We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Malwarebytes Log-can anyone please check this?
Comments
-
Ok, just tried running MWB in normal mode and it's not letting me.0
-
I can't seem to get the malwarebytes updates because I can't seem to connect to the internet whilst in safe mode and it won't let me run malwarebytes whilst in normal mode! Any idea on what I can do? Thanks0
-
If you are having problems downloading the database via the program, you can now download it as an installer.
http://data.mbamupda.../mbam-rules.exeEx forum ambassador
Long term forum member0 -
Sorry to butt in on this post but i got infected with this system tool thing yesterday as well and its driving me round the twist!
It doesnt help that my computer is runing at a snails pace.
Have copied the rkill to a usb stick but icant open any of them as it asks permission on all of them which i allow but then does nothing.
Am having trouble downloading malware link as well - am i supposed to be doing any of this in safe mode?0 -
Hello Lynn - would you mind opening up a new thread so the advise doesn't get mixed.
Have you tried malwarebytes first? Download Malwarebytes Anti-Malware 1.50 - FileHippo.com0 -
Sorry - have managed to sort it out now from this thread - went back and did explorer.exe then beeping computer again.
Then installed avg anti virus free download instead of the avast one i had and did complete scan.
Wish i had looked on here last night!
Thanks to all posters on here.0 -
Ok, I managed to do it. Here's the latest log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5891
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
27/02/2011 15:25:55
mbam-log-2011-02-27 (15-25-55).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 291383
Time elapsed: 41 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\ibnohld06300\ibnohld06300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Louise\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57\30ef8e39-32eda26e (Spyware.Passwords) -> Quarantined and deleted successfully.0 -
Anyone? Thanks0
-
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
ComboFix 11-02-27.01 - Louise 27/02/2011 20:36:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.798 [GMT 0:00]
Running from: c:\users\Louise\Downloads\QWERTY.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Louise\AppData\Roaming\.#
c:\users\Louise\AppData\Roaming\.#\MBX@1228@652990.###
c:\users\Louise\AppData\Roaming\.#\MBX@1228@6529C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@1228@6529F0.###
c:\users\Louise\AppData\Roaming\.#\MBX@12E0@1D12990.###
c:\users\Louise\AppData\Roaming\.#\MBX@12E0@1D129C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@12E0@1D129F0.###
c:\users\Louise\AppData\Roaming\.#\MBX@1748@1C32990.###
c:\users\Louise\AppData\Roaming\.#\MBX@1748@1C329C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@1748@1C329F0.###
c:\users\Louise\AppData\Roaming\.#\MBX@19D0@1E02990.###
c:\users\Louise\AppData\Roaming\.#\MBX@19D0@1E029C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@19D0@1E029F0.###
c:\users\Louise\AppData\Roaming\.#\MBX@1AC8@1752990.###
c:\users\Louise\AppData\Roaming\.#\MBX@1AC8@17529C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@1AC8@17529F0.###
c:\users\Louise\AppData\Roaming\.#\MBX@25D0@362990.###
c:\users\Louise\AppData\Roaming\.#\MBX@25D0@3629C0.###
c:\users\Louise\AppData\Roaming\.#\MBX@25D0@3629F0.###
c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-27 20:42 . 2011-02-27 20:43
d
w- c:\users\Louise\AppData\Local\temp
2011-02-27 20:42 . 2011-02-27 20:42
d
w- c:\users\Lou\AppData\Local\temp
2011-02-27 20:42 . 2011-02-27 20:42
d
w- c:\users\Default\AppData\Local\temp
2011-02-27 19:47 . 2011-02-27 19:47
d
w- c:\users\Louise\AppData\Roaming\Birdstep Technology
2011-02-27 19:44 . 2011-02-27 19:44
d
w- c:\program files\3 Mobile Broadband
2011-02-27 17:17 . 2011-02-27 17:17
d
w- c:\windows\system32\ca-ES
2011-02-27 17:17 . 2011-02-27 17:17
d
w- c:\windows\system32\eu-ES
2011-02-27 17:17 . 2011-02-27 17:17
d
w- c:\windows\system32\vi-VN
2011-02-27 15:39 . 2011-02-27 15:39
d
w- c:\windows\system32\EventProviders
2011-02-27 11:11 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 11:11 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 11:09 . 2011-02-27 11:18
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 22:13 . 2011-02-26 22:13
d
w- c:\program files\FileHippo.com
2011-02-26 20:42 . 2011-02-26 20:42
d
w- c:\users\Louise\AppData\Roaming\Malwarebytes
2011-02-26 20:42 . 2011-02-26 20:42
d
w- c:\programdata\Malwarebytes
2011-02-26 17:12 . 2011-02-27 15:25
d
w- c:\programdata\iBnOhLd06300
2011-02-25 08:41 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97593A37-E179-4D1A-8C96-166E1A3F60AB}\mpengine.dll
2011-02-24 07:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-08 18:51 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 18:50 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-08 18:50 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-08 18:50 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 18:30 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 18:30 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 18:30 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2010-04-27 05:39 222080
w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 19:30 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 15:36 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-08 842248]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-24 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-20 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-01-02 16:06 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-01-02 16:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-01-02 16:07 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-08 1352832]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-17 64288]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-05 41456]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe [2009-01-29 578920]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 08:05]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 08:05]
2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{B3DC799B-D563-47E1-B168-B99F3AA19B61}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: {AB0D261F-5B54-4687-8734-903581A0758D} = 217.171.132.1 217.171.135.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\fbhw1chn.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 20:43
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-27 20:44:51
ComboFix-quarantined-files.txt 2011-02-27 20:44
Pre-Run: 41,264,422,912 bytes free
Post-Run: 42,229,821,440 bytes free
- - End Of File - - A4566E8550483CB044AFD4457B8A62530
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards