Jump to content

Crim

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by Crim

  1. Heh .. welp.. comodo antivirus sux.. so i only use the Firewall .. ESET Firewall sux so i only use the Antivirus.. and i use MB for Malware.. . .mini fort knox.
  2. Thanks for fast response. dds.txt CheckResults.txt attach.txt
  3. Ok.. so first.. I love Malwarebytes.. Swear by it. Live by it .. etc.. Been Using it for like 3 years now .. I upgraded to Windows 8 2 months ago.. Everything was workin fine. All of sudden i dunno what the hell yall did.. but whenever it was my Malwarebytes Icon changed (after an update) .. Malwarebytes been doing some weird hidden stuff in the background.. and its making stuff not work on my PC correctly.. For instance I make music on my PC .. every since this new version of Malwarebytes installed.. now when Im recording or making music.. Malwarebytes is causing my Recording software to stall .. or like freeze for like 4 secs... and it happens like frequently .. so if im recording or playing back music using my audio interface thru my recording software ... it will just freeze for 3-4 secs.. and i'f have to press play again.. at first i didn't know wtf the issue was .. then i closed EVERYTHING and started testin it.. and narrowed it to Malwarebytes. . when its completely closed.. everything works.. if it running .. then my audio stuff freezes... Now i haven't really experienced no other issue outside of my audio software. .like if i just use other stuff on my PC i haven't specifically noticed anything else ... except maybe my Google Chrome been actin weird on youtube.. but i cant attribute that to MB ... although i cant thing of anything else that could be causing THAT either.. (another audio issue tho .. hmm) .. but those to applications use 2 different audio devices.. soo idk the co-relation... Is there any way to go back to the old Malwarebyte (red icon) ... if so how.. and will i be at risk? .. well right now my MB is OFF so it cant be any worse than this.. .. . Im just saying . Help? PCInfo http://valid.canardpc.com/2728175
  4. today .. about 3 hours ago i noticed my PC acting very strange.... when i try to open ANYTHING the system stalls and the hour glass stays up and it kinda turns all white and i cant click anything but hte mouse still moves.... ihave Avira and MBAM .. i ran MBAM fullscan in safemode and it returned 3 infections the first time.. it suposedly removed them .. i rrestarted and it found 4 more infections which look like the same as the first ... but i see something up there saying perlx.exe what the hell is that?? . .. heres my log .. someone please help as quick as u can while my pc is still halfway functional.. Malwarebytes' Anti-Malware 1.44 Database version: 3772 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 2/21/2010 8:09:00 PM mbam-log-2010-02-21 (20-09-00).txt Scan type: Full Scan (C:\|) Objects scanned: 253589 Time elapsed: 23 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3uq75lv2-554l-31jw-4741-pr48v0dfs1a4} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\perlx.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\Program Files (x86)\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
  5. http://www.virustotal.com/analisis/05cacb0...0a81-1252319276
  6. is there a log for the ips blocked?... here is the combo fix results: ComboFix 09-09-14.02 - Mr IIXI 09/14/2009 17:13.1.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2676 [GMT -4:00] Running from: c:\documents and settings\Mr IIXI\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2730533083-2623976161-2956594988-1000 c:\windows\system32\41.exe c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk c:\windows\system32\msvcsv60.dll c:\windows\Temp\2877899434.exe . ((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 ))))))))))))))))))))))))))))))) . 2009-09-14 20:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-14 20:51 . 2009-09-14 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-14 20:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 14:27 . 2009-09-13 14:27 -------- d-----w- c:\program files\MusicLab 2009-09-08 14:38 . 2009-09-08 14:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-09-08 14:37 . 2009-09-08 14:37 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Malwarebytes 2009-09-08 14:37 . 2009-09-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-08 00:36 . 2009-09-08 00:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-07 23:53 . 2009-09-07 23:54 -------- d-----w- c:\program files\ManyCam 2.4 2009-09-07 23:53 . 2009-09-07 23:54 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\ManyCam 2009-09-07 23:36 . 2009-09-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-07 23:18 . 2009-09-10 15:23 759240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-07 21:36 . 2009-09-07 21:38 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Webcammax 2009-09-07 21:36 . 2009-07-20 01:13 1052928 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys 2009-09-07 20:21 . 2009-09-07 20:21 -------- d-----w- c:\program files\Microsoft 2009-08-29 02:59 . 2009-08-29 02:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8E4DC1D0-364F-4942-85CD-BCD7298D633E} 2009-08-29 02:55 . 2009-08-29 03:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A7689876-F0D2-4DC6-9C70-CA306AA80853} 2009-08-28 15:06 . 2009-08-28 15:06 -------- d-----w- c:\program files\PSPaudioware 2009-08-28 05:05 . 2009-08-28 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-28 02:53 . 2009-08-28 02:53 -------- d-----w- c:\program files\Sugar Bytes 2009-08-27 16:25 . 2009-08-31 19:35 -------- d-----w- c:\documents and settings\Mr IIXI\Local Settings\Application Data\112dB 2009-08-27 16:25 . 2009-08-27 17:56 -------- d-----w- c:\program files\112dB 2009-08-26 03:15 . 2009-08-26 03:18 44544 ------w- c:\windows\AWuninstall.exe 2009-08-23 18:22 . 2009-08-27 22:04 -------- d-----w- c:\program files\GForce 2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-16 22:03 . 2009-08-16 22:03 -------- d-----w- c:\windows\system32\Lang 2009-08-16 21:09 . 2009-08-16 21:09 -------- d-----w- c:\windows\system32\RTCOM 2009-08-16 20:11 . 2009-08-16 20:11 -------- d-----w- c:\program files\SpacialAudio 2009-08-16 20:11 . 2007-10-16 14:07 442368 ----a-w- c:\windows\system32\GDS32.DLL 2009-08-16 20:11 . 2005-09-23 04:05 548864 ----a-w- c:\windows\system32\msvcp80.dll 2009-08-16 20:11 . 2009-08-16 20:11 -------- d-----w- c:\program files\Firebird . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 20:49 . 2009-03-20 18:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-09-14 20:44 . 2009-07-28 22:02 -------- d-----w- c:\program files\Trillian 2009-09-13 21:43 . 2009-03-19 05:04 -------- d-----w- c:\program files\Winamp 2009-09-13 14:27 . 2009-03-23 16:35 -------- d-----w- c:\program files\VstPlugins 2009-09-13 14:24 . 2009-03-25 07:06 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\uTorrent 2009-09-13 02:14 . 2009-04-17 05:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-10 15:29 . 2009-06-27 05:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 18:57 . 2009-03-19 17:21 -------- d-----w- c:\program files\RocketDock 2009-09-08 22:12 . 2009-03-23 18:08 32 ----a-w- c:\windows\msocreg32.dat 2009-08-31 18:14 . 2009-08-31 18:14 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED3046C324D57.sys 2009-08-31 18:14 . 2009-08-31 18:14 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED3046C324D56.sys 2009-08-31 17:20 . 2009-08-31 17:20 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED304CDD1C713.sys 2009-08-31 17:01 . 2009-03-18 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-29 02:59 . 2009-03-26 13:24 -------- d-----w- c:\program files\Common Files\Native Instruments 2009-08-29 02:59 . 2009-03-26 13:24 -------- d-----w- c:\program files\Native Instruments 2009-08-28 05:05 . 2009-04-12 06:34 -------- d-----w- c:\program files\World of Warcraft 2009-08-27 21:47 . 2009-03-23 19:34 -------- d-----w- c:\program files\Antares Audio Technologies 2009-08-26 21:56 . 2009-03-18 20:07 471000 ----a-w- c:\documents and settings\Mr IIXI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 03:47 . 2009-04-08 05:30 295768 ---ha-w- c:\windows\system32\mlfcache.dat 2009-08-22 21:16 . 2009-03-18 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-22 21:15 . 2009-03-18 05:54 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-22 21:15 . 2009-03-18 15:00 -------- d-----w- c:\program files\NVIDIA Corporation 2009-08-17 04:57 . 2009-03-18 05:53 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-02-18 19:44 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-02-18 19:44 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2009-02-18 19:44 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-17 04:57 . 2009-02-18 19:44 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-02-18 19:44 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-02-18 19:44 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-02-18 19:44 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2009-02-18 19:44 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 23:57 . 2009-04-17 05:49 -------- d-----w- c:\program files\FlashFXP 2009-08-15 20:18 . 2009-08-15 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Anarchy 2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-11 16:35 . 2009-03-18 05:53 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-07 15:21 . 2009-03-23 16:33 -------- d-----w- c:\program files\Image-Line 2009-08-06 21:13 . 2009-08-05 06:50 -------- d-----w- c:\program files\ooVoo 2009-08-05 09:01 . 2008-04-14 03:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 06:51 . 2009-08-05 06:50 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\ooVoo Details 2009-08-03 04:21 . 2009-08-03 04:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-07-31 12:30 . 2009-03-18 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-31 12:30 . 2009-03-18 16:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-31 12:30 . 2009-03-18 16:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-28 22:16 . 2009-07-28 22:03 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Trillian 2009-07-28 22:02 . 2009-06-27 03:02 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\.purple 2009-07-28 21:52 . 2009-06-27 03:05 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\gtk-2.0 2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-20 15:15 . 2009-05-26 22:03 -------- d-----w- c:\program files\LUXONIX 2009-07-17 19:01 . 2008-04-14 03:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 19:05 . 2009-07-15 19:05 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2009-07-14 03:43 . 2008-04-14 03:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2008-04-14 03:42 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-04-14 03:42 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2008-04-14 03:42 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2008-04-14 03:42 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2008-04-14 03:42 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2008-04-14 03:41 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-04-14 03:41 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 14:18 . 2009-03-19 21:26 717296 ----a-w- c:\windows\system32\drivers\sptd.sys . ------- Sigcheck ------- [-] 2009-03-18 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-29 1005960] "Fellowes Proxy"="c:\windows\system32\r3proxy.exe" [2004-03-25 86016] "VX1000"="c:\windows\vVX1000.exe" [2008-08-04 721936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144] c:\documents and settings\Mr IIXI\Start Menu\Programs\Startup\ TClock2.lnk - c:\program files\TClock2\tclock2.exe [2009-4-12 90624] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-31 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "nSvcIp"=2 (0x2) "MSCamSvc"=2 (0x2) "ForceWare Intelligent Application Manager (IAM)"=2 (0x2) "FirebirdServerMAGIXInstance"=3 (0x3) "ASTSRV"=2 (0x2) "JavaQuickStarterService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676 "37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676 "37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [5/5/2009 7:52 AM 40496] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 12:37 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 12:37 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/18/2009 12:37 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 12:37 PM 297752] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2009 4:51 PM 269648] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/23/2009 3:59 PM 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2009 12:56 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2009 12:56 PM 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2009 12:56 PM 566296] R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [3/25/2004 3:18 PM 11393] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2009 4:51 PM 19160] R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [3/26/2009 2:25 PM 2048] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2009 12:56 PM 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2009 12:56 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2009 12:56 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2009 12:56 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2009 12:56 PM 566296] S4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [6/3/2009 1:39 AM 57344] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6/7/2009 7:00 PM 1527900] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D56B649-8C5F-33A4-B350-DB35D68EDEE5}] c:\program files\srvcwin\winsrvc.exe s . Contents of the 'Scheduled Tasks' folder 2009-09-14 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Mr IIXI.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-14 18:53] 2009-09-14 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mr IIXI.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-14 18:53] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: {F1B7366B-C61F-4081-8072-64EE37C8537C} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Mr IIXI\Application Data\Mozilla\Firefox\Profiles\kmk7eg3i.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search FF - prefs.js: browser.startup.homepage - www.google.com FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 17:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,9c,f4,73,8b,47,35,42,a0,b6,89,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,9c,f4,73,8b,47,35,42,a0,b6,89,\ [HKEY_USERS\S-1-5-21-2000478354-1757981266-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EFC6248-102E-69BA-31C6-DC926F3FF0A8}*] "haldjjbcfplmbnne"=hex:69,61,63,6d,62,64,6c,66,6c,6d,67,6d,65,68,66,70,70,64, 00,00 "iabgiaamcjlfcifdie"=hex:63,61,64,6d,6b,64,00,7c "iafdhlaodmgmgkbidg"=hex:6a,61,61,6d,69,63,6d,6e,69,67,67,63,68,64,6f,6b,6d,6e, 63,6f,00,ff [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h
  7. ok i re-installed as u instructed.. my mbam protection is now loaded.. i ran a scan and heres the results: Malwarebytes' Anti-Malware 1.41 Database version: 2797 Windows 5.1.2600 Service Pack 3 9/14/2009 4:56:00 PM mbam-log-2009-09-14 (16-56-00).txt Scan type: Quick Scan Objects scanned: 98759 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) So everything is good? do i still need the combofix u suggested before? and what about the ip alerts?
  8. ok, now today its no longer showing in the results BUT now all of sudden my mbam protection is showing errors [OpenEvent] Failed to perform desired action. Error Code: 2 what should i do now?
  9. Everytime i scan i get this Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/11/2009 11:33:51 PM mbam-log-2009-09-11 (23-33-48).txt Scan type: Quick Scan Objects scanned: 99096 Time elapsed: 32 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmbomydjtp (Rootkit.TDSS) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) It tells me it needs to restart to complete.. i restart.. and run scan.. get SAME results.. i tryed to manually remove the registry key .. and it wont let me.. can someone help? Also.. im gettin an awful lot of ip protection notifications from mbam, is there a log someowhere that saves the ip detections?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.