Jump to content

lcander

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I uninstalled CA, updated and ran Mbam. It showed no infections. I then installed a different anti-virus program and re-ran Mbam. It again showed 0 infections. I think you've finally solved this issue. Thanks so much.
  2. Thanks, I'll uninstall CA and try something else and then run Mbam again. Will also contact CA about the issue.
  3. They're back!!!!! I just ran Mbam again with the anti-virus on and the same 68'infections' are back on the list. Guess disabling the anti-virus didn't help get it cleared out.
  4. That may done it. After running it with the CA snoozing and restarting then running again it found nothing. Here is the log after running it again. Malwarebytes' Anti-Malware 1.44 Database version: 3604 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/20/2010 9:12:18 PM mbam-log-2010-01-20 (21-12-18).txt Scan type: Quick Scan Objects scanned: 113267 Time elapsed: 9 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I'll try running it again with the CA enabled. Thanks for your help.
  5. Ran the chkdsk /r and them Mbam. Same 68 'infections' were reported. Here is the log again. Malwarebytes' Anti-Malware 1.44 Database version: 3604 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/20/2010 6:39:09 PM mbam-log-2010-01-20 (18-39-09).txt Scan type: Quick Scan Objects scanned: 113094 Time elapsed: 12 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\Config\Windows.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\messenger.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\Win.exe (IM.Worm) -> Delete on reboot. C:\WINDOWS\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot. C:\WINDOWS\repair\kasutio (Rootkit.Rustock) -> Delete on reboot. C:\WINDOWS\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot. C:\WINDOWS\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot. C:\WINDOWS\repair\sql.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\repair\whw.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\ntload.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
  6. Oops--Guess I was a little early in thinking it was cured. I just ran MBam again in regular logon. The same 68 infections appear.
  7. Safe mode may have been the way to solve this. It found only 1 infection this time. Here is the log Malwarebytes' Anti-Malware 1.44 Database version: 3596 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 1/18/2010 9:13:29 PM mbam-log-2010-01-18 (21-13-29).txt Scan type: Quick Scan Objects scanned: 111360 Time elapsed: 3 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. Thanks for checking in on my thread. No--I am not able to find these files in the locations that the logs indicate. That has been the issue I have been trying to get solved. I had Mbam 'fix the selected infections' and rebooted as asked. But when I would run it again the same 68 infections would be listed. The same result if I ran a full scan. Here is the log of the most recent scan Malwarebytes' Anti-Malware 1.44 Database version: 3568 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/15/2010 12:28:59 AM mbam-log-2010-01-15 (00-28-59).txt Scan type: Quick Scan Objects scanned: 112382 Time elapsed: 8 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\Config\Windows.exe (Trojan.Agent) -> Delete on reboot. [D659EFA6942CC6EAA53924B4020CED34] C:\WINDOWS\system32\Config\messenger.exe (Trojan.Agent) -> Delete on reboot. [46136D659EF20577825A4ABEAF48213B] C:\WINDOWS\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot. [F1D8F0DA40AD4873EABD992E0DB29856] C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot. [3FAFDD7DE4B00D21C061C4A539ABD71B] C:\WINDOWS\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot. [F7A28EC3DD3B1A4C5DC197EF70F3E982] C:\WINDOWS\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot. [FE02236FBC9EC55A666C71DCFDB6FBE4] C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot. [D6D93A3D2BE6D5460F8C80DB650F94CF] C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot. [D17CA7F683CEFB9FE467A4466F6730A0] C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot. [A01A7307333AC94E3A63F63E88CE0885] C:\WINDOWS\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot. [F7E35E4644EB5548C15A415F42DA505F] C:\WINDOWS\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot. [E2E356AF2703415E5C21BF6DBCFDD6F6] C:\WINDOWS\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot. [5EB445BB7A2018AA7823ADCF4E43B9BD] C:\WINDOWS\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot. [8015B0B5355316D57EA3B052A53B3120] C:\WINDOWS\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot. [2D11F71940D92E419294D8BE504945FF] C:\WINDOWS\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot. [24D1C6EAF105AB22D625481882F539CF] C:\WINDOWS\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot. [05F89669AEC56840850C6DF9F63F8B10] C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot. [7CF08251B01F0B5B75459B71ED7D06D5] C:\WINDOWS\system32\Config\Win.exe (IM.Worm) -> Delete on reboot. [36692B15CB7CE39B1FA74D5974F72340] C:\WINDOWS\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot. [DF4F5A9F044BEB010E14E387DFF29C1E] C:\WINDOWS\repair\kasutio (Rootkit.Rustock) -> Delete on reboot. [858CEAA8A2CF963F8A507B8622DFC829] C:\WINDOWS\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot. [DF0056D01AABDB31400A51FF392252AD] C:\WINDOWS\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot. [678F67134998830846884456BE13FE0B] C:\WINDOWS\repair\sql.exe (Trojan.Agent) -> Delete on reboot. [2A2895463CDC1BA061302692D127CB38] C:\WINDOWS\repair\whw.exe (Trojan.Agent) -> Delete on reboot. [EC3215D0302D49CB2A1AF0F410DF4348] C:\WINDOWS\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot. [2A63CE1B079F5078052BB4106801A527] C:\WINDOWS\system32\Config\Systemprofile\ntload.dll (Trojan.Agent) -> Delete on reboot. [C3A19DBE3D78A3DBD249A9178BBACD5A] C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [4052004E5985601671D1FCBAF31AB64F] C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [4052004E5985601671D1FCBAF31AB64F] C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [4052004E5985601671D1FCBAF31AB64F] C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [DE8D4BED2038223C17462F02B98E70C9] C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [DE8D4BED2038223C17462F02B98E70C9] C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [DE8D4BED2038223C17462F02B98E70C9] C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [F03D14281BCF8CFD0ADE8F8358A2BD12] C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [F03D14281BCF8CFD0ADE8F8358A2BD12] C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [F03D14281BCF8CFD0ADE8F8358A2BD12] C:\WINDOWS\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [49635E14F9899F0197654E79F7142A4B] C:\WINDOWS\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [49635E14F9899F0197654E79F7142A4B] C:\WINDOWS\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [49635E14F9899F0197654E79F7142A4B] C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [2875D733981E73BDFAD359F0E3E66BF9] C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [2875D733981E73BDFAD359F0E3E66BF9] C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [2875D733981E73BDFAD359F0E3E66BF9] C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C0308230B1D0F95045056E536EC4A0A9] C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C0308230B1D0F95045056E536EC4A0A9] C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C0308230B1D0F95045056E536EC4A0A9] C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [5A32C817446474E5613810C48100AD8D] C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [5A32C817446474E5613810C48100AD8D] C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [5A32C817446474E5613810C48100AD8D] C:\WINDOWS\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C09CD8141CE56C23F40CC821091491DF] C:\WINDOWS\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C09CD8141CE56C23F40CC821091491DF] C:\WINDOWS\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [C09CD8141CE56C23F40CC821091491DF] C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [41E83D9B8188A4433728567E07A02B68] C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [41E83D9B8188A4433728567E07A02B68] C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [41E83D9B8188A4433728567E07A02B68] C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [837737DA25FE31611D9A3C012A5BC47E] C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [837737DA25FE31611D9A3C012A5BC47E] C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [837737DA25FE31611D9A3C012A5BC47E] C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [3EE9951811A79B4DAE236D4ED208888F] C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [3EE9951811A79B4DAE236D4ED208888F] C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [3EE9951811A79B4DAE236D4ED208888F] C:\WINDOWS\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [65EB27B2D72506B688BA161D7BE9DF92] C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [65EB27B2D72506B688BA161D7BE9DF92] C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [65EB27B2D72506B688BA161D7BE9DF92] C:\WINDOWS\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [0A556900C77FF71B3E608D5934257DD8] C:\WINDOWS\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [0A556900C77FF71B3E608D5934257DD8] C:\WINDOWS\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [0A556900C77FF71B3E608D5934257DD8] C:\WINDOWS\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [52974D16BCCFA6209534F15F1A589473] C:\WINDOWS\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [52974D16BCCFA6209534F15F1A589473] C:\WINDOWS\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [52974D16BCCFA6209534F15F1A589473]
  9. Just checking to see if there was any ideas on this issue since it had been quite some time since my original post. If I have posted the logs incorrectly, please let me know. Thanks
  10. On a Dell XP machine I am working on which was so badly infected, I had to use the restore feature, Mbam seems to be having a problem completely removing some infected objects. It seems to continue to report 68 'infections' even after choosing to 'remove selected' objects and restarting. The anti-virus/anti-spyware program that is installed,along with other 'cleaning' programs reports the machine is clean, but every time I run Mbam it keeps reporting that these same 68 infected objects are there. I have uninstalled and reloaded Mbam. I originally posted this issue on Geek Police which is where I first learned about Mbam. The entire thread with all the steps I've tried, in addition to the logs, is here: http://www.geekpolice.net/virus-spyware-ma...ults-t17796.htm The mod there suggested my posting here. After following the directions in the 'What do I do now' listing, here are the logs that were asked for. Hope I include everything correctly. MBAM Malwarebytes' Anti-Malware 1.44 Database version: 3523 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/9/2010 8:51:17 AM mbam-log-2010-01-09 (08-51-17).txt Scan type: Quick Scan Objects scanned: 111270 Time elapsed: 9 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 68 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\Config\Windows.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\messenger.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\Config\Win.exe (IM.Worm) -> Delete on reboot. C:\WINDOWS\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot. C:\WINDOWS\repair\kasutio (Rootkit.Rustock) -> Delete on reboot. C:\WINDOWS\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot. C:\WINDOWS\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot. C:\WINDOWS\repair\sql.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\repair\whw.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\Systemprofile\ntload.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\WINDOWS\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by Bob at 10:13:16.40 on Sat 01/09/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.168 [GMT -6:00] AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bob\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.dell4me.com/myway BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.517\QOELoader.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\7cicuvr9.default\ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-4-1 73720] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-4-1 205304] =============== Created Last 30 ================ 2010-01-09 16:06:16 0 ----a-w- c:\documents and settings\bob\defogger_reenable 2010-01-09 15:02:49 0 ----a-w- c:\windows\access.tmp 2010-01-09 00:42:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-09 00:42:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-09 00:42:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-07 02:16:02 0 d-sha-r- C:\cmdcons 2010-01-07 02:14:09 98816 ----a-w- c:\windows\sed.exe 2010-01-07 02:14:09 77312 ----a-w- c:\windows\MBR.exe 2010-01-07 02:14:09 261632 ----a-w- c:\windows\PEV.exe 2010-01-07 02:14:09 161792 ----a-w- c:\windows\SWREG.exe 2010-01-07 02:13:47 0 d-----w- C:\commy 2010-01-05 00:15:55 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-01-05 00:15:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-01-04 21:06:08 0 d-----w- c:\program files\CCleaner 2010-01-04 17:37:13 0 d-----w- c:\program files\Windows Media Connect 2 2010-01-04 17:33:44 0 d-----w- c:\windows\system32\LogFiles 2010-01-04 16:39:48 0 d-----w- c:\docume~1\bob\applic~1\Malwarebytes 2010-01-04 16:39:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-04 06:16:26 0 d-----w- c:\program files\MSXML 4.0 2010-01-04 05:37:23 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-04 00:48:34 0 d-----w- c:\windows\system32\scripting 2010-01-04 00:48:32 0 d-----w- c:\windows\l2schemas 2010-01-04 00:48:30 0 d-----w- c:\windows\system32\en 2010-01-04 00:48:29 0 d-----w- c:\windows\system32\bits 2010-01-04 00:35:53 0 d-----w- c:\windows\network diagnostic 2010-01-04 00:22:32 0 d-----w- c:\windows\EHome 2010-01-04 00:13:46 0 d-sh--w- c:\documents and settings\bob\IECompatCache 2010-01-04 00:12:51 0 d-sh--w- c:\documents and settings\bob\PrivacIE 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k7 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k6 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k5 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k4 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k3 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k2 2010-01-04 00:10:49 28 ----a-w- c:\windows\system32\drivers\kmxzone.u2k1 2010-01-04 00:10:49 148 ----a-w- c:\windows\system32\drivers\kmxzone.u2k0 2010-01-04 00:10:18 0 d-sh--w- c:\documents and settings\bob\IETldCache 2010-01-04 00:09:04 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-01-04 00:09:04 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-01-04 00:09:03 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-01-04 00:09:03 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-01-04 00:09:03 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-01-04 00:09:03 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-01-04 00:09:03 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-01-04 00:09:03 575416 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-01-03 23:59:20 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-03 23:59:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-03 23:59:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-01-03 23:59:19 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-03 23:59:19 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-01-03 23:59:19 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-01-03 23:59:06 0 d-----w- c:\windows\ie8updates 2010-01-03 23:58:50 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-01-03 23:57:20 0 dc-h--w- c:\windows\ie8 2010-01-03 23:42:53 0 d-----w- c:\windows\ServicePackFiles 2010-01-03 23:28:38 73216 ------w- c:\windows\system32\drivers\atintuxx.sys 2010-01-03 23:17:46 0 d-----w- c:\program files\ISSThirdParty 2010-01-03 23:13:08 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2010-01-03 23:13:08 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2010-01-03 23:13:08 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2010-01-03 23:13:08 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2010-01-03 23:13:08 111856 ----a-w- c:\windows\system32\isafprod.dll 2010-01-03 23:13:07 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys 2010-01-03 23:13:07 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys 2010-01-03 23:12:23 6552 ----a-w- c:\windows\system32\wbem\canvprov.mof 2010-01-03 23:12:23 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll 2010-01-03 23:08:39 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-01-03 23:08:39 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2010-01-03 23:08:38 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-01-03 23:08:18 333952 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-03 23:08:13 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-01-03 23:07:42 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-03 23:00:15 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-03 22:54:48 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-03 22:53:43 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx 2010-01-03 22:53:20 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-03 22:51:40 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-01-03 22:51:21 0 d-----w- c:\windows\CAVTemp 2010-01-03 22:50:18 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-03 22:50:16 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-01-03 22:50:08 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-01-03 22:50:08 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb 2010-01-03 22:50:07 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2010-01-03 22:49:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-01-03 22:49:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-03 22:47:22 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2010-01-03 22:47:22 0 d-----w- c:\windows\system32\PreInstall 2010-01-03 22:46:50 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll 2010-01-03 22:46:50 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-01-03 22:05:19 0 d-----w- c:\docume~1\bob\applic~1\CallingID 2010-01-03 22:04:45 250544 ----a-w- c:\windows\system32\KeyHelp.ocx 2010-01-03 22:04:45 0 d-----w- c:\program files\common files\Scanner 2010-01-03 22:04:41 83256 ----a-w- c:\windows\system32\vetredir.dll 2010-01-03 22:04:40 99568 ----a-w- c:\windows\system32\isafeif.dll 2010-01-03 22:04:34 0 d-----w- c:\docume~1\alluse~1\applic~1\CA 2010-01-03 22:04:32 0 d-----w- c:\program files\CA 2010-01-03 21:33:33 0 d-----w- c:\docume~1\bob\applic~1\GetRightToGo 2010-01-03 21:32:51 0 d-----w- C:\Downloads 2010-01-03 21:31:44 4128 ----a-w- C:\INFCACHE.1 2010-01-03 21:30:16 345600 ------w- c:\windows\system32\dllcache\localspl.dll 2010-01-03 21:24:34 2 ----a-w- c:\windows\msoffice.ini 2010-01-03 21:23:19 135168 ----a-w- c:\windows\system32\igfxres.dll 2010-01-03 21:19:30 0 d-----w- c:\windows\system32\SoftwareDistribution 2010-01-03 21:17:06 8192 ----a-w- c:\windows\REGLOCS.OLD ==================== Find3M ==================== 2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll 2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll 2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll 2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll 2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll 2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll 2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll 2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll ============= FINISH: 10:14:54.84 =============== Attach.zip ark.zip
  11. Ok, sorry. Thought I had the right place to report a problem with the program. I think the machine is cleaned but the program keeps reporting the same infections. The reported 'infections' are not in the locations indicated in the logs.
  12. I have used Mbam in the past and have been very grateful for the help it has given in helping remove Malware. On this Dell XP machine I am working on which was so badly infected, I had to use the restore feature, Mbam seems to be having a problem. This time it seems to continue to report 68 'infections' even after choosing to 'remove selected' objects and restarting. The anti-virus/anti-spyware program that is installed,along with other 'cleaning' programs reports the machine is clean, but every time I run Mbam it keeps reporting that these same 68 infected objects are there. I have uninstalled and reloaded Mbam. I originally posted this issue on Geek Police which is where I first learned about Mbam. The entire thread with all the steps I've tried, in addition to the logs, is here: http://www.geekpolice.net/virus-spyware-ma...ults-t17796.htm The mod there suggested my posting here. If you need additional info, let me know. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.