Jump to content

malaprop

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by malaprop

  1. All seems well, no problems. thanks for the help,
  2. I think Im good, but you guys are the experts. DDS (Ver_11-03-05.01) - NTFSx86 Run by b at 19:45:16.20 on Thu 05/26/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2558.1724 [GMT -4:00] . AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskmgr.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MozyHome\mozybackup.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\MozyHome\mozybackup.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\AUDIODG.EXE C:\Users\b\Desktop\infection\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com uInternet Settings,ProxyServer = http= BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [AdobeBridge] uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [<NO NAME>] mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213- c8a7be370010}\IcoUltraMon.ico uPolicies-explorer: MaxRecentDocs = 32 (0x20) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ciscosupport.webex.com/client/T27L10NSP11EP19/support/ieatgpc1.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL acaptuser32.dll SSODL: GrooveChat - {196a8ddc-07c7-4ecf-a81a-8cb52f4a7d2a} - c:\program files\common files\commonlayoutmodifier\CommonLayoutModifier.dll SSODL: CommonLayoutModifier - {196a8ddc-07c7-4ecf-a81a-8cb52f4a7d2a} - c:\program files\common files\commonlayoutmodifier\CommonLayoutModifier.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {481975DE-442F-492E-BC22-696F699A804D} - reg add "HKCU\Software\Microsoft\Terminal Server Client\Default\AddIns\ThinPrint" /v Name /t reg_sz /d "c: \windows\system32\TPClnRDP.dll" /f . ================= FIREFOX =================== . FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npatgpc.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} FF - Ext: dragdropupload: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9} - %profile%\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9} FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} FF - Ext: Open With Photoshop: {f3f219f9-cbce-467e-b8fe-6e076d29665c} - %profile%\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - %profile%\extensions\mozilla_cc@internetdownloadmanager.com FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\b\appdata\roaming\idm\idmmzcc3 . ============= SERVICES / DRIVERS =============== . R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-11-13 83184] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-23 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-27 363344] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-16 20952] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-7-10 30192] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-3-16 27192] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-1 1343400] . =============== Created Last 30 ================ . 2011-05-24 16:23:10 11 ----a-w- c:\progra~2\userlib.dll 2011-05-24 16:22:34 -------- d-----w- c:\program files\PaulMarv Software 2011-05-23 20:43:58 -------- d-----w- c:\users\b\appdata\local\LogMeIn 2011-05-23 20:43:49 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2011-05-23 20:43:49 29568 ----a-w- c:\windows\system32\LMIport.dll 2011-05-23 20:43:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-05-23 20:43:48 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2011-05-23 20:43:44 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-05-23 20:43:35 -------- d-----w- c:\progra~2\LogMeIn 2011-05-23 20:43:21 -------- d-----w- c:\program files\LogMeIn 2011-05-23 14:41:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-22 19:52:44 6962000 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37890045-4d07-4166-9b95-3894eae99a61}\mpengine.dll 2011-05-18 15:31:01 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-18 15:31:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-18 15:30:58 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-07 06:43:55 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com 2011-05-07 06:43:41 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-05-07 06:07:17 -------- d-----w- c:\users\b\appdata\local\Orzeszek 2011-05-07 03:05:26 -------- d-----w- c:\program files\FreeCountdownTimer 2011-05-01 05:57:11 -------- d-----w- c:\users\b\appdata\roaming\GRLevel3 2011-05-01 05:56:52 -------- d-----w- c:\program files\GRLevelX . ==================== Find3M ==================== . 2011-04-01 08:47:01 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-04-01 08:47:01 13824 ----a-w- c:\windows\system32\slwga.dll 2011-04-01 08:46:58 811520 ----a-w- c:\windows\system32\user32.dll 2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-07 05:33:13 981504 ----a-w- c:\windows\system32\wininet.dll 2011-03-07 03:52:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys 2011-02-27 00:43:21 152576 ----a-w- c:\windows\system32\msclmd.dll 2010-10-01 06:27:25 2048 --sha-w- c:\windows\actofvl\clip.exe . ============= FINISH: 19:46:09.80 ===============
  3. wrong VT report, here is the right one. (cant edit posts?)
  4. sorry for the delay folks. I did a full scan with Panda Cloud and came up with this nasty little bugger that was in C:\USERS\C\APPDATA\LOCAL\TEMP. All seems well now, the temp folder stays clean after a reboot. Mbam and SASare quiet also.
  5. At boot time, UAC found dialup.exe and data.txt in users\me\appdata\local\temp. After I denied it permission, Panda Cloud neutrilizes passwordfox.exe from the same directory. iepv.txt has my email username and password. This is from the mbam protection log: 21:45:30 c DETECTION C:\Users\c\AppData\Local\Temp\dialup.exe Hacktool.Dialupass QUARANTINE 21:45:34 c DETECTION C:\USERS\C\APPDATA\LOCAL\TEMP\DIALUP.EXE Hacktool.Dialupass DENY I deleted all files in the temp folder. The longalphanumericstring.tmp files and the WPDNSE folder had to be deleted in safe mode. When I reboot, the files are back. I know ChromePass, iepv and mspass are Nirsoft files but why are they being replaced after deletion? I changed my email password (on another machine) but I havent logged into it from this machine since. I use VPNs and RDP for work, I dont know if I should be concerned about those either. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:13:08 PM, on 5/15/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Windows\system32\wuauclt.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\taskhost.exe C:\Users\b\Desktop\ALL\DOWNLOAD\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX \AcroIEFavClient.dll O2 - BHO: Java
  6. ok, the 200 logs are in C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs and the 27 logs are in C:\Users\USER NAME\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs. Thank you. Thank you very much.
  7. Hi all, Im using 1.50.1.1100 on Win7 SP1. I wanted to know the location of the logs in Windows. In the logs tab there are over 200 logs. When I go to %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs, there are only about 27. Am I looking in the wrong place? Thank you!
  8. I think what Firefox means is the logged on user must have administrative rights for it to update, so if that user does not have admin rights, it wont work. Most people always logon with admin rights. Like in my situation, it wont update until I log the the kids off and login myself.
  9. Didnt know that, its the kids' machine, so much for phone support . Im always on my box with admin rights of course. Okay, that wraps that up. Thanks for the speedy replies, love this forum.
  10. mbam runs the update without error messages, but it wont get up to date. It is now on database 3596, 1/18/10. The latest is 3796, today. Any ideas? Thanks!
  11. Thank you very much. I posted to Googles Webmasters Tools help group inquiring as to the status of my request, I'll let you know if a I get a response. Any opinion on Norton Websafe, Unmask Parasites and Dasient's Web Anti-Malware?
  12. Its the company website. I'm the just the lowly sysadmin. I'm not involved in the day to day upkeep/updating of the site, I rarely even look at it. Managing the Windows 2008 Domain Controllers, Terminal Servers, Exchange 2007 and LAN/WAN for 150 users pretty much punches my dance card. The site was professionally built some time ago; maintenance and updating consists of not much more than uploading documents and images to the desired directories. FrontPage a la Filezilla. My recreational HTML editing skills are intermediate at best and thats pushing it. I wouldnt know PHP if I sat on it, which is ok because there isnt (supposed to be) any PHP on it. So when the guy that does it tells me theres a problem with the site, I look at it. Yup, that would be a problem. So now I have to clean it up, upload a 'certified clean' copy and then explain a few common sense security procedures and enforce them. Of course this would be much simpler if Google would follow through on the Review Request I submitted almost 72 hours ago. Through Google's Webmaster Tools, I scanned it with Norton Websafe-clean, Unmask Parasites' report mentions an "external reference" about a Belgian Porsche dealer and Dasient's Web Anti-Malware shows it clean but had several "possible sensitive directories". So I guess that kinda leaves me in limbo until Google does what its supposed to do...
  13. Yes, your posting was what got me onto the Gumblar trail What should I use to scan a copy of my public folder to verify that it is clean before I upload it back? The site is hosted on a Linux box but since its shared hosting, I cant scan it myself with something like clamd. I need a Windows app that I can trust to be effective so I can scan it on my pc first.
  14. 64.29.145.73 but its on shared hosting, not dedicated. Also, any thoughts on my first question regarding the scan?
  15. Just had a problem with the company website, Google was reporting it as dangerous. The Safe Browsing diagnostic page said the malicious software included 11 scripting exploits and 7 trojans. I downloaded the entire public directory to a laptop with mbam 1.41, db v3198 on it and scanned it several times. Mbam did not find anything. After opening a ticket with the hosting provider, I learned that they disabled 2 exploits, same file, 2 locations /public/images/gifimg.php and /public/web/images/gifimg.php. When I uploaded the file to virustotal and only one (Sophos) scanning engine found Troj/PHPMod-C. Looks like it may be a Gumblar residual/variant. Should mbam have picked that up? (neither sas or mse caught it) Also, the IP Protection blocked it. Not that thats a surprise. (but I did wonder how it picked that up so quick) Ive put in an Incorrect Forgery Alert to Google, dont know how that takes to go through. The IP protection is still blocking it but when it pops up with the IP address in it, the address is wrong. It displays 195.47.247.178 which is in Denmark. In a browser, it opens a page with "This domain is not yet ready - Please try again later. Hosted by One.com" on it. That is miles from the IP of my site. Whats up with that? Thank you. Thank you very much.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.