Jump to content

normishmael

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

Reputation

0 Neutral
  1. normishmael
    See this is why I love malwarebytes,false positives be damned. In fact it is the false positives I love! There is just nothing sweeter in the cyber world, than a new copy of windows running on a reformated partition,and few softwares give as amply an oppertunity to revel in that feeling as Malwarebytes,with its penchant for registry and windows system file false positives!! Keep up the good work duck!!
  2. normishmael
    Everyone is a critic,and none are so blind as those who choose not to see. Please take your overrated software and your sarcastic,menopausal,moderators and firmly insert them. have a great day. If you did not see the point in exile360's post,a little adult remedial education might be in order.
  3. normishmael
    exile360 There it is. I do not thank there is any better way of putting it than your post. thanks
  4. normishmael
    To Montana It may be noted that it is those you classify as "Joecantreadorfollowinstructions", (as opposed to Trevorwhocandothisshitinhissleep) who are most in need of such programs as this. They are also most in need of clear instructions to follow. What they do not need is a condescending attitude. If you don't like non-techs, palm them off to some one else. Most people come to forums to do one of two things,be fanboys or get help. A rare few come to help. And even smaller sub-group of these are able to do this with a decent attitude.
  5. normishmael
    I am unclear on something. Just encountering pop-ups for programs such as Antivirus2008,or the like,having them start running their scan, That alone is not proof of infection is it? When this happens,I kill the browser with process manager,and run on demands with Rogue remover,Malwarebytes anti-malware,A-squared free,and SuperAnti-Spyware,and never find signs of infection. At one point I went through a cleaning program at castle-cops because I was told just the pop-ups while browsing were indication of infection. It came back clean. If you do not hit instal,or if nothing ius detected by respectable scanners does just having a browser session interupted by a Rogue mean infection? Most of the time Avira will put up a dialog box allowing me to deny access, but sometimes I just end the browser process.
  6. normishmael
    Quite a bit of fixin Today.
  7. normishmael
    Here is the full log. The hit no-longer happens with DB 949 Malwarebytes' Anti-Malware 1.20 Database version: 948 Windows 5.1.2600 Service Pack 3 4:33:21 AM 7/14/2008 mbam-log-7-14-2008 (04-33-05).txt Scan type: Full Scan (C:\|) Objects scanned: 130144 Time elapsed: 28 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\a-squared Free\unins000.exe (Trojan.Downloader) -> No action taken. [HASH=Trojan.Downloader, 347882ce8599cf7283abffe03b8ca5c3]
  8. normishmael
    I get the below hit with Data Base 949 . Files Infected: C:\Documents and Settings\norman ishmael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> No action taken. When I follow the follow the file link up to "Applicaton data" I cant locate the file,and I do not know what is is. I need to know how likely it is to be a false positive,and if I can find out what the file the malware is in does,and if it is safe to quarntine or delete thanks.
  9. normishmael
    This is the false positive I recieved on A-Squared. mbam-log-7-14-2008 (04-33-05).txt Scan type: Full Scan (C:\|) Objects scanned: 130144 Time elapsed: 28 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\a-squared Free\unins000.exe (Trojan.Downloader) -> No action taken. [HASH=Trojan.Downloader, 347882ce8599cf7283abffe03b8ca5c3] The log does not appear to be finished,but the program spits it out,and then says when i try to exit the scan is still in progress. It is not possible to get back to the scan page,and there is no CPU activity. This is ran in developers mode. thank you.
  10. normishmael
    Yes,I see the indications that certain things were not detected that really were. Still,Today many people speak aginst the use of multiple on demand Spyware scanners. (not needed,waste of HD space,etc,) I thank this test is ammo for those of us who thank having a few on-demands is a good idea. Particularly if they have no running process's despite the fact they are on demand only. That is my only fault with A-Squared free.
  11. normishmael
    Than You,I will keep Rogue Remover Also. It is not like its eating up a lot of CPU or Memory. Great work on Malwarbytes Anti-malware. I like the updates and scan speed.
  12. normishmael
    Does Malwarebytes Anti-malware detect rouge applications? With MalwareBytes Anti-Malware do I still need Rogue Remover?
