Jump to content

New comoputer - first scan


alicez

Recommended Posts

Just bought a net-notebook for my grandson's birthday. Received it yesterday and today ran a MB scan and following 5 exceptions were found:

malawarebytes.jpg

http://img19.imageshack.us/my.php?image=malawarebytes.jpg

I don't know whether to click on the "Remove Selected" or close the MB and wait for your answers after seeing the HJT Log.

Can you please help me so we can give a "clean" computer to our grandson?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:24:24 PM, on 2/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Carbonite\CarbonitePreinstaller.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\PLFSetL.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\AOL\1235576147\ee\AOLSoftware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\DOCUME~1\BOBTIG~1\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AOL 9.5\waol.exe

C:\Program Files\AOL 9.5\shellmon.exe

C:\WINDOWS\regedit.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scandoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe

O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS

O4 - HKLM\..\Run: [NotificationCenterLauncher] C:\Program Files\Acer\Acer eRecovery Management\NotificationLauncher.exe

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1235576147\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b

O4 - Global Startup: Acer VCM.lnk = ?

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235590921406

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--

End of file - 6623 bytes

Link to post
Share on other sites

I looked in the MB Logs secton, but there is nothing there. (I am using my desktop now.)

I have not closed the MB after it reported the 5 errors. I didn't know whether to click on "Remove Selected," or to click on "Ignore" which might mean that the 5 errors would remain on the computer forever and never be shown again when I ran a MB scan. I didn't want to click on "Remove Selected" now because that might remove something that should not be removed. (Hope I am making myself clear. I am new at all of this!)

Can I click on "Ignore" in order to get the Log that you (might) need? And then later when I do a scan, the 5 will show up again for further action

Alice

Link to post
Share on other sites

  • Root Admin

No don't remove them for now. They might be a false positive.

Please close it and then run this.

Click on START - RUN and type in MBAM /DEVELOPER and then do another Quick Scan and don't fix anything and when the log pops up post back that information please.

Then also do the following.

Download DDS and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your antivirus/antimalware has it. You can disconnect from the Internet while this run for a minute.

Then double click dds.scr to run the tool.

When done, DDS.txt will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop.

Please include the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 3

2/25/2009 5:23:40 PM

mbam-log-2009-02-25 (17-23-25).txt

Scan type: Full Scan (C:\|)

Objects scanned: 89463

Time elapsed: 34 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snp2uvc (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004889.dll (Trojan.BHO) -> No action taken.

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004890.exe (Trojan.BHO) -> No action taken.

C:\WINDOWS\system32\csnp2uvc.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken.

Link to post
Share on other sites

No don't remove them for now. They might be a false positive.

Please close it and then run this.

Click on START - RUN and type in MBAM /DEVELOPER and then do another Quick Scan and don't fix anything and when the log pops up post back that information please.

Then also do the following.

Download DDS and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your antivirus/antimalware has it. You can disconnect from the Internet while this run for a minute.

Then double click dds.scr to run the tool.

When done, DDS.txt will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:
    1. DDS.txt

    2. Attach.txt

    [*]Save both reports to your desktop.

Please include the following logs in your next reply:

DDS.txt

Attach.txt

==================

I clicked on Start and then Run and typed in MBAM/DEVELOPER

and got pop up reading: Windows cannot find "MBAM/DEVELOPER"

Link to post
Share on other sites

I hope these are right. Remember please, I am a senior citizen and novice at all of this....

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 2/25/2009 1:05:23 PM

System Uptime: 2/25/2009 6:13:03 PM (0 hours ago)

Motherboard: Acer | | Aspire one

Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 132.353 GiB free.

D: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/25/2009 1:05:26 PM - System Checkpoint

RP2: 2/25/2009 1:07:17 PM - Installed WebCam

RP3: 2/25/2009 1:10:10 PM - Installed Acer eRecovery Management

RP4: 2/25/2009 1:58:57 PM - Installed AVG Free 8.0

RP5: 2/25/2009 2:45:51 PM - Software Distribution Service 3.0

RP6: 2/25/2009 3:47:08 PM - Software Distribution Service 3.0

RP7: 2/25/2009 4:10:52 PM - Removed Google Toolbar for Internet Explorer

RP8: 2/25/2009 4:14:11 PM - Software Distribution Service 3.0

RP9: 2/25/2009 6:06:58 PM - Removed Microsoft Office Home and Student 2007

RP10: 2/25/2009 6:18:26 PM - Removed Microsoft Works

RP11: 2/25/2009 6:21:15 PM - Removed Microsoft Office Suite Activation Assistant.

