Jump to content

Recommended Posts

Dear MBAM forum,

Could an expert please advise whether to remove the following three items found today by MBAM?

- My computer has displayed no abnormal symptoms (eg. popups etc.)

- My Anti-virus (Panda Security) has not found any infections (full system scan and reviewed logs)

- Ran MBAM for the first time today and it found 3 infections (report below)

- HJT report below as well

I am new to the forum so please forgive any mistakes made in posting.

Thanks so much in advance!

My setup:

- Windows XP SP3

- Panda

- MBAM

- Firefox

MBAM LOG

Malwarebytes' Anti-Malware 1.30

Database version: 1437

Windows 5.1.2600 Service Pack 3

30.11.2008 18:33:17

MBAM Log

Scan type: Quick Scan

Objects scanned: 55453

Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:25:49, on 30.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\oodag.exe

C:\Programme\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Programme\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe

C:\Programme\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Programme\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Programme\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\programme\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Programme\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Programme\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Programme\Malwarebytes' Anti-Malware\mbam.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [\\P25115N1\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P37 "\\P25115N1\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun

O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Programme\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [\\P25115N1\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P37 "\\P25115N1\EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Device Detection] C:\Programme\Photo Dose\dd.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Cyber-shot Viewer-Medien-Pr

Link to post
Share on other sites

Thanks for your patience. The forums have been flooded with requests and the volunteers have been working as time permits. If you are still in need of assistance, please post back a fresh HijackThis log. Thanks!

Link to post
Share on other sites

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> No action taken.

These are traces from malware removed in the past .

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Your run box is hidden from your start menu . We cant tell if malware did this or it is the result of intentional actions or software so we fix it to be on the safe side assuming that expert users will understand what this detection is if they indeed disabled it themselves .

Link to post
Share on other sites

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.