  13. normishmael
    I have asked for help from bleeping computer. I have ran both of things you noticed and submited them with no reply. I have found these files and sent them to Malware bytes. I know what each of them are,other than C:\WINDOWS\system32\drivers\tvichw32.sys. Erassex is left over from a secure delete program. Filseclab is left over from a trial instalation of either their firewall or Twister Anti-virus. SLOWJOE3 is the name of my computer from Windows instalation. Spycar is a Trojan test program. Tracker software makes my PDF viewing program and Kelly software makes my Matrix screensaver. Eset scanner is running but look like awhile. If "double dipping" with Bleeping Computer is a problem,please tell me so we can rap this up. thanks
  14. normishmael
    Here is Combo Fix Log,followed by Hijack this Log> Am i instructed to run ESET online scan? ComboFix 08-07-01.5 - norman ishmael 2008-07-02 13:55:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495 [GMT -5:00] Running from: C:\Documents and Settings\norman ishmael\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))) . 2008-07-02 03:56 . 2008-07-02 03:56 <DIR> d-------- C:\WINDOWS\LastGood 2008-07-02 03:55 . 2008-07-02 06:44 <DIR> d-------- C:\Program Files\Panda Security 2008-07-02 03:16 . 2008-07-02 03:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-02 03:16 . 2008-07-02 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-01 19:04 . 2008-07-01 19:04 <DIR> d-------- C:\Deckard 2008-07-01 16:45 . 2008-07-01 16:45 <DIR> d-------- C:\Program Files\Tracker Software 2008-07-01 05:01 . 2008-07-01 05:01 <DIR> d-------- C:\_OTMoveIt 2008-06-30 05:01 . 2008-06-30 05:01 <DIR> d-------- C:\Program Files\KellySoftware 2008-06-29 21:23 . 2008-06-29 21:23 <DIR> d-------- C:\Program Files\Avira 2008-06-28 00:13 . 2008-06-28 00:34 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\Spycar 2008-06-27 02:31 . 2008-06-27 02:31 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys 2008-06-27 02:17 . 2008-04-30 17:32 107,596 --a------ C:\toolkit_widget.gif 2008-06-27 01:53 . 2008-06-27 01:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-06-27 01:51 . 2008-06-27 01:51 <DIR> d-------- C:\NVIDIA 2008-06-27 01:37 . 2008-06-27 01:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-06-27 01:37 . 2008-06-27 01:37 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\SystemRequirementsLab 2008-06-26 22:51 . 2008-06-26 22:51 <DIR> d-------- C:\Documents and Settings\Administrator.SLOWJOE3 2008-06-26 21:34 . 2008-06-26 21:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-26 20:39 . 2008-06-26 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-26 04:19 . 2008-06-26 05:50 <DIR> d-------- C:\Program Files\Common Files\Filseclab 2008-06-26 03:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-26 03:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-26 03:48 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-26 03:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-26 03:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-23 23:09 . 2008-06-23 23:09 <DIR> d-------- C:\WINDOWS\CleanMem 2008-06-23 23:09 . 2008-06-23 23:09 <DIR> d-------- C:\Program Files\CleanMem 2008-06-23 23:09 . 2008-06-17 13:15 28,672 --a------ C:\WINDOWS\system32\CleanMem.exe 2008-06-23 08:45 . 2008-06-23 08:45 <DIR> d-------- C:\Program Files\Astonsoft 2008-06-22 00:17 . 2008-06-22 00:19 <DIR> d-------- C:\Program Files\MSECACHE 2008-06-21 23:43 . 2008-06-22 00:14 <DIR> d-------- C:\Program Files\Add Remove Pro 2008-06-20 21:31 . 2008-07-02 00:57 2,932 --a------ C:\WINDOWS\Sandboxie.ini 2008-06-20 20:51 . 2008-03-22 16:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys 2008-06-20 20:26 . 2008-06-20 21:31 <DIR> d-------- C:\Program Files\Sandboxie 2008-06-20 20:25 . 2008-06-20 20:26 <DIR> d--h----- C:\Documents and Settings\norman ishmael\Recent(2) 2008-06-20 20:25 . 2008-06-20 20:25 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-06-20 12:32 . 2007-12-22 18:03 91,472 --a------ C:\WINDOWS\system32\Erasext.dll 2008-06-19 23:49 . 2008-06-19 23:49 <DIR> d-------- C:\Program Files\Recuva 2008-06-19 07:19 . 2008-06-25 05:32 <DIR> d-------- C:\Program Files\KeyScrambler 2008-06-19 06:58 . 2008-06-25 05:08 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\Flock 2008-06-19 04:19 . 2008-06-20 20:26 <DIR> d-------- C:\Program Files\Sandboxie(2) 2008-06-18 02:43 . 2008-06-18 02:43 <DIR> d-------- C:\Documents and Settings\norman ishmael\DoctorWeb 2008-06-17 12:26 . 2008-07-02 06:48 <DIR> d-------- C:\Sandbox 2008-06-15 05:04 . 2008-07-02 06:46 <DIR> d-------- C:\Program Files\Google 2008-06-14 14:28 . 2008-06-14 14:28 <DIR> d-------- C:\Program Files\Alarm Clock 2008-06-12 06:58 . 2008-06-25 20:38 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-06-12 06:49 . 2008-06-12 06:49 2,014 -r-h----- C:\WINDOWS\system32\drivers\hosts 2008-06-11 06:18 . 2008-07-02 00:54 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-11 06:18 . 2008-07-02 00:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-11 06:18 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2008-06-11 06:18 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-11 05:30 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-11 05:29 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 23:26 . 2008-06-10 06:23 <DIR> d-------- C:\Program Files\UltimateZip 2.7 2008-06-09 12:50 . 2008-04-22 23:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-09 12:50 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-09 12:50 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-09 12:50 . 2008-04-22 23:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-09 12:50 . 2008-04-22 23:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-09 12:50 . 2008-04-22 23:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-09 12:50 . 2008-04-22 23:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-09 12:50 . 2008-04-22 23:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-09 12:50 . 2008-04-22 02:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-09 07:22 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL 2008-06-09 07:22 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE 2008-06-09 07:22 . 2008-04-13 19:12 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb 2008-06-08 10:32 . 2008-06-08 10:32 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\Yahoo! 2008-06-08 03:29 . 2008-06-08 07:48 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-06-08 03:29 . 2008-06-08 07:47 <DIR> d-------- C:\Program Files\AVSMedia 2008-06-08 00:56 . 2008-06-08 12:13 <DIR> d-------- C:\Program Files\Yahoo! 2008-06-06 18:34 . 2008-06-06 18:34 <DIR> d-------- C:\Program Files\Defraggler 2008-06-06 18:12 . 2008-06-06 18:12 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\JAM Software 2008-06-05 09:53 . 2008-06-05 09:53 <DIR> d-------- C:\Documents and Settings\norman ishmael\Application Data\elefundesktops 2008-06-05 08:49 . 2008-06-05 08:49 <DIR> d-------- C:\Documents and Settings\Tiles 2008-06-03 20:37 . 2008-06-03 20:37 2,262,648 --a------ C:\WINDOWS\system32\Flash9b.ocx 2008-06-03 14:08 . 2008-06-03 14:08 <DIR> d-------- C:\Program Files\Kerio 2008-06-03 14:08 . 2002-04-15 12:28 102,912 --------- C:\WINDOWS\system32\drivers\FWDRV.SYS 2008-06-03 13:41 . 2008-06-03 13:41 60 --a------ C:\WINDOWS\wininit.ini 2008-06-03 12:45 . 2008-06-03 12:45 <DIR> d-------- C:\Program Files\Analog Devices 2008-06-03 12:45 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll 2008-06-03 12:45 . 2001-09-19 00:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll 2008-06-03 12:45 . 2005-08-11 00:49 393,088 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys 2008-06-03 12:45 . 2005-10-05 04:21 141,312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys 2008-06-03 12:45 . 2005-03-04 07:53 127,872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-06-03 12:45 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll 2008-06-03 12:45 . 2005-09-26 16:20 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2008-06-03 12:45 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe 2008-06-03 00:54 . 2008-06-22 06:01 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com 2008-06-02 18:27 . 2008-04-13 19:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-06-02 18:26 . 2007-07-27 07:00 381,425 -----c--- C:\WINDOWS\system32\dllcache\copycd.wmv 2008-06-02 17:01 . 2008-04-13 19:11 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-06-02 17:00 . 2007-07-27 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-06-02 16:59 . 2008-04-13 19:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-06-02 16:58 . 2007-07-27 07:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2008-06-02 16:58 . 2007-07-27 07:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx 2008-06-02 16:58 . 2007-07-27 07:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll 2008-06-02 16:58 . 2007-07-27 07:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe 2008-06-02 16:58 . 2007-07-27 07:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe 2008-06-02 16:58 . 2007-07-27 07:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2008-06-02 16:58 . 2007-07-27 07:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2008-06-02 16:58 . 2007-07-27 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll 2008-06-02 16:57 . 2007-07-27 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-06-02 16:57 . 2008-06-02 16:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-06-02 16:57 . 2008-06-02 16:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-06-02 16:57 . 2008-06-02 16:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-06-02 16:57 . 2008-06-02 16:57 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-06-02 16:57 . 2008-06-02 16:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-06-02 16:57 . 2008-06-02 16:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-06-02 16:39 . 2007-07-27 07:00 1,086,058 -ra------ C:\WINDOWS\SET36.tmp 2008-06-02 16:39 . 2007-07-27 07:00 1,056,254 -ra------ C:\WINDOWS\SET33.tmp 2008-06-02 12:05 . 2008-06-03 19:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-06-02 12:05 . 2008-06-02 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-02 04:49 . 2008-06-02 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-02 02:06 . 2008-06-02 10:41 <DIR> d---s---- C:\Documents and Settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-01 21:51 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-30 02:54 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-06-30 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-06-28 19:16 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-28 19:16 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-06-27 02:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-26 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 21:36 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\Malwarebytes 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-02 19:30 --------- d-----w C:\Program Files\CCleaner 2008-06-02 16:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-01 12:23 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\SUPERAntiSpyware.com 2008-05-28 18:19 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\DeepBurner 2008-05-27 20:10 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\Apple Computer 2008-05-26 04:34 --------- d-----w C:\Program Files\Common Files\Scanner 2008-05-25 20:08 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-21 20:44 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\Desktopicon 2008-05-21 20:35 --------- d-----w C:\Program Files\Unlocker 2008-05-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-05-21 14:58 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\FinalBurner MP3 2008-05-20 08:56 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2008-05-20 08:53 --------- d-----w C:\Program Files\Java 2008-05-20 08:50 --------- d-----w C:\Program Files\Common Files\Java 2008-05-20 04:01 --------- d-----w C:\Program Files\MSConfig CleanUp 2008-05-19 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-05-19 12:38 --------- d-----w C:\Program Files\Auslogics 2008-05-19 12:38 --------- d-----w C:\Documents and Settings\norman ishmael\Application Data\Auslogics 2008-05-19 11:35 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-05-19 11:13 --------- d-----w C:\Program Files\Common Files\xing shared 2008-05-19 11:13 --------- d-----w C:\Program Files\Common Files\Real 2008-05-19 11:12 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-05-19 11:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-05-19 11:12 --------- d-----w C:\Program Files\Real 2008-05-19 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-19 10:01 --------- d-----w C:\Program Files\AMD 2008-05-19 09:31 --------- d-----w C:\Program Files\Common Files\SupportSoft 2008-05-19 09:14 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-16 16:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:28 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll 2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-13 17:23 8,192 ----a-w C:\WINDOWS\system32\asferror.dll 2008-04-13 17:23 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}] 2008-06-30 05:46 1095360 --a------ C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Clean System Memory 120 Sec. After Startup"="C:\Windows\system32\CleanMem.exe" [2008-06-17 13:15 28672] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28] R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 16:37] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-06-30 17:06] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\14.tmp [] *Newly Created Service* - CATCHME *Newly Created Service* - RKPAVPROC . Contents of the 'Scheduled Tasks' folder "2008-07-02 18:36:00 C:\WINDOWS\Tasks\Clean System Memory.job" - C:\WINDOWS\system32\CleanMem.exe "2008-07-02 10:49:58 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-02 13:56:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\14.tmp" . Completion time: 2008-07-02 13:57:22 ComboFix-quarantined-files.txt 2008-07-02 18:57:18 Pre-Run: 228,113,899,520 bytes free Post-Run: 228,106,289,152 bytes free 262 --- E O F --- 2008-06-21 01:30:46 Here is Hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:59:22, on 7/2/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Kerio\Personal Firewall\PERSFW.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O4 - HKLM\..\Run: [Clean System Memory 120 Sec. After Startup] C:\Windows\system32\CleanMem.exe 120 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212447511828 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal
  15. normishmael
    Fair enough.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.