We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Mbam log file!!
Sam2005
Posts: 224 Forumite
in Techie Stuff
I have attached a mbam-log file. What should I do next? should I delete all the files that are infected or clean them??
Please let me know the right method to get all these files cleaned.
WHAT ACTION SHOULD I TAKE???????
Thanks in advance.
Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3
15/04/2009 14:04:55
mbam-log
Scan type: Full Scan (C:\|)
Objects scanned: 143963
Time elapsed: 4 hour(s), 59 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Please let me know the right method to get all these files cleaned.
WHAT ACTION SHOULD I TAKE???????
Thanks in advance.
Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3
15/04/2009 14:04:55
mbam-log
Scan type: Full Scan (C:\|)
Objects scanned: 143963
Time elapsed: 4 hour(s), 59 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
0
Comments
-
Alienrik....combofix.txt
ComboFix 09-04-15.08 - SAM 15/04/2009 22:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.214 [GMT 1:00]
Running from: c:\documents and settings\SAM\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090415-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-02 23:39 . 2009-04-02 23:49
d
w c:\documents and settings\SAM\Application Data\uTorrent
2009-04-02 19:08 . 2009-04-02 19:08
d
w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-02 19:08 . 2009-04-02 19:08
d
w c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 23:39 . 2008-10-21 22:25
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 14:32 . 2008-10-21 22:25 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-10-21 22:25 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 23:39 . 2009-04-02 23:39
d
w c:\program files\uTorrent
2009-04-02 19:07 . 2005-10-29 17:04
d
w c:\program files\Google
2009-03-27 14:06 . 2009-02-28 20:41
d
w c:\program files\SUPERAntiSpyware
2009-03-11 11:38 . 2009-03-11 11:38 60640 ----a-w c:\documents and settings\CEEJA\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 00:35 . 2009-03-09 00:33
d
w c:\documents and settings\SAM\Application Data\vlc
2009-02-28 21:31 . 2009-02-21 08:43
d
w c:\documents and settings\All Users\Application Data\Wyyo
2009-02-28 20:42 . 2009-02-28 20:42
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-28 20:41 . 2009-02-28 20:41
d
w c:\documents and settings\SAM\Application Data\SUPERAntiSpyware.com
2009-02-28 20:39 . 2009-02-28 20:39
d
w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 08:28 . 2009-02-21 08:43
d
w c:\program files\Wyyo
2009-02-23 14:48 . 2009-02-23 14:48
d
w c:\documents and settings\Application Data\Malwarebytes
2009-02-21 09:06 . 2009-02-21 08:43
d
w c:\program files\Winferno
2009-02-21 08:56 . 2009-02-21 08:43
d
w c:\program files\My.Freeze.com Toolbar
2009-02-21 08:50 . 2009-02-21 08:50
d
w c:\documents and settings\All Users\Application Data\Winferno
2009-02-21 08:44 . 2009-02-21 08:44
d
w c:\program files\VideoLAN
2009-02-21 08:44 . 2009-02-21 08:44
d
w c:\program files\Free Offers from Freeze.com
2009-02-16 23:47 . 2006-12-24 23:08
d
w c:\program files\Windows Live Toolbar
2009-02-15 18:06 . 2007-11-11 18:31 60640 ----a-w c:\documents and settings\SAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-15 18:03 . 2006-08-20 08:07
d
w c:\program files\Real
2009-02-15 18:03 . 2006-08-20 08:07
d
w c:\program files\Common Files\Real
2009-02-15 18:00 . 2005-03-16 09:46
d--h--w c:\program files\InstallShield Installation Information
2009-02-09 11:13 . 2005-03-15 14:27 1846784 ----a-w c:\windows\system32\win32k.sys
2008-09-22 20:34 . 2008-09-22 20:34 137696 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-05-30 11:29 . 2007-05-30 11:29 60640 ----a-w c:\documents and settings\SAM\Application Data\GDIPFONTCACHEV1.DAT
2006-09-02 14:12 . 2006-09-02 14:04 180 ----a-w c:\documents and settings\SAM\Application Data\wklnhst.dat
2005-10-29 16:11 . 2005-10-29 16:11 46016 ----a-w c:\documents and settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-27 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 675840]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 24576]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 118784]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 73728]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-10-28 88363]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-01-21 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\SAM\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 Wyyo Service;Wyyo Service; [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-c:\program files\NetMeter\NetMeter.exe - c:\program files\NetMeter\NetMeter.exe0 -
Supplementary Scan
.
uStart Page = hxxp://news.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 22:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(420)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-04-15 22:49
ComboFix-quarantined-files.txt 2009-04-15 21:48
Pre-Run: 46,048,780,288 bytes free
Post-Run: 47,416,455,168 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
165 --- E O F --- 2009-03-22 13:390 -
Run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/kos_trialpay_offer
Post the whole log
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
AlienenRik...not able to run Kaspersky even after turning off 'AVAST', any other options??0
-
Installed Java...
Same problem again...do I have to stop running the Windows Firewall as well. Let me know how to stop it.0 -
Does it display any messages when you try to run it?
SCRIPTING must be allowed:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards