Jump to content

mikispiki

Honorary Members
  • Posts

    44
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, MBAM doesn't seem to detect the file at all now. I have no interest in the file, however I will attatch the log and zipped file protection-log-2014-10-22.txt TimeProtect.zip
  2. Hi MBAM picked this FP in real time . DETECTION C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\TimeProtect.dll Trojan.Agent.ED QUARANTINE When scanned MBAM not detecting . Tried to upload the file and was told i am not permitted
  3. No, I think you are on the ball. Like you say, it's no use using an exclusion, as the location rubyw.exe changes everytime. I have read the explanation from the PIA forum, and it's a little too techy for me to understand. My solution was to turn off MBAM notifications. However I ve noticed some times my vpn connection is lost, and it could be MBAM that has caused this. I think all i can do, is disable website blocking, when using the vpn.Which is a shame. Perhaps when my subscription runs out for PIA ( not for 10 months ) I will look for another vpn Many thanks
  4. Hello, I am using a paid vpn. Everytime i use the program MBAM pops up, with a malicious website blocked, it continues as long as i use the program. For example Detection, 15/04/2014 20:29:38, SYSTEM, MICHAEL-TOSH, Protection, Malicious Website Protection, IP, 93.115.82.54, 55875, Outbound, C:\Users\zzzzzzzzzzzzz\AppData\Local\Temp\ocrC492.tmp\bin\rubyw.exe, IP, 93.115.82.54, 55875, , IP, 37.221.165.196, 55898, IP, 93.115.85.34, 56001, IP, 93.115.85.39, 56649, IP, 93.115.85.39, 56666, IP, 93.115.85.39, 56693, IP, 93.115.85.39, 56714, IP, 93.115.85.39, 56735, IP, 93.115.85.39, 56753, IP, 93.115.85.39, 56776, IP, 93.115.85.39, 56803, IP, 37.221.165.196, 56880, This is a couple of minutes worth.Obviously I cannot keep adding them to exclusions Now, i reported a bug yesterday, https://forums.malwarebytes.org/index.php?showtopic=146586 My question is, are these detections specifically realted to version 2, because I did not have them prior to yesterday, when i upgraded to version 2 I will revert to 1.75 tomorrow and block updates. Is this a mistake , thank you (end)
  5. I see. Do you think you could reply a bit faster next time 1 minute is a long time to wait for an answer. Only joking. Your support is always fantastic. Many thanks. I will try and amend my title, if that's possible .
  6. Hello , I have just updated to the new version. I right click and scan a lot of files. On my desktop ( version 1.75 i believe ) a scan on a file took 6 seconds. On my laptop ( version 2 ) 3 minutes 30 seconds. 90% of that was pre scanning Just tried another file ( word doc 3mb ) scan time 4 minutes 20 secs. Is this normal, or a bug. Many thanks
  7. Yeah, me too. I am getting lots for 54.240.166.123 54.240.166.3 54.240.166.235 54.240.166.239 Can't really pinpoint them, but I really am not concerned. At one point I was getting some them from two sites, but this is no longer the case. If it continues, i will tell MBAM to ignore them
  8. I take my hat off to you. Super fast fix. The reputation of the program and it's staff is amazing.
  9. Me too, cannot access internet without turning off website blocking. This happened after last update version v2013.02.23.03. Please fix ASAP, thanks
  10. Hello again Maurice, tried the edited fix, unfortunately no joy. Left it for 1 and half hours , had to pull the plug. It just said " killing process do not interrupt ". I gave it another go, same again. I seriously appreciate your help and time. However , I think it's time it call it a day. I've taken enough of your valuable time. Please mark the post resolved. Take care and thanks Mick
  11. Hi again Maurice, I too saw the registry disabled entry, but I've been into regedit tonight , no problems. I will run your amended fix tomorrow and post back. I can't do these things near bedtime, they prey on my mind and keep me awake. I once got up at 3 in the morning to sort something out and had to take a day off work through lack of sleep Once again, thank you
  12. Hello again maurice, I opened OTL pasted the fix and run it. All i got was the " killing process " for about two hours. In the end I decided to pull the plug. No damage done. Unless you have reason to think there is an infection, I will love you and leave you . The two 10.tmp registry entries [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND, would appear to me to be from Sophos anti rootkit, which creates memsweep2 service.I have had this in the past, perhaps after deleting it left the registry entries behind I looked for 10.tmp in the 32 folder and found nothing. Thank you kindly for your time and help, it's much appreciated. Cheers Mick
  13. Hello again Maurice, many thanks for your reply. I will follow your instructions tomorrow, and post back. Regarding the registry entries found by Roguekiller ( 10 tmp ) Is it possible they once belonged to Sophos rootkit remover. That program has definitely been on the machine years ago . It does create a tmp file http://www.bleepingcomputer.com/startups/MEMSWEEP2-22472.html Once again, I thank you for your time and advice
  14. Hello Maurice, my sincerest apologies, if this is a wild goose chase. I ran RK, i saved the log, when i tried to close the program, it asked me if i wa sure i wanted to close without deleting 4 entries. Upon inspection, i deleted them QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Mon Sep 24 18:20:42 2012 Machine ID: C88362F1 No infection found. ------------------- Processes --------- Acronis Scheduler 2 544 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe Avira Free Antivirus 280 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Avira Free Antivirus 560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe Avira Free Antivirus 2548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe Avira Free Antivirus 1872 C:\Program Files\Avira\AntiVir Desktop\sched.exe LightScribe 244 C:\Program Files\Common Files\LightScribe\LSSrvc.exe Malwarebytes Anti-Malware 1472 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Malwarebytes Anti-Malware 708 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe Malwarebytes Anti-Malware 1152 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Microsoft® Windows® Operating System 1796 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 2928 C:\WINDOWS\system32\wscntfy.exe Modem 1528 C:\WINDOWS\system32\slserv.exe Part of S3 Screen Toys 292 C:\WINDOWS\system32\VTTrayp.exe Realtek Sound Manager 284 C:\WINDOWS\SOUNDMAN.EXE RoboForm 356 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe S3 Graphics, Inc. Utilities 316 C:\WINDOWS\system32\VTTimer.exe Sandboxie 336 C:\Program Files\Sandboxie\SbieCtrl.exe Sandboxie 1160 C:\Program Files\Sandboxie\SbieSvc.exe Secunia Update Agent 1284 C:\Program Files\Secunia\PSI\sua.exe (verified) Microsoft® Windows® Operating System 1488 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 3296 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 324 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1588 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1660 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 2024 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 748 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 712 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 1480 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 3736 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (1480) connected on port 80 (HTTP) --> 173.194.34.66 Process iexplore.exe (1480) connected on port 80 (HTTP) --> 199.7.71.190 Process svchost.exe (1068) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE Avira Free Antivirus C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Part of S3 Screen Toys C:\WINDOWS\system32\VTTrayp.exe Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE RoboForm C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe S3 Graphics, Inc. Utilities C:\WINDOWS\system32\VTTimer.exe Sandboxie C:\Program Files\Sandboxie\SbieCtrl.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll Java Deployment Toolkit 7.0.50.255 C:\WINDOWS\system32\npDeployJava1.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll NAVAPI C:\WINDOWS\Downloaded Program Files\navapi32.dll NPSWF32_11_4_402_265.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll RoboForm C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll VLC Web Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll WholeSecurity Confidence Online for C:\WINDOWS\Downloaded Program Files\AXXPEE.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Scan ---- MD5: 0798951ae42d1161cf1e6cf4280cc8eb C:\Program Files\Avira\AntiVir Desktop\aecore.dll MD5: cd7b65e600b8ebc91b292c1ac9ec1215 C:\Program Files\Avira\AntiVir Desktop\aeemu.dll MD5: bc6e22138c02f41028b46e2b600b4833 C:\Program Files\Avira\AntiVir Desktop\aeexp.dll MD5: 4418d5e1aef2de478f2dfa84e1854e4f C:\Program Files\Avira\AntiVir Desktop\aegen.dll MD5: 0109c5101dd4520719f912a32ded5946 C:\Program Files\Avira\AntiVir Desktop\aehelp.dll MD5: 5c2e390fc6db4d006e4cf761f1247bd3 C:\Program Files\Avira\AntiVir Desktop\aeheur.dll MD5: 56a0f81c7513b9ca4ed975e42f4edb0d C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll MD5: b095d4f78a2fa9bd627855f368113e81 C:\Program Files\Avira\AntiVir Desktop\aepack.dll MD5: cf28139a8aecbf3bec26ca1a16fd69cf C:\Program Files\Avira\AntiVir Desktop\aerdl.dll MD5: 64605b72b605dede66d38e3d7094e73b C:\Program Files\Avira\AntiVir Desktop\aesbx.dll MD5: 011c74cf75ea6e0b5ab816e2d94f8257 C:\Program Files\Avira\AntiVir Desktop\aescn.dll MD5: 64ee0157ea4927c79005e316b0c7a0b7 C:\Program Files\Avira\AntiVir Desktop\aescript.dll MD5: e75a782a8c218d03a0af54325132bc70 C:\Program Files\Avira\AntiVir Desktop\aevdf.dll MD5: 01bddcb32f78945604b3a67fed497db3 c:\program files\avira\antivir desktop\avesvc.dll MD5: c05e10ac65ce218ea116a9af5b250e00 c:\program files\avira\antivir desktop\avesvcr.dll MD5: 434d3aff60ee877a2d1cade7016af4c3 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll MD5: 1ae773142781013f32ae19d0404879fa C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL MD5: f4202f68bb3b9a08822238d9017ec638 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe MD5: c9a36ef935aced86aedf93e97e606911 C:\Program Files\Avira\AntiVir Desktop\avguard.exe MD5: 4200272ee793c5e139365e0afe9aab5b C:\Program Files\Avira\AntiVir Desktop\avipc.dll MD5: a04dd0e3c71fe7ac602b573b1b03758f c:\program files\avira\antivir desktop\avpref.dll MD5: 3754883925ea66a2ecf47747ba91b7f6 c:\program files\avira\antivir desktop\avreg.dll MD5: 52233c5d1890811c552068015afe27df C:\Program Files\Avira\AntiVir Desktop\avshadow.exe MD5: 19439b245c71a5c0c62af5671ed078e8 c:\program files\avira\antivir desktop\ccgen.dll MD5: 0a0f3612a73619a755c596a4441f25d9 c:\program files\avira\antivir desktop\ccgenrc.dll MD5: 126b2f509341c36d99bd15188592123a c:\program files\avira\antivir desktop\ccgrdrc.dll MD5: 7e6ba46e48a45dbad5aade3510598bdd c:\program files\avira\antivir desktop\ccgrdw.dll MD5: db7f445e3a62f96b8e5b4b61bcffd22e c:\program files\avira\antivir desktop\ccguard.dll MD5: 795d4835ce714f4a0c601766134f344b c:\program files\avira\antivir desktop\cclic.dll MD5: 5ac47e3ac56e5e8827c9c593cb86881e c:\program files\avira\antivir desktop\cclicrc.dll MD5: 82464461acdfba6b876bf9f74a66bcbb c:\program files\avira\antivir desktop\ccmainrc.dll MD5: 388129c269db1db1e36d89c8d27c330f c:\program files\avira\antivir desktop\ccmsg.dll MD5: 9d1c5d971235a5e84b1c25e7cefc52e4 c:\program files\avira\antivir desktop\ccmsgrc.dll MD5: 06f93da727d348689707611448470c9e c:\program files\avira\antivir desktop\ccupdate.dll MD5: 0800ff435a29dcd07d275798cfeb6ef2 c:\program files\avira\antivir desktop\ccupdrc.dll MD5: 5336c3171a5b80bb58220fe4ed795e47 C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll MD5: 8e95eeecc7ec8624a360d4ee73e8e140 c:\program files\avira\antivir desktop\ccwgrd.dll MD5: 0915ef55171347230e465c98fa44dded C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll MD5: 13b7445daad8ea6774d65fd9def5d199 c:\program files\avira\antivir desktop\cfglib.dll MD5: 670690fd78d7a14ff6b2579502c7fffb c:\program files\avira\antivir desktop\gpavgio.dll MD5: 0d99e1210ecbc560e53fd759cfa4eab5 c:\program files\avira\antivir desktop\gpgen.dll MD5: 729f4d9ec5e17a5588dd187d0f5f2738 c:\program files\avira\antivir desktop\gpgenrep.dll MD5: 991f2c676b636e475cb9c8c30ed8e570 c:\program files\avira\antivir desktop\gpgrd.dll MD5: c2c2335e62da083e06bd99a70dfa8785 c:\program files\avira\antivir desktop\gpgui.dll MD5: 80126bc6148cad0fdb4eff948232dc34 c:\program files\avira\antivir desktop\gpipc.dll MD5: 2ec0d1737c05adb6156c65bd4a2613f6 c:\program files\avira\antivir desktop\gplegacy.dll MD5: c48e0d43530060cad4a0b231b10eb5ba c:\program files\avira\antivir desktop\gpschd.dll MD5: 3ef34ffab47a2ecf4ce395edb6d15334 C:\Program Files\Avira\AntiVir Desktop\grdcore.dll MD5: ea196c9873949a3d2050c86b7ae95fdd C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll MD5: 31222a7f19ef7013fd43e47168e4400a c:\program files\avira\antivir desktop\onlcfg.dll MD5: 3b31850fff112be58294896eb9f684f1 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll MD5: 0a1cc583e8147004e4ad4625d7fbf88c C:\Program Files\Avira\AntiVir Desktop\sched.exe MD5: 453a81f0537d7619bdc677e9a733c3fa C:\Program Files\Avira\AntiVir Desktop\schedr.dll MD5: 503fe48bc3b68f40018520aeae3beac1 C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MD5: 93e118b465160d9d01907ea3350353ca C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe MD5: ab8134127f786c9603817b5318dceeaa C:\Program Files\Common Files\LightScribe\LSSrvc.exe MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Google\Picasa3\npPicasa3.dll MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll MD5: 028fd0e10b2248c75f07e2fec2562e2e C:\Program Files\Internet Explorer\ieproxy.dll MD5: bc95b80d8699f3ecccc467bff97fd9a4 C:\Program Files\Internet Explorer\xpshims.dll MD5: 923bb61d913c37eab1570f236ccdce41 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll MD5: 420e9bf21339f51b31df4194d5a0e12e C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll MD5: e0d2f6bf46e6053193faa3e294d657ff C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MD5: aebdb652d9273ad61e10c5d8f51c86fb C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll MD5: 0dcf16b1449811efa47ab52cac84093c C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe MD5: 9eaaba4d601004bea4daa6e146e19a96 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: cb8af049ac9be419a77adae288673359 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe MD5: 12df9c0c576875866d040518222ae08a C:\Program Files\Sandboxie\SbieCtrl.exe MD5: 913311f5f69932adc29b0ff3015494cd C:\Program Files\Sandboxie\SbieDll.dll MD5: 224049c51e2c2d07b02b1bed262976a1 C:\Program Files\Sandboxie\SbieDrv.sys MD5: 3129023cef1a2225665d44f9545daed4 C:\Program Files\Sandboxie\SbieSvc.exe MD5: 1ce8490e8919ef5c72275952c202e749 C:\Program Files\Secunia\PSI\PSIA.exe MD5: 9337c7c45392a32cac5e59ddac0d0342 C:\Program Files\Secunia\PSI\sua.exe MD5: 352f2c9cd0fa40e7f61f01ca72c64424 C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL MD5: 7b52a122d3e9ee55dbe476e56bf20edf C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe MD5: 1f8ffde82c52353906244afdc6baf2ab C:\Program Files\VideoLAN\VLC\npvlc.dll MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: a5e06a91cf82d97985c90b12fee33a01 C:\WINDOWS\Downloaded Program Files\avsniff.dll MD5: 457af40a5dbd3a0a8a3d968dee7d27ea C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll MD5: 9c2410960d8425bb70161787ff2fd8a1 C:\WINDOWS\Downloaded Program Files\AXXPEE.dll MD5: 03ca4a509e1b0e59005a731f54eb9481 C:\WINDOWS\Downloaded Program Files\ecmldr32.dll MD5: 0cf3dfb03f62d8b3794e86f0c8b2237e C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll MD5: ca74a39806ecd04fd412eabcb70473c9 C:\WINDOWS\Downloaded Program Files\navapi32.dll MD5: 251753abdc8ce1b9fcb0a9a860768fd4 C:\WINDOWS\Downloaded Program Files\naveng32.dll MD5: 87d36ec240af391aa830ba5caa3f28a9 C:\WINDOWS\Downloaded Program Files\navex32a.dll MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: d9021b7c1d765851774fd9a753aec435 C:\WINDOWS\Downloaded Program Files\rufsi.dll MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe MD5: 16fded08c873555859d2c83c82f0348d C:\WINDOWS\SOUNDMAN.EXE MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 30bb1bde595ca65fd5549462080d94e5 C:\WINDOWS\system32\DRIVERS\AegisP.sys MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys MD5: 292ce6f164008e825d71c07fd0265943 C:\WINDOWS\system32\drivers\ALCXWDM.SYS MD5: d5541f0afb767e85fc412fc609d96a74 C:\WINDOWS\system32\DRIVERS\avgntflt.sys MD5: 7d967a682d4694df7fa57d63a2db01fe C:\WINDOWS\system32\DRIVERS\avipbb.sys MD5: 271cfd1a989209b1964e24d969552bf7 C:\WINDOWS\system32\DRIVERS\avkmgr.sys MD5: cfc4cc73c903152a23e1db28eaba1f03 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys MD5: 3a74c423cf6bcca6982715878f450a3b C:\WINDOWS\system32\DRIVERS\gagp30kx.sys MD5: 5faba4775d4c61e55ec669d643ffc71f C:\WINDOWS\system32\DRIVERS\HPZid412.sys MD5: a3c43980ee1f1beac778b44ea65dbdd4 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys MD5: 2906949bd4e206f2bb0dd1896ce9f66f C:\WINDOWS\system32\DRIVERS\HPZius12.sys MD5: 65e794e86468b61f2bc79abc48bc4433 C:\WINDOWS\system32\drivers\mbam.sys MD5: 0db7527db188c7d967a37bb51bbf3963 C:\WINDOWS\system32\drivers\mbamswissarmy.sys MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 47c16c6c710b99f2d1cbfb0a3b24d1e8 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys MD5: 8dcda7ddbd68971e7833ffdc31f63b07 C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys MD5: d24dfd16a1e2a76034df5aa18125c35d C:\WINDOWS\system32\DRIVERS\psi_mf.sys MD5: f7bb4e7a7c02ab4a2672937e124e306e C:\WINDOWS\System32\Drivers\PxHelp20.sys MD5: 604567bf6f9742f6c69730dbc87227b3 C:\WINDOWS\system32\DRIVERS\RecAgent.sys MD5: 5c45add6599137e5499ac9c4a11854cb C:\WINDOWS\system32\DRIVERS\slntamr.sys MD5: ec437c138e5a6c53b2605fbcb77f2845 C:\WINDOWS\system32\DRIVERS\Slnthal.sys MD5: 03ec63e1de00d7efa51997ddd208ca2b C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys MD5: e78c98378a071ce4d48a7c514fa98fa1 C:\WINDOWS\system32\DRIVERS\snapman.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: d352fff2a623b916c08ceacbfc8b5c32 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys MD5: 64694b2a5c772e1c61feac300ed90ca6 C:\WINDOWS\system32\DRIVERS\timntr.sys MD5: fa9e00bdaa1ad155a60bfd42f8ec9d44 C:\WINDOWS\system32\DRIVERS\vtmini.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: 901c43516504cbe582e4c4193e00876a C:\WINDOWS\system32\HPZipm12.exe MD5: 2030af1f7504a82e31c892d14be55d6f C:\WINDOWS\system32\hpzlnt10.dll MD5: d573deb87cb2df4e5116d2a4e284eab4 C:\WINDOWS\system32\ieframe.dll MD5: ff5dc0e7b0fb876523751bc39b0ffc9f C:\WINDOWS\system32\iepeers.dll MD5: 0579cc3b95edd1ce664a35e016f3dd58 C:\WINDOWS\system32\iertutil.dll MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 2ed65cf5725fcd0dfd40f87782ae37d5 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll MD5: 2a2c442f00b45e01d4c882eea69a01bc C:\WINDOWS\system32\MFC100ENU.DLL MD5: f3de10aabd5c7a1a186c9966f037d0c0 C:\WINDOWS\system32\mfc100u.dll MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.dll MD5: 7473fecbcc12090389df7c60191ec09f C:\WINDOWS\system32\msfeeds.dll MD5: df3c3ca94cbc9de07ac3eb49440a8d45 C:\WINDOWS\system32\mshtml.dll MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll MD5: 2f4781f84c92e8c4b1586e47a78e8a61 C:\WINDOWS\system32\npDeployJava1.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: 92904f159fe06dcb773703276d8db36b C:\WINDOWS\system32\relog_ap.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: 8ab072e905c3d04fe5efa5647e4c9620 C:\WINDOWS\system32\slserv.exe MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL MD5: 9371862d37e8f0af21e4dea95e867c39 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: de083f2a3af1432986c099984944b069 C:\WINDOWS\system32\VTDisply.dll MD5: 3d6c1afe343790244271f7f4ee60cb9c C:\WINDOWS\system32\VTGamma2.dll MD5: ebeca3851d107df38b23098a5d349a01 C:\WINDOWS\system32\VTInfo2.dll MD5: acf54d829f66c5d473e7b132857d99ee C:\WINDOWS\system32\VTOvrlay.dll MD5: 09c57a991d09a148dac582fe212573a1 C:\WINDOWS\system32\VTTimer.exe MD5: b7401a1c424e0836d7846e42548946b4 C:\WINDOWS\system32\VTTrayp.exe MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll MD5: ff1c14bca1a797ce45dd359fa2c9eda8 C:\WINDOWS\system32\WININET.dll MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll No file uploaded. Scan finished - communication took 0 sec Total traffic - 0.01 MB sent, 0.77 KB recvd Scanned 582 files and modules - 89 seconds ============================================================================== RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 09/24/2012 18:27:18 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xF7C7F604) SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xF7C7F5BE) SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xF7C7F60E) SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xF7C7F5B4) SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xF7C7F5C3) SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xF7C7F5CD) SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xF7C7F5FF) SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xF7C7F5D2) SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xF7C7F5A0) SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xF7C7F5A5) SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xF7C7F627) SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xF7C7F5DC) SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xF7C7F618) SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xF7C7F5D7) SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xF7C7F613) SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xF7C7F61D) SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xF7C7F5C8) SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xF7C7F622) SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xF7C7F5AF) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C7F636) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C7F63B) _INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0x80597E78) _INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xF7C7F618) _INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x805318D6) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950212A +++++ --- User --- [MBR] 1e230136024a2e57d8ea6cceab681d57 [bSP] 94c7d9cc66e75925930cbad5105bb3b3 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 25940 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 53139454 | Size: 20794 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Farbar Service Scanner Version: 19-09-2012 Ran by Owner (administrator) on 24-09-2012 at 18:39:31 Running from "C:\Documents and Settings\Owner\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= AegisP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x080000000400000001000000020000000300000005000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** I hope I have done as instructed. Thanks in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.