Jump to content

Grund

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi all, It seems a known problem, but since installing malware bytes on a windows 10 machine a weeks ago, I get the "Protection layers are not on: Would you like them on" Of course, it is already turned on, and malwarebytes isn't respecting the 'no notifications' setttings for task bar icons - the the notice disturbs games etc I'm playing. The last update didn't fix the issue.
  2. Okay, I wont keep hitting the dead horse after this post. I'll have one more attempt at explaining my suggestion/request. I am getting the opinion you are not trying or have fixed in your mind some ulterior motive for my suggestion. I'm not sure why you don't understand, or why you seem so anti about it. Or if you are just picking snippets from my posts. Please understand, I'm spending this time as I think MBAM is an excellent program, and whenever I do a clean up an infected computer for someone, I tell them to purchase MBAM, as it will be better, quicker and cheaper than getting me to fix it again. I work at a school, and regularly suggest to lots of parents that they need a malware removal tool, and my personal choice is MBAM. I'm not a full time tech, and most jobs I do are for mates, or for a carton of beer to say thanks for saving their computer. Part one: Suggestion to make manual or offline updates available again. I think that you are making it harder than it needs to be to perform manual/offline updates, and are in fact behind the standard/ All the leading antivirus vendors offer this. Superantispyware offers this. Only MBAM makes you use my computer and copy files from an existing installation. It's primitive and error prone. MBAM used to offer manual/offline update methods. So I don't understand why you seem unable to accept that the idea or seem so anti the idea of it. You say again, but you said nothing like this in your earlier post. My reasoning is based in being a tech support person. Why is that an issue or a bad thing? I do want to able to sit there with my tablet and download the update while at someone's house. I don't have MBAM on my work computer as I have a personal single licence version on my home PC. I used to be able to copy the trial version of MBAM, the MBAM-Rules, tell the parent 'run both of those in safe mode' and not have to do anything else. The average user gets a blank stare when asked to copy specific files to specific locations. And often stuffs it up. Again, it is something Malwarebytes used to provide, and I'm suggesting its available again. Part Two: The outdated information This really is a side track. But I tried to point out that this forum and google results take you do an outdated manual update which invalidates the database. I think that makes MBAM look amateur. Even a text update on the http://malwarebytes.gt500.org blogspace saying you no longer support the mbam-rules method would make you much more professional looking. It would show you can take five minutes to prevent people applying the wrong method. And I'll note again, that page states to contact the forum if its not updated. The FAQ doesn't have item #4 listed in table of contents. People who cant find things normally google for the information, which will get them the old MBAM-Rules. The FAQ item #4 refers to downloading it from the same link as the http://malwarebytes.gt500.org which I mentioned already as invalidating the database. At least the FAQ warns that it wont work on version after 1.60. Thank you for your time.
  3. Edit: As said above: The first time I show people mbam is normally after they have been infected.
  4. Okay I will try and rephrase so you understand what I mean. I did think manual update was a reasonably common term for downloading an update to the virus/malware definations/library from a web site, (from any computer) and manually running that file on an infected or non networked computer to update the program's database. It is also sometimes called an offline update. At one time Malwarebyte provided these at the website I linked to above (See Manually Updating Malwarebytes' Anti-Malware (MBAM) at http://malwarebytes.gt500.org/ ), and also had a forum thread or two linking to the same location (http://data-cdn.mbamupdates.com/tools/mbam-rules.exe) . That website states: "Someone is supposed to be updating the mbam-rules.exe download once a week now. If there are any lapses in the update frequency, please feel free to stop by the official forums and let them know". It seems it's been so long since being updated that even the term has been forgotten The old link on http://malwarebytes.gt500.org/ really needs to be removed and the old mbam-rules deleted ... it corrupts the current version of MBAM. It needs an update to the text on that page as Google & Searching this forum will still direct people to that link. Other websites refer to the old link too e.g. http://www.mytechguide.org/7213/how-to-manually-download-definition-updates-for-malwarebytes-anti-malware/ It shouldnt be hard to do a manual update. Google/Web search "update definations manually" and you will see dozens of examples of what I am suggesting: An explict way of downloading an update to the defination database that you can copy from a computer connected to the Internet to another computer without a net connection. Ideally the manual update files should be easily found, and not require MBAM installed (So people can use a computer that may be a different OS amongst other reasons). I hope that is clearer.
  5. (Couldnt find edit button - treying to naviagte this site on old computer with IE6 is not pretty). But Wanted to add, there should be an update, clear information about how to manually update. Like on this thread: http://forums.malwarebytes.org/index.php?showtopic=85715
  6. As the title states, please make manual updates of the scanner easier. There should be an expectation of being able to download a copy of the definations, and run it onto a computer. Google brings up posts from 2009. The update version is 1.8357.0.0. The website I got that from states to say in forums if it hasn't been updates http://malwarebytes.gt500.org and lists the last page update as 12-15-2011. running this update corrupts the database for mbam. Your program is otherwise excellent. You let yourselves down, as the first time I show people malware byte is normally after they have been infected, and they see what a hassle manual updating is.
  7. Did I post on the wrong section... has dropped to third page without comment? Should I have posted in General Malwarebytes' Anti-Malware Forum and waited for response before posting logs?
  8. Ran another mbam scan too while I was at it Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5070 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 24/11/2010 12:41:06 PM mbam-log-2010-11-24 (12-41-06).txt Scan type: Full scan (C:\|) Objects scanned: 298136 Time elapsed: 39 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
  9. Hijack this log Logfile of HijackThis v1.99.1 Scan saved at 12:01:03 PM, on 24/11/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101027151628.dll O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [6968259478] "C:\Users\Sasha\AppData\Local\6968259478.exe" 0 28 O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/stg_drm.ocx O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/armhelper.ocx O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Remote Access Media Server (Apache2.2) - Unknown owner - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe" -k runservice (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe" "--defaults-file=C:\Program Files (x86)\Common Files\Dell\MySQL\my.ini" dsl-db (file missing) O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  10. Hello, I am trying to clean a friends computers. It has been infected with "Security Tool" malware. Usual crud full of pop ups. I had to boot in safe mode to do anything as i is one of the bits of malware that interecept running tasks etc. All of below unless otherwise stated is in safe mode. The computer has Mcafee Security Scanner which has up to date definations, not antispyware or malware tools other than that. The active scanner was disabled, and would be disabled within seconds of turning it back on. Even in safe mode, the Mcafee scanner would keep getting disabled. Initally 1) Downloaded Malwarebytes antimalware scanner 2) Downloaded recent definations from http://malwarebytes.gt500.org 3) Installed Malware Bytes scanner and updated rules 4) Ran full scan. 5) Removed infection 6) Rebooted when prompted 7) The malware was back in full force. then 1) Rebooted in safe mode 2) Run Mayware bytes scanner full scan 3) Removed the infection 4) Ran Macafee Scanner (found nothing) 5) Rebooted 6) Infection back. I then ran through the steps in I'm infected - What do I do now 1) Used defogger to disable CD Emulation drivers & rebooted. No errors to log. 2) Downloaded and ran DDS ---------- DDS (Ver_10-11-10.01) - NTFS_AMD64 MINIMAL Run by Sasha at 9:30:37.67 on Wed 24/11/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4056.3434 [GMT 10.5:30] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe E:\dads antivirus stuff\Defogger.exe C:\Windows\system32\conhost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe E:\dads antivirus stuff\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101027151628.dll BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRunOnce: [6968259478] "C:\Users\Sasha\AppData\Local\6968259478.exe" 0 28 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\Users\Sasha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/stg_drm.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/THE%20GAME%20OF%20LIFE%20by%20Hasbro/Images/armhelper.ocx Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL BHO-X64: McAfee Phishing Filter - No File BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll BHO-X64: Windows Live Family Safety Browser Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101027151628.dll BHO-X64: scriptproxy - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-17 55280] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-17 215552] S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-22 529128] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-8-22 75032] S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-8-22 283360] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] S2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648] S2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-6-11 5730304] S2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-7-22 189680] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664] S2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-4-15 78104] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-22 355440] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-22 355440] S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-22 355440] S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-22 355440] S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-22 200056] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-22 245352] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-22 149032] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-8-22 62800] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-17 172704] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-25 61280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-8-22 190136] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-8-22 441328] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-22 94864] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2008-5-2 23552] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2008-5-2 18432] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-10 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-12-17 393728] =============== Created Last 30 ================ 2010-11-23 04:12:31 -------- d-----w- C:\Windows\pss 2010-11-23 00:07:35 11701704 ----a-w- C:\temp\windows-kb890830-v3.12 (malware removal).exe 2010-11-22 13:17:52 6357288 ----a-w- C:\temp\mbam-rules.exe 2010-11-22 13:17:52 6153376 ----a-w- C:\temp\mbam-setup-1.46.exe 2010-11-22 13:17:48 -------- d-----w- C:\temp 2010-11-22 02:52:46 -------- d-----w- C:\Users\Sasha\AppData\Roaming\Malwarebytes 2010-11-22 02:52:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-22 02:52:12 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-22 02:52:12 -------- d-----w- C:\PROGRA~3\Malwarebytes 2010-11-22 02:52:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-11-21 06:19:00 970752 ----a-w- C:\Users\Sasha\AppData\Local\6968259478.exe 2010-11-21 06:18:57 970752 ----a-w- C:\Users\Sasha\AppData\Local\20089168.exe 2010-11-01 06:13:33 -------- d-----w- C:\Program Files (x86)\TuneUpMedia 2010-11-01 06:13:29 -------- d-----w- C:\Users\Sasha\AppData\Roaming\TuneUpMedia 2010-11-01 06:13:18 -------- d-----w- C:\PROGRA~3\TuneUpMedia 2010-11-01 06:01:42 -------- d-----w- C:\Users\Sasha\AppData\Roaming\FrostWire 2010-11-01 06:01:25 -------- d-----w- C:\Users\Sasha\AppData\Local\OpenCandy 2010-11-01 06:01:14 -------- d-----w- C:\Users\Sasha\AppData\Roaming\OpenCandy 2010-11-01 06:00:54 -------- d-----w- C:\Program Files (x86)\FrostWire 2010-10-31 04:49:31 -------- d-----w- C:\PROGRA~3\AlawarWrapper 2010-10-31 04:49:08 -------- d-----w- C:\Program Files (x86)\Alawar 2010-10-27 04:54:11 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2010-10-27 04:54:11 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2010-10-27 04:54:11 552960 ----a-w- C:\Windows\System32\msdri.dll 2010-10-27 04:54:10 288256 ----a-w- C:\Windows\System32\MSNP.ax 2010-10-27 04:54:10 258560 ----a-w- C:\Windows\System32\mpg2splt.ax 2010-10-27 04:54:10 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2010-10-27 04:54:10 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2010-10-27 04:51:17 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys ==================== Find3M ==================== 2010-10-13 11:58:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2010-10-13 11:58:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2010-10-13 11:58:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2010-10-13 11:58:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2010-10-13 11:58:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2010-10-13 11:58:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2010-10-13 11:58:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2010-10-13 11:58:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2010-10-13 11:58:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll 2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec 2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys 2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys 2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys 2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll 2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-02-09 06:49:01 6 ----a-w- C:\Program Files (x86)\Common Files\UnInstallCompleted.tmp 2010-01-21 06:29:20 147456 ----a-w- C:\Program Files (x86)\Common Files\osdinst.dll ============= FINISH: 9:30:57.72 =============== 3) Ran GMER Rootkit Scanner. Nothing found. (heck.. on rereading instructions realised I did not uncheck the options). Can run again if need be. Mbam logs Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5070 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 24/11/2010 8:47:13 AM mbam-log-2010-11-24 (08-47-13).txt Scan type: Full scan (C:\|) Objects scanned: 298227 Time elapsed: 39 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. second log after reboot Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5070 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 24/11/2010 10:23:41 AM mbam-log-2010-11-24 (10-23-41).txt Scan type: Full scan (C:\|) Objects scanned: 298113 Time elapsed: 38 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. now Will run hijack this and post that log. And will wait to see what to do next. Thanks Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.