5 replies to this topic

[Bunny]

PC slow and firefox crashing sometimes. ran Stopzilla and reported attached tojans and viruses but Malwarebytes did not. Used Malwarebytes successfully in the passed.
Help/ comments welcome . Thanks

Attached Files

•  scan_results.doc   429K   59 downloads

[nosirrah]

You need to save a log in text format the same way you can with Malwarebytes .

This allows easy research , the attached file is not readable .

[Bunny]

nosirrah, on Jun 23 2009, 12:48 PM, said:

You need to save a log in text format the same way you can with Malwarebytes .

This allows easy research , the attached file is not readable .

Thanks for reply. See below:

Malwarebytes' Anti-Malware 1.38
Database version: 2325
Windows 5.1.2600 Service Pack 3

6/23/2009 12:07:06 PM
mbam-log-2009-06-23 (12-07-06).txt

Scan type: Quick Scan
Objects scanned: 103245
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the SOPzilla:
Warning/Detection Process enforcer 2009-06-23 11:47:26 Monitoring process c:\program files\microsoft office\office11\outlook.exe
Information Registry enforcer 2009-06-23 10:19:08 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:19:08 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:19:07 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:19:06 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 10:19:06 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:19:05 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 10:19:04 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:19:03 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 10:19:03 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:18:58 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 10:18:55 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-06-23 10:18:44 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 10:18:42 Inspecting WinSock registry (LSP Chain)
Information General 2009-06-23 10:18:38 Completed system scan.
Warning/Detection Process enforcer 2009-06-23 10:06:02 Monitoring process c:\program files\microsoft office\office11\outlook.exe
Information Registry enforcer 2009-06-23 07:59:53 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-06-23 07:59:41 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information General 2009-06-23 07:59:21 Started system scan.
Block/Extraction File enforcer 2009-06-23 07:59:13 Deleted file: c:\program files\autorun eater\oldmcdonald.exe
Block/Extraction File enforcer 2009-06-23 07:58:36 Quarantined file: c:\program files\autorun eater\oldmcdonald.exe
Block/Extraction File enforcer 2009-06-23 07:58:33 Deleted file: c:\program files\autorun eater\billy.exe
Information Registry enforcer 2009-06-23 07:58:32 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction Registry enforcer 2009-06-23 07:58:23 Deleted registry value DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system
Warning/Detection COM enforcer 2009-06-23 07:58:23 Detected malicious registry entry DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system
Block/Extraction Registry enforcer 2009-06-23 07:58:19 Suppressing application from run key (C:\Program Files\Autorun Eater\oldmcdonald.exe)
Block/Extraction Registry enforcer 2009-06-23 07:58:15 Deleted registry value DisableTaskMgr in hkus\S-1-5-21-185237537-1845633140-2465809026-1005\software\microsoft\windows\currentversion\policies\system
Warning/Detection COM enforcer 2009-06-23 07:58:15 Detected malicious registry entry DisableTaskMgr in hkus\S-1-5-21-185237537-1845633140-2465809026-1005\software\microsoft\windows\currentversion\policies\system
Block/Extraction Registry enforcer 2009-06-23 07:58:11 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
Information Registry enforcer 2009-06-23 07:58:08 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-06-23 07:58:06 Quarantined file: c:\program files\autorun eater\billy.exe
Block/Extraction Process enforcer 2009-06-23 07:58:06 Terminated process: (3664) c:\program files\autorun eater\oldmcdonald.exe
Block/Extraction Process enforcer 2009-06-23 07:58:06 Terminated process: (4016) c:\program files\autorun eater\billy.exe
Block/Extraction Registry enforcer 2009-06-23 07:58:06 Suppressing application from run key (C:\Program Files\Autorun Eater\oldmcdonald.exe)
Warning/Detection Process enforcer 2009-06-23 07:58:06 Monitoring process c:\program files\microsoft office\office11\outlook.exe
Information General 2009-06-23 07:46:48 SITEguard definition update 5.0.42.28 successfully applied.
Information General 2009-06-23 07:46:30 Malicious Site definition update (06/18/2009 01:46 PM GMT) successfully applied.
Information General 2009-06-23 07:46:30 Exploit definition update (06/19/2009 03:50 PM GMT) successfully applied.
Information General 2009-06-23 07:46:27 Request to update definitions completed successfully.
Information General 2009-06-23 07:46:18 Anti-Spyware Incremental definition update 5.0.42.28 successfully applied.
Information General 2009-06-23 07:46:14 Anti-Spyware Incremental definition update 5.0.42.27 successfully applied.
Information General 2009-06-23 07:46:11 Anti-Spyware Incremental definition update 5.0.42.26 successfully applied.
Information General 2009-06-23 07:46:07 Anti-Spyware Incremental definition update 5.0.42.25 successfully applied.
Information General 2009-06-23 07:46:02 Anti-Spyware Incremental definition update 5.0.42.24 successfully applied.
Information General 2009-06-23 07:46:00 Anti-Spyware Incremental definition update 5.0.42.23 successfully applied.
Information General 2009-06-23 07:45:56 Anti-Spyware Incremental definition update 5.0.42.22 successfully applied.
Information General 2009-06-23 07:45:54 Anti-Spyware Incremental definition update 5.0.42.20 successfully applied.
Information General 2009-06-23 07:45:53 Anti-Spyware Incremental definition update 5.0.42.19 successfully applied.
Information General 2009-06-23 07:45:53 Anti-Spyware Incremental definition update 5.0.42.18 successfully applied.
Information General 2009-06-23 07:45:46 Anti-Spyware Incremental definition update 5.0.42.17 successfully applied.
Information General 2009-06-23 07:45:46 Anti-Spyware Incremental definition update 5.0.42.16 successfully applied.
Information General 2009-06-23 07:45:42 Anti-Spyware Full definition update 5.0.42.15 successfully applied.
Information Internet ExplorerSiteguard 2009-06-23 06:45:06 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2009-06-23 06:45:06 Inspecting registered Explorer bars
Information Registry enforcer 2009-06-23 06:45:06 Inspecting registered Browser Helper Objects (BHOs)
Information Process enforcer 2009-06-23 06:45:01 Starting process watcher
Information Internet ExplorerSiteguard 2009-06-22 22:47:04 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2009-06-22 22:47:04 Inspecting registered Explorer bars
Information Registry enforcer 2009-06-22 22:47:04 Inspecting registered Browser Helper Objects (BHOs)
Information Process enforcer 2009-06-22 22:47:03 Starting process watcher



Thanks again.
Bunny

Attached Files

•  SZEventLog.txt   13.69K   36 downloads

[nosirrah]

That text log does not match your picture in your first post .

I need a text log of malware detections that are shown in the pictures .

[Bunny]

nosirrah, on Jun 23 2009, 01:21 PM, said:

That text log does not match your picture in your first post .

I need a text log of malware detections that are shown in the pictures .

Thanks for the reply.
I re-ran the scan but the log only contains the information posted and does not have a text log with the actual detections. Must be a program design so that you have to purchase the full version to remove them but I'm not yet convinced they are real.

[nosirrah]

I was hoping to get some data I could research , it is likely that there were a lot of FPs in there .

Stopzilla is one a handful of applications that while not rogue , certainly are not recommended .