RP12: 2/26/2009 9:07:43 AM - Removed AVG Free 8.0

RP13: 2/26/2009 9:09:40 AM - Installed AVG Free 8.0

RP14: 2/26/2009 9:15:14 AM - Installed AVG Free 8.0

RP15: 2/25/2009 10:39:48 AM - Installed Windows Media Format 9 Series Runtime Setup

==== Installed Programs ======================

Acer eRecovery Management

Acer ScreenSaver

Acer VCM

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9

AOL Uninstaller (Choose which Products to Remove)

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

Atheros for Acer Driver v7.6.0.260_Foxconn Installation Program

AVG Free 8.0

Carbonite Online Backup Setup

CCleaner (remove only)

Choice Guard

Compatibility Pack for the 2007 Office system

eSobi v2

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Intel® Graphics Media Accelerator Driver

Intel

Link to post
Share on other sites

Hi Alice,

You need a space after the word MBAM.EXE it's not all one word. Then it should run just fine. thanks

I realize that now. Was the one I sent you okay? The one I ran after I opened the MB manually?

(FYI - Ran AVG8 (AV/AS) and SpyBot S&D and nothing found.)

Link to post
Share on other sites

Did the MBAM /DEVELOPER and here are the results (I hope it is what you want) I really am hoping they are false/positives:

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 3

2/25/2009 10:06:02 PM

mbam-log-2009-02-25 (22-05-40).txt

Scan type: Quick Scan

Objects scanned: 57280

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snp2uvc (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301414438586445483634456446343641424738615

24839535634513861467468838084807185615674796980888461368683837079855570838474807

9

6151867993323232323232113011838679697777201915708970113232323232156977771184]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\csnp2uvc.dll (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301414438586445483634456446343641424738615

24839535634513861467468838084807185615674796980888461368683837079855570838474807

9

6151867993323232323232113011838679697777201915708970113232323232156977771184]

C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken. [4642524945343638373084708387746870841301474853017089709378846893676676937484689

3777976937884689378807193778072935746459381697193807769]

Link to post
Share on other sites

  • Root Admin

Hi Alice,

Well it looks like at least one of the files may not be a FP. Please run the following.

We need to get a copy of those files so that we can check them for sure.

First let's unhide the files so we can see them to upload them.

STEP 01

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

STEP 02

Please make a NEW folder on your Desktop. Right click, new folder.

Open "My Computer" and browse to this location C:\WINDOWS\system32\ and see if you can copy the file csnp2uvc.dll to that new folder you created.

Do the same thing for this file: C:\WINDOWS\ SERVICES.REG

Then zip them up into a new archive and upload it to your reply

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

Link to post
Share on other sites

I found the files after looking around in windows and put them into a new folder and that's as far as I got. I don't know how to get them onto/into this message.

(Please remember we are extreme novices at this. We are looking for what you ask on our netbook (where the 5 problems are showing) transferring them to flash drive and then bringing them over to my desktop (where I am typing this) and then trying to get them onto this message.

I have the two files in a new folder. I believe I placed them in a "New Compressed" folder. When I look in that folder, I see the two files, but they do not have Zip next to them.

I read and re-read the zip page you supplied but it is so confusing to me.

Don't know what to do now?

Link to post
Share on other sites

  • Root Admin

Hi Alice,

Yes I'm sorry, computers can be a bit difficult to understand at times. Let's try this.

Make sure your files are not hidden as shown in the other post on how to set them to unhidden.

Then rename the extension of the file. Extensions are the last parts of a file usually 3 characters. In this case .DLL and .REG

So please try to rename csnp2uvc.dll to csnp2uvc.txt

So please try to rename SERVICES.REG to SERVICES.TXT

Then on your reply you should see a green UPLOAD button towards the bottom right side under the text window with a Browse button next to it.

Click on the Browse button and browse to your DESKTOP where you copied the files and then click on the csnp2uvc.txt file. Then when the window comes back, click on the UPLOAD button. Doing it this way you may not be able to post both files as it may only allow you to attach 1 at a time. You might have to post a second time to attach the next one.

Let's see if that works or not.

Link to post
Share on other sites

Hi Alice,

Yes I'm sorry, computers can be a bit difficult to understand at times. Let's try this.

Make sure your files are not hidden as shown in the other post on how to set them to unhidden.

