Jump to content

Search the Community

Showing results for tags 'logfile'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. I posted earlier in 'General PC Help' and got redirected here... Has anyone ever figured out why in rare instances MBAM writes its log files in Unicode character mapping?? I saw a couple of old posts along these lines, but no resolution. My log files are all in Unicode one attached, and are shown correctly in Word using Unicode mapping. I think I have a very hard to find issue with my machine, and this may be one of the symptoms. On the other hand, it might just be a wrong setting. (My region is US and language is English, nothing else outputs Unicode, just MBAM). Did a full scan with MBAM, McAfee, Kaspersky TDSS killer, Rogue Killer and Hittman Pro, found nothing. But I cannot update IE 11 or remove it - all other updates work fine. And I have this Unicode log file quirk in MBAM. Sooner or later I'm gonna pull the plug and restore in place. But I'd really like to know what happened. I attach: 1. A logfile from MBAM 2. The DDS logfiles =============================================================== MBAM logfile: ÿþM.a.l.w.a.r.e.b.y.t.e.s. .A.n.t.i.-.M.a.l.w.a.r.e. .(.P.R.O.). .1...7.5...0... 1.3.0.0.....w.w.w...m.a.l.w.a.r.e.b.y.t.e.s...o.r.g.........D.a.t.a.b.a.s.e. .v. e.r.s.i.o.n.:. .v.2.0.1.4...0.2...1.7...0.5.........W.i.n.d.o.w.s. .7. .S.e.r.v. i.c.e. .P.a.c.k. .1. .x.6.4. .N.T.F.S.....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r. .1. 1...0...9.6.0.0...1.6.4.7.6.....t.o.n.y. .:.:. .T.O.N.Y.-.P.C. .[.a.d.m.i.n.i.s. t.r.a.t.o.r.].........P.r.o.t.e.c.t.i.o.n.:. .D.i.s.a.b.l.e.d.........2./.1.7./. 2.0.1.4. .1.2.:.5.6.:.4.1. .P.M.....m.b.a.m.-.l.o.g.-.2.0.1.4.-.0.2.-.1.7. .(.1. 2.-.5.6.-.4.1.)...t.x.t.........S.c.a.n. .t.y.p.e.:. .F.l.a.s.h. .s.c.a.n.....S. c.a.n. .o.p.t.i.o.n.s. .e.n.a.b.l.e.d.:. .M.e.m.o.r.y. .|. .S.t.a.r.t.u.p. .|. . H.e.u.r.i.s.t.i.c.s./.E.x.t.r.a. .|. .H.e.u.r.i.s.t.i.c.s./.S.h.u.r.i.k.e.n. .|. .P.U.P. .|. .P.U.M.....S.c.a.n. .o.p.t.i.o.n.s. .d.i.s.a.b.l.e.d.:. .R.e.g.i.s. t.r.y. .|. .F.i.l.e. .S.y.s.t.e.m. .|. .P.2.P.....O.b.j.e.c.t.s. .s.c.a.n.n.e.d. :. .1.8.3.0.3.3.....T.i.m.e. .e.l.a.p.s.e.d.:. .1.9. .s.e.c.o.n.d.(.s.)......... M.e.m.o.r.y. .P.r.o.c.e.s.s.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i. o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........M.e.m.o.r.y. .M.o.d.u.l.e.s. .D.e. t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.). ........R.e.g.i.s.t.r.y. .K.e.y.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c. i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........R.e.g.i.s.t.r.y. .V.a.l.u.e.s. . D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e. d.).........R.e.g.i.s.t.r.y. .D.a.t.a. .I.t.e.m.s. .D.e.t.e.c.t.e.d.:. .0.....(. N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........F.o.l.d.e.r.s. . D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e. d.).........F.i.l.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i. t.e.m.s. .d.e.t.e.c.t.e.d.).........(.e.n.d.)..... DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by tony at 8:08:27 on 2014-02-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2317 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\CISVC.EXE c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\System32\WUDFHost.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\SysWOW64\WDBtnMgr.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [skyDrive] "C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log mRun: [NWEReboot] <no file> dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{3AD0892A-9880-4828-B5C6-45EDAE67AA99} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906}\7384249423 : DHCPNameServer = 192.168.1.1 71.243.0.12 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> LSA: Authentication Packages = msv1_0 wvauth x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Coupon Alerts BHO: {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - x64-BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dll x64-Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" x64-Run: [ATIModeChange] Ati2mdxx.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-10 56336] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-10 203776] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-17 418376] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-17 25928] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2011-9-19 1047144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-17 701512] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-10 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-10 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-17 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736] S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S4 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-7-16 510752] . =============== File Associations =============== . FileExt: .txt: Applications\poweredit.exe="C:\Program Files (x86)\PowerEdit\poweredit.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2014-02-17 16:09:37 -------- d-----w- C:\Users\tony\AppData\Roaming\Malwarebytes 2014-02-17 16:09:18 -------- d-----w- C:\ProgramData\Malwarebytes 2014-02-17 16:09:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-02-17 16:09:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 13:24:45 -------- d-----w- C:\Users\tony\AppData\Roaming\Activeris 2014-02-17 13:24:24 -------- d-----w- C:\Program Files (x86)\Bench 2014-02-17 13:24:18 -------- d-----w- C:\Users\tony\AppData\Local\Popajar 2014-02-17 13:24:05 -------- d-----w- C:\Users\tony\AppData\Local\SearchProtect 2014-02-16 13:53:01 -------- d-----w- C:\Windows\System32\catroot2old 2014-02-16 00:16:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2014-02-16 00:16:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\ParetoLogic 2014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\DriverCure 2014-02-15 00:36:31 -------- d-----w- C:\ProgramData\ParetoLogic 2014-02-15 00:34:40 -------- d-----w- C:\Users\tony\AppData\Local\Deployment 2014-02-15 00:12:29 -------- d-----w- C:\AdwCleaner 2014-02-14 23:32:45 -------- d-----w- C:\Users\tony\AppData\Local\CrashDumps 2014-02-14 21:17:21 -------- d-----w- C:\ProgramData\HitmanPro 2014-02-14 14:24:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D41BCBF7-1D7D-4440-AB13-CCF5F377FC44}\mpengine.dll 2014-02-14 00:14:26 -------- d-----w- C:\Windows\CheckSur 2014-02-13 19:10:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-13 15:33:50 741480 ------w- C:\Windows\System32\HPDiscoPM5B12.dll 2014-02-13 15:33:38 -------- d-----w- C:\Program Files\HP 2014-02-13 05:00:43 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-13 05:00:43 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-01-30 15:23:31 -------- d-----w- C:\Program Files (x86)\Pegasus Imaging 2014-01-30 15:14:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2014-01-29 22:25:11 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-23 23:48:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint . ==================== Find3M ==================== . 2014-02-05 01:20:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 01:20:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll 2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll 2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll 2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe 2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll 2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe 2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe 2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe 2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-26 23:29:48 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-11-26 22:49:20 6573056 ----a-w- C:\Windows\System32\mstscax.dll 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll . ============= FINISH: 8:09:03.45 =============== DDS Attach.txt: I attached it. Hard to read otherwise. attach.txt
  2. Hi, just tried out RogueKiller to check my system out. Need to help on analyzing report. Thanks! RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User : gtadm [Admin rights] Mode : Scan -- Date : 08/20/2013 00:58:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (gtproxy02.globetel.com:8080) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [DNS] HKLM\[...]\CS003\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 10.163.96.131 V490DB1.globe.com.ph V490DB1 10.163.96.133 V490DB2.globe.com.ph V490DB2 10.163.96.132 V490DB1VIP.globe.com.ph V490DB1VIP 10.163.96.134 V490DB2VIP.globe.com.ph V490DB2VIP 10.163.96.67 V490RT1.globe.com.ph V490RT1 10.163.96.69 V490RT2.globe.com.ph V490RT2 10.163.96.68 V490RT.globe.com.ph V490RT 10.163.96.135 DBCluster.globe.com.ph DBCluster 10.163.96.70 RTCluster.globe.com.ph RTCluster 10.163.96.94 V445BACKUP.globe.com.ph V445BACKUP 192.168.1.13 U40-console.globe.com.ph U40-console 192.168.1.6 V490RT1-rsc 10.164.50.133 V490DB.globe.com.ph V490DB 10.226.226.10 V245AS3.globe.com.ph V245AS3 10.226.226.11 V245AS4.globe.com.ph V245AS4 10.163.96.35 V245AS1.globe.com.ph V245AS1 10.163.96.37 V245AS2.globe.com.ph V245AS2 10.163.96.132 c10db.globe.com.ph c10db 193.35.206.80 icon.globetel.com icon [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1646GSX +++++ --- User --- [MBR] 13fccc201b53681b951d344be9afd9d1 [bSP] a7f76f522cc07549eaea16523263bb11 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142435 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291708270 | Size: 10189 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08202013_005844.txt >> RKreport[0]_S_08202013_002550.txt
  3. Hi!!! So, we ran this program called Hijackthis and we got this logfile thing.... not sure what we are supposed to do with it??? We found this site and saw others were getting help here so, here we are! Here is the log file! TY ahead of time! ~Girls of BeeHivesandBowTies salon~ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:32:13 AM, on 12/14/2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\wuauclt.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\karabear\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file) O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8463 bytes
  4. I wonder why I cannot save logfiles manually. If MBAM has found a virus I press Save. The window closes, but the file doesn't exist in C:\Users\Anselm\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs (just the last automatically created logs). Searching the whole C: partition this is found C:\Users\Anselm\AppData\Roaming\Microsoft\Windows\Recent\mbam-log-2012-11-03 (12-16-50).txt.lnk, but clicking on the link doesn't find the logfile. Please help. Thank you. Regards, Anselm
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.