Jump to content

Recommended Posts

This is the most recent Malwarebytes log I have - dated 5/24/10 - despite the fact that I've run scans almost daily - in fact I ran a full scan this morning - no log - no infections detected. My most recent mbam logs were directed to C:\Program Files\Malwarebytes' Antimalware\mbam-log-2010-05-24 (19-14-05) - sorry there are no more recent mbam logs - I know this info no longer applies. Thank you for your help! DDS and GMER logs follow below.

-------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4140

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/24/2010 7:14:05 PM

mbam-log-2010-05-24 (19-14-05).txt

Scan type: Full scan (C:\|)

Objects scanned: 214792

Time elapsed: 1 hour(s), 6 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Data Protection (Rogue.DataProtection) -> No action taken.

Files Infected:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2009\A0293236.dll (Malware.Packer.Gen) -> No action taken.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2011\A0293390.dll (Malware.Packer.Gen) -> No action taken.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2011\A0293391.dll (Malware.Packer.Gen) -> No action taken.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2011\A0293395.exe (Malware.Packer.Gen) -> No action taken.

----------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Linda Cross at 9:43:09.06 on Tue 06/01/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.199 [GMT -7:00]

AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Documents and Settings\Linda Cross\Desktop\Virus Removal Tool1\setup_9.0.0.722_01.06.2010_09-31[1]\setup_9.0.0.722_01.06.2010_09-31[1].exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Linda Cross\Local Settings\Temporary Internet Files\Content.IE5\V4J5P2X8\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://phoenix.cox.net/cci/home

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

mURLSearchHooks: H - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

StartupFolder: c:\docume~1\lindac~1\startm~1\programs\startup\setup_~2.lnk - c:\documents and settings\linda cross\desktop\virus removal tool1\setup_9.0.0.722_01.06.2010_09-31[1]\startup.exe

StartupFolder: c:\docume~1\lindac~1\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\linda cross\desktop\virus removal tool\setup_9.0.0.722_28.05.2010_11-31\startup.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: alpineaccess.com

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: musicmatch.com\online

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559981937

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5957/mcfscan.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

mASetup: {33E00BF6-D344-4362-838B-2F9790234042} - rundll32 qfoneu71.dll,laspi

============= SERVICES / DRIVERS ===============

R0 00164472;00164472 Boot Guard Driver;c:\windows\system32\drivers\00164472.sys [2010-5-28 37392]

R0 11906432;11906432 Boot Guard Driver;c:\windows\system32\drivers\11906432.sys [2010-5-31 37392]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-5 385536]

R1 00164471;00164471;c:\windows\system32\drivers\00164471.sys [2010-5-28 128016]

R1 11906431;11906431;c:\windows\system32\drivers\11906431.sys [2010-5-31 128016]

R1 bfbe;bfbe;c:\windows\system32\bfbe.sys [2010-4-21 75264]

R1 setup_9.0.0.722_01.06.2010_09-31[1]drv;setup_9.0.0.722_01.06.2010_09-31[1]drv;c:\windows\system32\drivers\1190643.sys [2010-5-31 315408]

R1 setup_9.0.0.722_28.05.2010_11-31drv;setup_9.0.0.722_28.05.2010_11-31drv;c:\windows\system32\drivers\0016447.sys [2010-5-28 315408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-12 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-12 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-12 144704]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-12 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-5 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-5 40552]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\mpenginestore\mpksla3c22b50.sys --> c:\windows\system32\mpenginestore\MpKsla3c22b50.sys [?]

S2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-5 34248]

S3 utqxodiy;AVZ Kernel Driver;c:\windows\system32\drivers\utqxodiy.sys [2010-6-1 7168]

=============== Created Last 30 ================

2010-06-01 12:34:50 0 ----a-w- c:\documents and settings\linda cross\defogger_reenable

2010-06-01 07:14:37 7168 ----a-w- c:\windows\system32\drivers\utqxodiy.sys

2010-06-01 06:56:46 37392 ----a-w- c:\windows\system32\drivers\11906432.sys

2010-06-01 06:56:46 315408 ----a-w- c:\windows\system32\drivers\1190643.sys

2010-06-01 06:56:46 128016 ----a-w- c:\windows\system32\drivers\11906431.sys

2010-05-28 17:52:33 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cafe8e8cb9d7e2.mof

2010-05-28 08:18:40 37392 ----a-w- c:\windows\system32\drivers\00164472.sys

2010-05-28 08:18:40 315408 ----a-w- c:\windows\system32\drivers\0016447.sys

2010-05-28 08:18:40 128016 ----a-w- c:\windows\system32\drivers\00164471.sys

2010-05-28 07:35:09 0 d-----w- C:\ea

2010-05-24 22:27:36 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS

2010-05-24 19:59:52 0 d-----w- c:\windows\system32\MpEngineStore

2010-05-22 12:50:35 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-05-20 21:02:22 10218 ----a-w- c:\windows\system32\rof

2010-05-20 21:02:21 67584 ----a-w- c:\windows\system32\klgd.bmp

2010-05-20 12:47:38 7304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-20 01:55:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard

2010-05-20 01:55:10 7000064 ---ha-w- C:\SZKGFS.dat

2010-05-20 01:53:50 0 d-----w- c:\program files\common files\iS3

2010-05-20 01:53:48 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-05-17 21:28:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-17 21:28:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-17 00:54:32 0 ----a-w- C:\debug

2010-05-17 00:40:39 112 ----a-w- c:\docume~1\alluse~1\applic~1\JOJr2m.dat

2010-05-15 19:13:29 0 d-----w- c:\program files\RegWork

2010-05-12 17:14:47 13169 ----a-w- c:\windows\system32\Config.MPF

2010-05-12 16:28:51 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-05-12 16:28:02 0 d-----w- c:\program files\common files\McAfee

2010-05-12 13:52:53 0 d-----w- C:\mb

2010-05-12 13:40:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-05-11 06:32:42 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-29 02:51:30 10752 ----a-w- C:\exefix_xp.com

2010-04-26 22:58:12 256512 ----a-w- c:\windows\PEV.exe

2010-04-21 17:15:23 75264 ----a-w- c:\windows\system32\bfbe.sys

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll

2008-07-26 20:59:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072620080727\index.dat

============= FINISH: 9:47:02.21 ===============

Attach.txt.zip

Link to post
Share on other sites

Forgot to add this information to my previous post - have no idea of what it means - hope it will help you to determine what problems my computer is having.

After GMER completed I clicked on Internet Explorer so that I could post the logs - a blue screen appeared with the following information:

STOP.c0000145 {Application Error} the application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

Beginning dump of physical memory

Physical memory dump complete. Contact your system administrator or technical support group for futher assistance.

At this point I restarted my machine and received the following error message:

Microsoft Windows error message -

The system has recovered from a serious error. A log of this error has been created - for more information click here. The is the information that came up when I clicked:

Error signature

BC Code: c0000145

BCP1: C0000005

BCP2: 00000000

BCP3: 00000000

BCP4: 00000000

OS Ver: 5_1_2600

SP: 3_0

PRODUCT: 768_1

To view technical information about the error report, click here:

Error Report Contents:

The following files will be included in this error report:

c:\DOCUME~1\LINDAC~1\Temp\WERaff5.dir00\Mini060110-01.dmp

c:\DOCUME~1\LINDAC~1\Temp\WERaff5.dir00\sysdata.xml

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.