Jump to content

DaChew

Honorary Members
  • Posts

    591
  • Joined

  • Last visited

Everything posted by DaChew

  1. Norton's and McAfee have some real deals on their software, unfortunately they have focused on marketing and profit potential not malware detection or prevention, the object is to cure and protect a computer, not increase market share and profits. People should pay or donate for good programs but they should shun bad ones. As far as I am concerned this program here has followed in the footsteps of a standard set long by spybot years ago. Even if MBAM goes to trial from free some day I would continue to support them, since they deserve a big raise for all the hard work they do. Paying 100$ for windows oem doesn't seem excessive, paying 20-40$ a year for antimalware does, it's all about the attach rate, if a million people bought MBAM next week I wonder what would happen?
  2. The computer would boot to safe mode and then freeze in a matter of seconds, it all started with a file from limewire and a laptop, when some friends tried to fix it they spread the infection to 2 more computers and brought the laptop to me. It wasn't too bad but I infected my own computer posting this log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/25/2008 at 06:29 PM Application Version : 4.0.1154 Core Rules Database Version : 3412 Trace Rules Database Version: 1404 Scan type : Complete Scan Total Scan Time : 01:15:35 Memory items scanned : 156 Memory threats detected : 0 Registry items scanned : 5743 Registry threats detected : 24 File items scanned : 12630 File threats detected : 18 Trojan.WinFixer HKLM\Software\Classes\CLSID\{3D8C5FEF-9DE0-457B-A06E-304D0F574D62} HKCR\CLSID\{3D8C5FEF-9DE0-457B-A06E-304D0F574D62} HKCR\CLSID\{3D8C5FEF-9DE0-457B-A06E-304D0F574D62}\InprocServer32 HKCR\CLSID\{3D8C5FEF-9DE0-457B-A06E-304D0F574D62}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\VTSTR.DLL HKLM\Software\Classes\CLSID\{771EA8E4-5C79-4B4D-9B47-3C37C626CCE8} HKCR\CLSID\{771EA8E4-5C79-4B4D-9B47-3C37C626CCE8} HKCR\CLSID\{771EA8E4-5C79-4B4D-9B47-3C37C626CCE8}\InprocServer32 HKCR\CLSID\{771EA8E4-5C79-4B4D-9B47-3C37C626CCE8}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\MLJJG.DLL HKLM\Software\Classes\CLSID\{C8913AD6-7AB9-477B-B220-44673CAD228B} HKCR\CLSID\{C8913AD6-7AB9-477B-B220-44673CAD228B} HKCR\CLSID\{C8913AD6-7AB9-477B-B220-44673CAD228B}\InprocServer32 HKCR\CLSID\{C8913AD6-7AB9-477B-B220-44673CAD228B}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDABC.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{771EA8E4-5C79-4B4D-9B47-3C37C626CCE8} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8913AD6-7AB9-477B-B220-44673CAD228B} Trojan.ZQuest HKLM\Software\Classes\CLSID\{3FFCBB20-7758-476D-E195-00350124181D} HKCR\CLSID\{3FFCBB20-7758-476D-E195-00350124181D} HKCR\CLSID\{3FFCBB20-7758-476D-E195-00350124181D}\InProcServer32 HKCR\CLSID\{3FFCBB20-7758-476D-E195-00350124181D}\InProcServer32#ThreadingModel C:\PROGRAM FILES\INTERNET EXPLORER\LAVUHA.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{BE3E45CB-BABD-481D-BA21-16240D8081BE} HKCR\CLSID\{BE3E45CB-BABD-481D-BA21-16240D8081BE} HKCR\CLSID\{BE3E45CB-BABD-481D-BA21-16240D8081BE} HKCR\CLSID\{BE3E45CB-BABD-481D-BA21-16240D8081BE}\InProcServer32 HKCR\CLSID\{BE3E45CB-BABD-481D-BA21-16240D8081BE}\InProcServer32#ThreadingModel C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\FOHELO89104.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE3E45CB-BABD-481D-BA21-16240D8081BE} Trojan.ZenoSearch C:\WINDOWS\system32\msnav32.ax RootKit.TnCore/Trace C:\WINDOWS\system32\drivers\core.cache.dsk Trojan.Downloader-CommandDesktop C:\DOCUMENTS AND SETTINGS\PAUL THE PARTYMAN\DOCTORWEB\QUARANTINE\CMDINST.EXE Trojan.Unclassifed/Loader-Suspicious C:\EJAY\HIPHOP4_DEMO\EJAY\EJAY\LOADER.EXE Trojan.Downloader-Gen/Svchost-Fake C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP266\A0068863.EXE Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP266\A0068864.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67BBC2F1-2328-4819-BEC9-4623DBE7FD42}\RP266\A0079220.DLL Trojan.Downloader-Gen/MROFIN C:\WINDOWS\MROFINU1000106.EXE C:\WINDOWS\MROFINU1188.EXE Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\CBADD.INI C:\WINDOWS\SYSTEM32\CBADD.INI2 Adware.Adservs C:\WINDOWS\SYSTEM32\XTMP\V55API.EXE Trojan.ZQuest-Installer C:\WINDOWS\TK58.EXE One of the other computers had malware already resident that had only been partially neutralized, when they tried to work on it, teatimer was resident and it corrupted the shell. After running repair disk I then ran my standard spectrum of fixes including rootkit scans, when I started getting null results I then went to windows updates figuring I was home free, it kept crashing, finally I had to run repair disk one more time. In the hundreds of HJT threads I have read I haven't quite seen anything similar. I have seen many that were never finished. And I am sure that few would even attempt what I did, but the bookkeeper was waiting to cut checks and hadn't backed up quickbooks so far this year. Thank you for the interest Jean and I hope this clarifies my statement
  3. That was an infection/corruption that I doubt you'll ever see on the internet, I had to run windows as a repair disk to start the disinfection and even get into a normal mode. Teatimer played a big role there. MBAM was instrumental in fixing that one. thanks again
  4. Windows updates went slick as glass, that's the first thing that has, I figured I would have to run windows as a repair disk. I am not sure the order is as important as the end result, google and you will understand what I mean I had a bad experience with MBAM overwritting a log the other day so I am saving immediately before removing
  5. when I had to manually associate .reg files with regedit32 my mind was decided, especially after running vundofix, atf and sdfix and then reganalyzer I felt I gave it my best shot and have seen several similar problems where even sfc didn't fix it but a repair disk did
  6. sfc seems to have fixed the problem and event viewer logs were too corrupt to read
