Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TrojanSpyEye unable to login to primary user acct

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TrojanSpyEye unable to login to primary user acct

Unread postby doby108 » January 18th, 2015, 9:27 pm

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 11.25.2
Run by Properties at 17:23:28 on 2015-01-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1744 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=0080507
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A}\C41627279772370286F6573756 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A}\C496E6B63797373383137333 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{DFE6386E-817F-499D-8CBD-28EBD9FF463A}\E65667164616D2E65647 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.99\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\properties\appdata\roaming\mozilla\firefox\profiles\kp02zmke.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-29 213784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-9 42784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 DSAO;Driver Support AO Service;c:\program files\veloxum\ipte\DriverSupportAOsvc.exe [2014-11-20 1684944]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-10-15 5087584]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-10-13 1820184]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-3-20 1500160]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2007-11-7 12928]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2015-1-16 40776]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2015\avgfws.exe [2014-11-9 1486664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-13 108032]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-3 1343400]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
S4 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-7 30192]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
.
=============== Created Last 30 ================
.
2015-01-17 00:08:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-01-17 00:08:09 -------- d-----w- c:\users\properties\appdata\roaming\Malwarebytes
2015-01-16 18:02:42 -------- d-----w- c:\users\properties\appdata\local\Diagnostics
2015-01-16 04:35:32 -------- d-----w- c:\program files\CCleaner
2015-01-16 02:38:58 -------- d-----w- c:\users\properties\appdata\local\Macromedia
2015-01-16 02:36:42 -------- d-----w- c:\users\properties\appdata\local\Mozilla
2015-01-16 02:36:04 -------- d-----w- c:\users\properties\appdata\local\AVG SafeGuard toolbar
2015-01-16 02:35:36 -------- d-----w- c:\users\properties\appdata\roaming\AVG2015
2015-01-16 02:35:31 -------- d-----w- c:\users\properties\appdata\local\Avg2015
2015-01-09 17:06:45 -------- d-----w- c:\program files\Pearson
2015-01-08 22:39:14 -------- d-----w- c:\programdata\Oracle
2015-01-03 04:12:25 -------- d-----w- c:\windows\ERUNT
2014-12-31 20:34:01 -------- d-----w- c:\program files\Veloxum
2014-12-29 21:54:09 -------- d-----w- c:\program files\ESET
2014-12-26 17:27:37 32832 ----a-w- c:\windows\system32\rnd_chunk.bin
2014-12-26 17:26:15 -------- d-----w- c:\programdata\UAB
2014-12-26 17:26:09 -------- d-----w- c:\programdata\Driver Support
2014-12-26 17:25:52 -------- d-----w- c:\program files\Driver Support
2014-12-21 02:27:18 -------- d-----w- C:\RegBackup
2014-12-21 02:26:02 -------- d-----w- c:\program files\Tweaking.com
.
==================== Find3M ====================
.
2015-01-08 22:39:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-08 15:18:48 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 15:18:48 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-31 01:35:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-30 05:34:52 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 17:24:14.42 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/2/2011 4:08:14 PM
System Uptime: 1/16/2015 4:28:43 AM (61 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 1584/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 391.987 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.952 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Pure Networks Wireless Driver
Device ID: ROOT\LEGACY_PURENDIS\0000
Manufacturer:
Name: Pure Networks Wireless Driver
PNP Device ID: ROOT\LEGACY_PURENDIS\0000
Service: purendis
.
==== System Restore Points ===================
.
RP252: 1/9/2015 9:05:46 AM - Installed MyItLab Office 2013 Launch Tool
RP253: 1/17/2015 9:59:18 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Adobe Shockwave Player 11.5
AVG 2014
AVG 2015
AVG SafeGuard toolbar
Bing Rewards Client Installer
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell V310-V510 Series
Driver Support Active Optimization
ESET Online Scanner v3
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Highlight Viewer (Windows Live Toolbar)
HP FWUpdateEDO2
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photo Creations
HP Print Diagnostic Utility
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Intel(R) PRO Network Connections 12.1.11.0
Java 7 Update 45
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Linksys Connect
Malwarebytes Anti-Malware version 1.75.0.1300
Memeo Instant Backup
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Subscription
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
MyItLab Office 2013 Launch Tool
OGA Notifier 2.0.0048.0
Product Documentation Launcher
QualxServ Service Agreement
QuickTime
RealFlight G5 R/C Simulator
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Segoe UI
Skins
Skype™ 6.3
Smart Menus (Windows Live Toolbar)
Spelling Dictionaries Support For Adobe Reader 8
TeamViewer 8
Tweaking.com - Registry Backup
University of Washington
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VibrateGameDeviceDriver
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.0
WebEx Support Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm
Advertisement
Register to Remove

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » January 24th, 2015, 7:02 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » January 24th, 2015, 7:13 pm

Hi suzanne,

There's no obvious signs of infection in the logs that you have supplied, so the fact that you've been locked out of your account does not at this point look as if it is caused by Malware.

Considering that we checked out your computer recently, and removed what few signs of infection that there were, this doesn't really surprise me too much.

As I recall I told you then that your machine was not stable, and that if it were mine I would have backed up my personal files, and then re-formatted the hard drive and re-installed Windows.

I think as things stand, the best we can probably do, is to see if we can recover your personal files and folders from your primary account, after which I strongly advise you to reformat.

Of course if your machine has hardware failures (which I suspect it may) then it may not be possible to recover them, but it's worth a try.

So, to recover your files, please follow the instructions I've written for doing so in the following topic .... HERE

Please let me know if you are successful.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: TrojanSpyEye unable to login to primary user acct

Unread postby doby108 » January 26th, 2015, 8:53 pm

Hi Gary.

Thanks for looking over my logs.

Between our last communication of 'all clear' and this message when I became locked out of ‘suzanne user’, i ran Malwarebytes (i didnt realize that i had not updated malwarebytes prior to my running it) and it came up with that TROJAN SPY EYE that i quarantined. After quarantine I still could not access Suzanne user account

Then I sent this message and logs in.

I have two user accounts 'properties' and 'suzanne'. I am contacting you via the 'properties' account (were the longs only on the properties account or for both accounts and the entire computer?).

Before i started doing what you suggested (i didnt want to take a chance and backup and infect my external harddrive) I updated and I ran Malwarebytes again and ccleaner. I also downloaded AVAST. AVAST came up with the two new TROJANS and seven PUPS. *The logs were created prior to this.

In addition, when i ran these 3 scans (I cant remember which one - AVAST, ccleaner or malwarebytes) it said that there was a very long list that it could not access and scan, because it was password protected/locked, on my suzanne user.

my rationale for not starting what you suggested. I wanted to give you this additional information before i started for fear of further infection or crash.

Originally when you and i worked together i did back up things at that time.

Yes you did say that my machine was more probable than not very unstable. Of course i regret not heeding your strong suggestion...

Suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » January 27th, 2015, 2:17 am

I think, if you already have a backup of your files and folders, then there's no need to use Puppy to make another copy of them, and all things considered, your best option now is to reformat your hard drive and re-install Windows from fresh.

Am I right in thinking that your machine is a Dell, in which case you'll find instructions for how to restore your machine to factory condition at ... viewtopic.php?p=613793#p613793 ... in the Dell section.

Details can also be found at ... http://www.dell.com/support/article/us/ ... N291879/EN ... (I've linked to the instructions for Windows 7 machines)

If you are not on a Dell machine, please let me know what type it is and I will try to find appropriate instructions for you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: TrojanSpyEye unable to login to primary user acct

Unread postby doby108 » January 27th, 2015, 8:28 pm

Looking into my external. i am not finding my backed up files from dec 2014. i can find old files that i backed up a year back but not when we worked together. sooo. i think i need to try your suggestions.

what do you think the real chances are that i will recover any of my docs and pics?

suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » January 28th, 2015, 2:09 am

Actually in most cases there's a pretty good chance of recovering your files with Puppy, it just depends on whether you have hardware problems, or whether your hard drive is encrypted, if it's either of those, then there's no chance of recovering them, if it's anything else, then there's every chance you'll be successful.

In any case it's your best hope, so it's definitely worth a try.

Using Puppy, you're using an entirely different Operating System, so any damage to Windows itself should not affect things, it's just a matter of whether the data is still present in a readable form on your hard drive, and at this point there's no reason to believe that it won't be.

So, the instructions for how to do things can be found at ... viewtopic.php?p=618146#p618146
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: TrojanSpyEye unable to login to primary user acct

Unread postby doby108 » January 29th, 2015, 8:49 pm

OK, I am stuck on the first step. downloading puppy, i selected ibiblio... there seems to be more steps than what i am thinking their should be. i selected slacko-5.7-NO-pae.iso and it seems to have taken me to ROXIO and wanted me to register and now is asking for me to insert a disc to save... I am confused. suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » January 30th, 2015, 1:39 am

OK, for the slacko-5.7-no-pae.iso .... click on this link ... http://distro.ibiblio.org/puppylinux/pu ... NO-pae.iso .... and you should just get an ISO file to download. Save it somewhere you can find it, and then use Unetbootin to create a bootable USB drive with it.

I've tried it and it works for me.

It's 161 M in size, so it will probably take a while to fully download.

Any problems please get back to me.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: TrojanSpyEye unable to login to primary user acct

Unread postby Gary R » February 2nd, 2015, 1:39 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 322 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware