cyzpro

Members

View Profile See their activity

Posts
11
Joined
December 22, 2008
Last visited
January 9, 2009

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by cyzpro

is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

******HJT log in safe mode***************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:19:25 AM, on 1/6/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE D:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- End of file - 5756 bytes
- January 6, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

I force my pc into safe mode by using msconfig, and no infected files was found. My laptop is LG E300. Even though I am in USA I think this laptop has Vista(Canada version) because this laptop was make for Canada market. ***************safe mode log****************** Malwarebytes' Anti-Malware 1.31 Database version: 1597 Windows 6.0.6001 Service Pack 1 1/2/2009 8:21:00 PM mbam-log-2009-01-02 (20-21-00).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 109848 Time elapsed: 13 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ****************************collect info********************************** Malwarebytes' Anti-Malware 1.31 Database version: 1597 Executable location: C:\Program Files\Malwarebytes' Anti-Malware Database location: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref Username: Admin Windows folder: C:\Windows System folder: C:\Windows\system32 Root drive: C: Program Files: C:\Program Files Common Files: C:\Program Files\Common Files Desktop: C:\Users\Admin\Desktop Desktop: C:\Users\Default\Desktop Desktop: C:\Users\Guest\Desktop Desktop: C:\Users\Public\Desktop Start Menu: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu Start Menu: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu Start Menu: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu Start Menu: C:\ProgramData\Microsoft\Windows\Start Menu User Root: C:\Users\Admin User Root: C:\Users\Default User Root: C:\Users\Guest User Root: C:\Users\Public Favorite: C:\Users\Admin\Favorites Favorite: C:\Users\Default\Favorites Favorite: C:\Users\Guest\Favorites Favorite: C:\Users\Public\Favorites Application Data: C:\Users\Admin\AppData\Roaming Application Data: C:\Users\Default\AppData\Roaming Application Data: C:\Users\Guest\AppData\Roaming Application Data: C:\ProgramData Quick Launch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Quick Launch: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Quick Launch: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Temporary Folder: C:\Users\Admin\AppData\Local\Temp Temporary Folder: C:\Users\Default\AppData\Local\Temp Temporary Folder: C:\Users\Guest\AppData\Local\Temp Temporary Folder: C:\Windows\Temp
- January 3, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

I don't understand why log file stated "no action taken", I remember log file stated files will be delete on reboot. ****************************log file************************** Malwarebytes' Anti-Malware 1.31 Database version: 1597 Windows 6.0.6001 Service Pack 1 1/2/2009 7:40:19 PM mbam-log-2009-01-02 (19-39-49).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 101321 Time elapsed: 1 hour(s), 33 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 62 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken. C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken. C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken. C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.
- January 3, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "C:\Users\Default\Application Data\Google\kjzna1562565.exe" Deletion of file "C:\Users\Default\Application Data\Google\kjzna1562565.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Application Data\Google\spcffwl.dll" Deletion of file "C:\Users\Default\Application Data\Google\spcffwl.dll" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Application Data\install.exe" Deletion of file "C:\Users\Default\Application Data\install.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Application Data\shellex.dll" Deletion of file "C:\Users\Default\Application Data\shellex.dll" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Application Data\srcss.exe" Deletion of file "C:\Users\Default\Application Data\srcss.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin" Deletion of file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\igyzih._sy" Deletion of file "C:\Users\Default\Local Settings\Application Data\igyzih._sy" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\naciveg.reg" Deletion of file "C:\Users\Default\Local Settings\Application Data\naciveg.reg" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin" Deletion of file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\zokawi.lib" Deletion of file "C:\Users\Default\Local Settings\Application Data\zokawi.lib" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe" Deletion of file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\bumo.reg" Deletion of file "C:\Users\Default\Cookies\bumo.reg" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\jababug.inf" Deletion of file "C:\Users\Default\Cookies\jababug.inf" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\ycuc.lib" Deletion of file "C:\Users\Default\Local Settings\Application Data\ycuc.lib" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\bokefa.bat" Deletion of file "C:\Users\Default\Local Settings\Application Data\bokefa.bat" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys" Deletion of file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\vege.ban" Deletion of file "C:\Users\Default\Local Settings\Application Data\vege.ban" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl" Deletion of file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr" Deletion of file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\anok.bat" Deletion of file "C:\Users\Default\Local Settings\Application Data\anok.bat" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl" Deletion of file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\fibaw.ban" Deletion of file "C:\Users\Default\Local Settings\Application Data\fibaw.ban" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs" Deletion of file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\uwux.exe" Deletion of file "C:\Users\Default\Cookies\uwux.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\jiceji._sy" Deletion of file "C:\Users\Default\Cookies\jiceji._sy" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\esycire._dl" Deletion of file "C:\Users\Default\Cookies\esycire._dl" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban" Deletion of file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\ymuxag.com" Deletion of file "C:\Users\Default\Local Settings\Application Data\ymuxag.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\syssp.exe" Deletion of file "C:\Users\Default\Cookies\syssp.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\comrepl.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\comrepl.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\MM2048.DAT" Deletion of file "C:\Users\Default\Cookies\MM2048.DAT" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Cookies\MM256.DAT" Deletion of file "C:\Users\Default\Cookies\MM256.DAT" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe" Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe" Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\alg.exe" Deletion of file "C:\Users\Default\Local Settings\alg.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\sec3.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\sec3.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\cftmon.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\cftmon.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Application Data\spool.exe" Deletion of file "C:\Users\Default\Local Settings\Application Data\spool.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Secret.fold" Deletion of file "C:\Users\Default\My Documents\My Secret.fold" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Music\New Song.lagu" Deletion of file "C:\Users\Default\My Documents\My Music\New Song.lagu" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Music\Video.vidz" Deletion of file "C:\Users\Default\My Documents\My Music\Video.vidz" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Pictures\aweks.pikz" Deletion of file "C:\Users\Default\My Documents\My Pictures\aweks.pikz" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Pictures\seram.pikz" Deletion of file "C:\Users\Default\My Documents\My Pictures\seram.pikz" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Music\My Music.url" Deletion of file "C:\Users\Default\My Documents\My Music\My Music.url" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Pictures\My Pictures.url" Deletion of file "C:\Users\Default\My Documents\My Pictures\My Pictures.url" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Videos\My Video.url" Deletion of file "C:\Users\Default\My Documents\My Videos\My Video.url" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\My Documents\My Documents.url" Deletion of file "C:\Users\Default\My Documents\My Documents.url" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll" Deletion of file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "C:\Users\Default\Local Settings\Temp\_check32.bat" Deletion of file "C:\Users\Default\Local Settings\Temp\_check32.bat" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate.
- January 2, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

I try to get into Safe Mode to scan hard drive but nothing happens when I press and hold F8 Key.
- January 2, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" not found! Deletion of file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.
- January 2, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

oops, how do I delete my previous post? I post same thing twice.
- January 2, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

I did not let MBAM remove these infected file because I can not located these files in the C drive in the first place, even after I let the pc to show hidden files. MBAM found these infected files after doing heuristic virus detection. Very strange? I scan the pc again. I let MBAM remove the infected files this time, the MBAM ask to restart pc and stated infected file will be deleted on reboot. But MBAM found same files again and the log file stated no action was taken ***********************************mbam log below***************************** Malwarebytes' Anti-Malware 1.31 Database version: 1590 Windows 6.0.6001 Service Pack 1 1/1/2009 7:03:34 PM mbam-log-2009-01-01 (19-03-19) Scan type: Full Scan (C:\|D:\|) Objects scanned: 101105 Time elapsed: 1 hour(s), 34 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 62 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken. C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken. C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken. C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken. ***********************hijackthis log*********************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:35 PM, on 1/1/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\COMODO\CBOClean\BOC427.EXE C:\Program Files\IOGEAR\DigitalScribe.exe C:\Program Files\Evernote\Evernote3\EvernoteTray.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\IOGEAR\PegRoute.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe D:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- End of file - 6769 bytes
- January 2, 2009
- 17 replies
is my pc infected

cyzpro replied to cyzpro's topic in Resolved Malware Removal Logs

Yes, I still need help. ************************************Malwarebytes scan log************************************* Malwarebytes' Anti-Malware 1.31 Database version: 1580 Windows 6.0.6001 Service Pack 1 12/31/2008 7:22:08 PM mbam-log-2008-12-31 (19-22-03).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 100017 Time elapsed: 1 hour(s), 32 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 62 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken. C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken. C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken. C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken. C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken. C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken. C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken. C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken. ***************************hijackthis log*********************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:33:13 PM, on 12/31/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\CBOClean\BOC427.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- End of file - 6568 bytes ******************************Panda Activescan log********************************** ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-31 20:11:31 PROTECTIONS: 1 MALWARE: 10 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.4205.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@fastclick[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediaplex[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adrevolver[1].txt 00431194 Adware/AdsRevenue Adware No 0 Yes No C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KKST6Q9O\mm[1].js ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ՘0 C5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ՘0 C5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
- January 1, 2009
- 17 replies
is my pc infected

cyzpro posted a topic in Resolved Malware Removal Logs

I downloaded Malwarebytes and update it yesterday. Malwarebytes found a lot of trojans . My pc is acting normal. I can not find the infected files on my pc. My pc is showing hidden files and folders. I attached Malwarebytes log and Panda Activescan log. Somehow this website does not allow me to upload Hijackthis log so I posted below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:31:05 AM, on 12/22/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\CBOClean\BOC427.EXE C:\Program Files\IOGEAR\DigitalScribe.exe C:\Program Files\Evernote\Evernote3\EvernoteTray.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\IOGEAR\PegRoute.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Java ActiveScan.txt mbam_log_2008_12_21__22_51_08_.txt ActiveScan.txt mbam_log_2008_12_21__22_51_08_.txt
- December 22, 2008
- 17 replies
not sure if my pc is infected

cyzpro posted a topic in File Detections

I downloaded Malwarebytes and update it yesterday. Malwarebytes found a lot of trojans . My pc is acting normal. I can not find the infected files on my pc. My pc is showing hidden files and folders. I attached Malwarebytes log and Panda Activescan log. Somehow this website does not allow me to upload Hijackthis log so I posted below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:31:05 AM, on 12/22/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\CBOClean\BOC427.EXE C:\Program Files\IOGEAR\DigitalScribe.exe C:\Program Files\Evernote\Evernote3\EvernoteTray.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\IOGEAR\PegRoute.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe O4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- End of file - 6762 bytes mbam_log_2008_12_21__22_51_08_.txt ActiveScan.txt mbam_log_2008_12_21__22_51_08_.txt ActiveScan.txt
- December 22, 2008
- 1 reply

Sign In

cyzpro

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by cyzpro

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

is my pc infected

not sure if my pc is infected

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information