 23:41:42
VBASE030.VDF    : 7.11.16.160     2048 Bytes  10/26/2011 23:41:42
VBASE031.VDF    : 7.11.16.166    12288 Bytes  10/27/2011 23:41:43
Engineversion   : 8.2.6.96  
AEVDF.DLL       : 8.1.2.2       106868 Bytes  10/27/2011 03:49:47
AESCRIPT.DLL    : 8.1.3.82      463227 Bytes  10/27/2011 03:49:34
AESCN.DLL       : 8.1.7.2       127349 Bytes    9/2/2011 06:46:02
AESBX.DLL       : 8.2.1.34      323957 Bytes    9/2/2011 06:46:02
AERDL.DLL       : 8.1.9.15      639348 Bytes    9/9/2011 06:16:06
AEPACK.DLL      : 8.2.13.3      684407 Bytes  10/27/2011 03:49:32
AEOFFICE.DLL    : 8.1.2.18      201084 Bytes  10/27/2011 03:49:27
AEHEUR.DLL      : 8.1.2.184    3780984 Bytes  10/27/2011 03:49:25
AEHELP.DLL      : 8.1.18.0      254327 Bytes  10/27/2011 03:49:12
AEGEN.DLL       : 8.1.5.11      401781 Bytes  10/27/2011 03:49:09
AEEMU.DLL       : 8.1.3.0       393589 Bytes    9/2/2011 06:46:01
AECORE.DLL      : 8.1.24.0      196983 Bytes  10/27/2011 03:49:02
AEBB.DLL        : 8.1.1.0        53618 Bytes    9/2/2011 06:46:01
AVWINLL.DLL     : 12.1.0.17      27344 Bytes   9/23/2011 19:13:18
AVPREF.DLL      : 12.1.0.17      51920 Bytes   9/23/2011 18:53:57
AVREP.DLL       : 12.1.0.17     179408 Bytes   9/23/2011 18:55:01
AVARKT.DLL      : 12.1.0.17     223184 Bytes   9/23/2011 18:25:26
AVEVTLOG.DLL    : 12.1.0.17     169168 Bytes   9/23/2011 18:34:37
SQLITE3.DLL     : 3.7.0.0       398288 Bytes   9/16/2011 09:05:58
AVSMTP.DLL      : 12.1.0.17      62928 Bytes   9/23/2011 19:03:47
NETNT.DLL       : 12.1.0.17      17104 Bytes   9/23/2011 19:58:06
RCIMAGE.DLL     : 12.1.0.17    4450000 Bytes   9/23/2011 20:37:25
RCTEXT.DLL      : 12.1.0.16      96208 Bytes   9/23/2011 20:37:24
 
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
 
Start of the scan: Thursday, October 27, 2011  18:00
 
Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
 
Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
 
Starting search for hidden objects.
 
The scan of running processes will be started
Scan process 'ipmGui.exe' - '48' Module(s) have been scanned
Scan process 'msert.exe' - '66' Module(s) have been scanned
Scan process 'msert.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'MpCmdRun.exe' - '29' Module(s) have been scanned
Scan process 'avscan.exe' - '82' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '97' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '72' Module(s) have been scanned
Scan process 'Apntex.exe' - '17' Module(s) have been scanned
Scan process 'HidFind.exe' - '22' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '15' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '73' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '28' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '16' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '65' Module(s) have been scanned
Scan process 'Updater.exe' - '56' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '61' Module(s) have been scanned
Scan process 'SmoothView.exe' - '16' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '35' Module(s) have been scanned
Scan process 'Apoint.exe' - '40' Module(s) have been scanned
Scan process 'NDSTray.exe' - '91' Module(s) have been scanned
Scan process 'MSASCui.exe' - '41' Module(s) have been scanned
Scan process 'mobsync.exe' - '30' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '65' Module(s) have been scanned
Scan process 'Explorer.EXE' - '135' Module(s) have been scanned
Scan process 'Dwm.exe' - '24' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'TosIPCSrv.exe' - '18' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '26' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '31' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'o2flash.exe' - '15' Module(s) have been scanned
Scan process 'sqlservr.exe' - '53' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '71' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '20' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned
Scan process 'spoolsv.exe' - '80' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '152' Module(s) have been scanned
Scan process 'svchost.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '39' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
 
Starting to scan executable files (registry).
The registry was scanned ( '5572' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <S3A6652D009>
 
 
End of the scan: Thursday, October 27, 2011  23:25
Used time:  5:25:38 Hour(s)
 
The scan has been done completely.
 
  25670 Scanned directories
 476881 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 476881 Files not concerned
   3680 Archives were scanned
      0 Warnings
      0 Notes
 581946 Objects were scanned with rootkit scan
      0 Hidden objects were found

the logs for the Microsoft tools i don't think they are saved anywhere
 
Last edited by a moderator:

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    HP Pavilon Elite
    CPU
    Intel(R)Core(TM)2 Quad CPU [email protected]
    Motherboard
    ASUS eK Berkeley
    Memory
    4GB
    Monitor(s) Displays
    HP w2408 Vivid Color Widescreen LCD
    Cooling
    That's where I keep my beer
    Keyboard
    MS WIRELESS
    Mouse
    MS WIRELESS
    Internet Speed
    AT&T Uverse DSL
Since you have MBam, you might want to set Windows Defender to 'disabled' in services.

Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
You must log in or register to reply here.
Back
Top