  7. the first link didn't apply as I am getting the error that firewall, ics can not start because of missing service dependency? I have already run the lspfix Am currently running sfc /scannow thanks will look at event viewer when that finishes
  8. Thank you for the response, as a student I am expected to fix my own problems in a shadow log but not allowed to use advanced tools, understandably. This is a friends computer and I was afraid it might need combofix, I have run every tool I can including rootkit scanners and it's beginning to look like a shell error. AFAIK I am breaking no rules by posting a HJT log here as long as it's not mine. The other tools found a few items, I was hoping if someone here more experienced in reading MBAM logs saw something critical they would advise. thanks again
  9. I am a freshman over at MRU and I do a lot of maleware fixes for friends and clients and have used the MBAM for a few months In this case I decided to document the fixes and try to understand the process better, that's why I used MBAM first, what I need help on, is have I screwed up some dependencies by not using vundofix or sdfix? thank you
  10. Older Me computer running windows xp home Fully updated, patched and protected by McAfee Security Suite Son downloads file from Limewire, computer loses internet and is in virtual lockup between McAfee and Vundo in normal mode, display adapter in troubleshooting mode in device manager Computer is semi functional in safe mode but will lock up and lose desktop if give long enough Normal mode is useless Load basic tools and mcafee removal tool on a usb drive and transfer to infected computer in safe mode, unhinstall Mac and run removal tool Boot into normal mode and computer acts like it's fixed Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:56:11 PM, on 4/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Documents and Settings\Owner\lsass.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Owner\lsass.exe O4 - HKLM\..\Run: [c051d9ba] rundll32.exe "C:\WINDOWS\system32\eagsbtjr.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1708537768-1580436667-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-1708537768-1580436667-1343024091-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4015 bytes Malwarebytes' Anti-Malware 1.09 Database version: 532 Scan type: Full Scan (C:\|) Objects scanned: 55536 Time elapsed: 11 minute(s), 56 second(s) Memory Processes Infected: 1 Memory Modules Infected: 3 Registry Keys Infected: 18 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: C:\Documents and Settings\Owner\lsass.exe (Heuristic.Reserved.Word.Exploit) -> No action taken. Memory Modules Infected: C:\WINDOWS\system32\eagsbtjr.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\xxyvw.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\yayxyxv.dll (Trojan.Conhook) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07e50f7d-005c-482b-90d7-492ba0f50c10} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07e50f7d-005c-482b-90d7-492ba0f50c10} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayxyxv (Trojan.Conhook) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Heuristic.Reserved.Word.Exploit) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvw.dll -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\eagsbtjr.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\rjtbsgae.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\xxyvw.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\wvyxx.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\wvyxx.ini2 (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\yayxyxv.dll (Trojan.Conhook) -> No action taken. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken. C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\tuvvspq.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\nnnlljk.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\qomnoli.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ssqpqpq.dll (Trojan.Vundo) -> No action taken. C:\Documents and Settings\Owner\lsass.exe (Heuristic.Reserved.Word.Exploit) -> No action taken. C:\dllhost.exe (Heuristic.Reserved.Word.Exploit) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:36:01 PM, on 4/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: {35769c63-6f07-8329-e804-05978061668c} - {c8661608-7950-408e-9238-70f636c96753} - C:\WINDOWS\system32\xqtxvxpw.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [c051d9ba] rundll32.exe "C:\WINDOWS\system32\eagsbtjr.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1708537768-1580436667-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-1708537768-1580436667-1343024091-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 4131 bytes Removing display adapter from device manager and rebooting fixes exclaimation problem Windows firewall cannot turn on because the internet connect sharing service cannot be started since it's missing a dependency
  11. there's one way to find out and you can always restore or reload the program that's how you trace down a false positive(one way)
  12. I guess you are damned if you, damned if you don't, I just ran a scan on a toshiba vista laptop and hit a few hundred Mywaymywebsearch items, did a search on google and over at bleeping and went to add/remove and found some odd name for the program, did an uninstall and then rescanned and found only 6 orphan registry entries. There's no such thing as a nobrainer scanner, too many grey areas Thanks for the great program
  13. thanks and sorry about posting it there but to put this back in context, it would seem that the newest version is targeting weatherbug as malware so does this make it a false postitive http://www.bleepingcomputer.com/startups/M...G.EXE-3158.html http://www.malwarebytes.org/forums/index.p...ost&p=15827 http://www.google.com/search?hl=en&q=M...G=Google+Search
  14. http://www.pchell.com/support/weatherbug.shtml it's not something you want to have your computer MBAM is aggressive, it needs to be, IMHO
  15. no problem internal update Malwarebytes' Anti-Malware 1.11 Database version: 599 Scan type: Quick Scan Objects scanned: 32152 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.