Then rename the extension of the file. Extensions are the last parts of a file usually 3 characters. In this case .DLL and .REG

So please try to rename csnp2uvc.dll to csnp2uvc.txt

So please try to rename SERVICES.REG to SERVICES.TXT

Then on your reply you should see a green UPLOAD button towards the bottom right side under the text window with a Browse button next to it.

Click on the Browse button and browse to your DESKTOP where you copied the files and then click on the csnp2uvc.txt file. Then when the window comes back, click on the UPLOAD button. Doing it this way you may not be able to post both files as it may only allow you to attach 1 at a time. You might have to post a second time to attach the next one.

Let's see if that works or not.

================================

SERVICES.txt

csnp2uvc.txt

SERVICES.txt

csnp2uvc.txt

Link to post
Share on other sites

Here is the Quick Scan I just did for myself. I'll send the MBAM /DEVELOPER one in a few moments...

===========================================

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 3

2/26/2009 10:22:30 AM

mbam-log-2009-02-26 (10-22-22).txt

Scan type: Quick Scan

Objects scanned: 57284

Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snp2uvc (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\csnp2uvc.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken.

Link to post
Share on other sites

Here is the MBAM /DEVELOPER I just completed (hope this is what you needed):

Malwarebytes' Anti-Malware 1.34

Database version: 1807

Windows 5.1.2600 Service Pack 3

2/26/2009 4:09:54 PM

mbam-log-2009-02-26 (16-09-41).txt

Scan type: Quick Scan

Objects scanned: 58286

Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken. [4642524945343638373084708387746870841301474853017089709378846893676676937484689

3777976937884689378807193778072935746459381697193807769]

Link to post
Share on other sites

Here is the log of a Full Scan I just did (hope it helps)

Malwarebytes' Anti-Malware 1.34

Database version: 1807

Windows 5.1.2600 Service Pack 3

2/26/2009 6:05:10 PM

mbam-log-2009-02-26 (18-05-00).txt

Scan type: Full Scan (C:\|)

Objects scanned: 89858

Time elapsed: 35 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004889.dll (Trojan.BHO) -> No action taken.

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004890.exe (Trojan.BHO) -> No action taken.

C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken.

Link to post
Share on other sites

  • Root Admin

Hi Alice,

You need to go to the UPDATE tab of the program and click on the Check for Updates button.

YOUR VERSION

Malwarebytes' Anti-Malware 1.34

Database version: 1802

CURRENT VERSION

Malwarebytes' Anti-Malware 1.34

Database version: 1807

Then you can delete the C:\WINDOWS\SERVICES.REG file and the new Folder and files you created.

The file C:\WINDOWS\system32\csnp2uvc.dll was a False Positive and should be removed from detection once you update the program.

Link to post
Share on other sites

Thank you AdvancedSetup.

I am getting confused. The message from nosirrrah said to ignore "sercies.reg"

Your thread states to "delete "services.reg" (what does that mean?)

You also said to delete the New Folder and files you created. (what does that mean?)

The C:\windows\system32\csnp2uvc.dll" was a F/P and will be removed.

The last log I sent you was a FULL scan and it shows 3 ERRORS:

#1- C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004889.dll (Trojan.BHO) -> No action taken.

#2- C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP8\A0004890.exe (Trojan.BHO) -> No action taken.

#3- C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> No action taken.

I believe the MBAM /DEVELOPER scan showed only ONE error (the 'Services Reg' one)....

My MB states:

Date: 2/26/09

version 1807

Fingerprints: 72178

I have MB on my other 3 computer and no problems. Wouldn't it be easier for me to just stop using MB on this new computer (even though I like MB)? As a senior citizen, this is really causing a lot of frustration for me.

Link to post
Share on other sites

  • Root Admin

Sorry to confuse you Alice.

1.

Bruce is just saying that you can put the SERVICES.REG file onto the IGNORE list and MBAM won't bother you about it anymore. I've looked at the file and I don't see any need or reason for it to be on the computer so you can delete it if you like or rename it to something else like OLDSTUFF.TXT and MBAM should then ignore it. You could also move it to another folder that is not in the Windows folder and MBAM should ignore it.

2.

I asked you to create a NEW folder on your desktop where you could copy those files. Well, we have them now and we're done so you can delete that folder and the files that are in it as they are no longer needed.

3.

The last part is the System Restore area which is not a threat to you right now, but we should clean it out now and reset NEW restore points, so please follow these instructions to do that.

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

If you have any other questions please let me know and I'll try to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.