mikispiki
Honorary Members-
Posts
44 -
Joined
-
Last visited
Reputation
0 Neutral-
Hello, MBAM doesn't seem to detect the file at all now. I have no interest in the file, however I will attatch the log and zipped file protection-log-2014-10-22.txt TimeProtect.zip
-
Hi MBAM picked this FP in real time . DETECTION C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\TimeProtect.dll Trojan.Agent.ED QUARANTINE When scanned MBAM not detecting . Tried to upload the file and was told i am not permitted
-
Private Internet Access
mikispiki replied to mikispiki's topic in Malwarebytes for Windows Support Forum
Cheers, i will keep that in mind. -
Private Internet Access
mikispiki replied to mikispiki's topic in Malwarebytes for Windows Support Forum
No, I think you are on the ball. Like you say, it's no use using an exclusion, as the location rubyw.exe changes everytime. I have read the explanation from the PIA forum, and it's a little too techy for me to understand. My solution was to turn off MBAM notifications. However I ve noticed some times my vpn connection is lost, and it could be MBAM that has caused this. I think all i can do, is disable website blocking, when using the vpn.Which is a shame. Perhaps when my subscription runs out for PIA ( not for 10 months ) I will look for another vpn Many thanks -
Hello, I am using a paid vpn. Everytime i use the program MBAM pops up, with a malicious website blocked, it continues as long as i use the program. For example Detection, 15/04/2014 20:29:38, SYSTEM, MICHAEL-TOSH, Protection, Malicious Website Protection, IP, 93.115.82.54, 55875, Outbound, C:\Users\zzzzzzzzzzzzz\AppData\Local\Temp\ocrC492.tmp\bin\rubyw.exe, IP, 93.115.82.54, 55875, , IP, 37.221.165.196, 55898, IP, 93.115.85.34, 56001, IP, 93.115.85.39, 56649, IP, 93.115.85.39, 56666, IP, 93.115.85.39, 56693, IP, 93.115.85.39, 56714, IP, 93.115.85.39, 56735, IP, 93.115.85.39, 56753, IP, 93.115.85.39, 56776, IP, 93.115.85.39, 56803, IP, 37.221.165.196, 56880, This is a couple of minutes worth.Obviously I cannot keep adding them to exclusions Now, i reported a bug yesterday, https://forums.malwarebytes.org/index.php?showtopic=146586 My question is, are these detections specifically realted to version 2, because I did not have them prior to yesterday, when i upgraded to version 2 I will revert to 1.75 tomorrow and block updates. Is this a mistake , thank you (end)
-
Version 2 Context Scanning
mikispiki replied to mikispiki's topic in Malwarebytes for Windows Support Forum
I see. Do you think you could reply a bit faster next time 1 minute is a long time to wait for an answer. Only joking. Your support is always fantastic. Many thanks. I will try and amend my title, if that's possible . -
Hello , I have just updated to the new version. I right click and scan a lot of files. On my desktop ( version 1.75 i believe ) a scan on a file took 6 seconds. On my laptop ( version 2 ) 3 minutes 30 seconds. 90% of that was pre scanning Just tried another file ( word doc 3mb ) scan time 4 minutes 20 secs. Is this normal, or a bug. Many thanks
-
Yeah, me too. I am getting lots for 54.240.166.123 54.240.166.3 54.240.166.235 54.240.166.239 Can't really pinpoint them, but I really am not concerned. At one point I was getting some them from two sites, but this is no longer the case. If it continues, i will tell MBAM to ignore them
-
I take my hat off to you. Super fast fix. The reputation of the program and it's staff is amazing.
-
Me too, cannot access internet without turning off website blocking. This happened after last update version v2013.02.23.03. Please fix ASAP, thanks
-
IP-BLOCK 204.160.98.253 (Type: outgoing)
mikispiki replied to mikispiki's topic in Resolved Malware Removal Logs
Hello again Maurice, tried the edited fix, unfortunately no joy. Left it for 1 and half hours , had to pull the plug. It just said " killing process do not interrupt ". I gave it another go, same again. I seriously appreciate your help and time. However , I think it's time it call it a day. I've taken enough of your valuable time. Please mark the post resolved. Take care and thanks Mick -
IP-BLOCK 204.160.98.253 (Type: outgoing)
mikispiki replied to mikispiki's topic in Resolved Malware Removal Logs
Hi again Maurice, I too saw the registry disabled entry, but I've been into regedit tonight , no problems. I will run your amended fix tomorrow and post back. I can't do these things near bedtime, they prey on my mind and keep me awake. I once got up at 3 in the morning to sort something out and had to take a day off work through lack of sleep Once again, thank you -
IP-BLOCK 204.160.98.253 (Type: outgoing)
mikispiki replied to mikispiki's topic in Resolved Malware Removal Logs
Hello again maurice, I opened OTL pasted the fix and run it. All i got was the " killing process " for about two hours. In the end I decided to pull the plug. No damage done. Unless you have reason to think there is an infection, I will love you and leave you . The two 10.tmp registry entries [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND, would appear to me to be from Sophos anti rootkit, which creates memsweep2 service.I have had this in the past, perhaps after deleting it left the registry entries behind I looked for 10.tmp in the 32 folder and found nothing. Thank you kindly for your time and help, it's much appreciated. Cheers Mick -
IP-BLOCK 204.160.98.253 (Type: outgoing)
mikispiki replied to mikispiki's topic in Resolved Malware Removal Logs
Hello again Maurice, many thanks for your reply. I will follow your instructions tomorrow, and post back. Regarding the registry entries found by Roguekiller ( 10 tmp ) Is it possible they once belonged to Sophos rootkit remover. That program has definitely been on the machine years ago . It does create a tmp file http://www.bleepingcomputer.com/startups/MEMSWEEP2-22472.html Once again, I thank you for your time and advice -
IP-BLOCK 204.160.98.253 (Type: outgoing)
mikispiki replied to mikispiki's topic in Resolved Malware Removal Logs
Hello Maurice, my sincerest apologies, if this is a wild goose chase. I ran RK, i saved the log, when i tried to close the program, it asked me if i wa sure i wanted to close without deleting 4 entries. Upon inspection, i deleted them QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Mon Sep 24 18:20:42 2012 Machine ID: C88362F1 No infection found. ------------------- Processes --------- Acronis Scheduler 2 544 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe Avira Free Antivirus 280 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Avira Free Antivirus 560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe Avira Free Antivirus 2548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe Avira Free Antivirus 1872 C:\Program Files\Avira\AntiVir Desktop\sched.exe LightScribe 244 C:\Program Files\Common Files\LightScribe\LSSrvc.exe Malwarebytes Anti-Malware 1472 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Malwarebytes Anti-Malware 708 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe Malwarebytes Anti-Malware 1152 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Microsoft® Windows® Operating System 1796 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 2928 C:\WINDOWS\system32\wscntfy.exe Modem 1528 C:\WINDOWS\system32\slserv.exe Part of S3 Screen Toys 292 C:\WINDOWS\system32\VTTrayp.exe Realtek Sound Manager 284 C:\WINDOWS\SOUNDMAN.EXE RoboForm 356 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe S3 Graphics, Inc. Utilities 316 C:\WINDOWS\system32\VTTimer.exe Sandboxie 336 C:\Program Files\Sandboxie\SbieCtrl.exe Sandboxie 1160 C:\Program Files\Sandboxie\SbieSvc.exe Secunia Update Agent 1284 C:\Program Files\Secunia\PSI\sua.exe (verified) Microsoft® Windows® Operating System 1488 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 3296 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 324 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1588 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1660 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 2024 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 748 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 712 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 1480 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 3736 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (1480) connected on port 80 (HTTP) --> 173.194.34.66 Process iexplore.exe (1480) connected on port 80 (HTTP) --> 199.7.71.190 Process svchost.exe (1068) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE Avira Free Antivirus C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Part of S3 Screen Toys C:\WINDOWS\system32\VTTrayp.exe Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE RoboForm C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe S3 Graphics, Inc. Utilities C:\WINDOWS\system32\VTTimer.exe Sandboxie C:\Program Files\Sandboxie\SbieCtrl.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll Java Deployment Toolkit 7.0.50.255 C:\WINDOWS\system32\npDeployJava1.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll NAVAPI C:\WINDOWS\Downloaded Program Files\navapi32.dll NPSWF32_11_4_402_265.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll RoboForm C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll VLC Web Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll WholeSecurity Confidence Online for C:\WINDOWS\Downloaded Program Files\AXXPEE.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Scan ---- MD5: 0798951ae42d1161cf1e6cf4280cc8eb C:\Program Files\Avira\AntiVir Desktop\aecore.dll MD5: cd7b65e600b8ebc91b292c1ac9ec1215 C:\Program Files\Avira\AntiVir Desktop\aeemu.dll MD5: bc6e22138c02f41028b46e2b600b4833 C:\Program Files\Avira\AntiVir Desktop\aeexp.dll MD5: 4418d5e1aef2de478f2dfa84e1854e4f C:\Program Files\Avira\AntiVir Desktop\aegen.dll MD5: 0109c5101dd4520719f912a32ded5946 C:\Program Files\Avira\AntiVir Desktop\aehelp.dll MD5: 5c2e390fc6db4d006e4cf761f1247bd3 C:\Program Files\Avira\AntiVir Desktop\aeheur.dll MD5: 56a0f81c7513b9ca4ed975e42f4edb0d C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll MD5: b095d4f78a2fa9bd627855f368113e81 C:\Program Files\Avira\AntiVir Desktop\aepack.dll MD5: cf28139a8aecbf3bec26ca1a16fd69cf C:\Program Files\Avira\AntiVir Desktop\aerdl.dll MD5: 64605b72b605dede66d38e3d7094e73b C:\Program Files\Avira\AntiVir Desktop\aesbx.dll MD5: 011c74cf75ea6e0b5ab816e2d94f8257 C:\Program Files\Avira\AntiVir Desktop\aescn.dll MD5: 64ee0157ea4927c79005e316b0c7a0b7 C:\Program Files\Avira\AntiVir Desktop\aescript.dll MD5: e75a782a8c218d03a0af54325132bc70 C:\Program Files\Avira\AntiVir Desktop\aevdf.dll MD5: 01bddcb32f78945604b3a67fed497db3 c:\program files\avira\antivir desktop\avesvc.dll MD5: c05e10ac65ce218ea116a9af5b250e00 c:\program files\avira\antivir desktop\avesvcr.dll MD5: 434d3aff60ee877a2d1cade7016af4c3 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll MD5: 1ae773142781013f32ae19d0404879fa C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL MD5: f4202f68bb3b9a08822238d9017ec638 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe MD5: c9a36ef935aced86aedf93e97e606911 C:\Program Files\Avira\AntiVir Desktop\avguard.exe MD5: 4200272ee793c5e139365e0afe9aab5b C:\Program Files\Avira\AntiVir Desktop\avipc.dll MD5: a04dd0e3c71fe7ac602b573b1b03758f c:\program files\avira\antivir desktop\avpref.dll MD5: 3754883925ea66a2ecf47747ba91b7f6 c:\program files\avira\antivir desktop\avreg.dll MD5: 52233c5d1890811c552068015afe27df C:\Program Files\Avira\AntiVir Desktop\avshadow.exe MD5: 19439b245c71a5c0c62af5671ed078e8 c:\program files\avira\antivir desktop\ccgen.dll MD5: 0a0f3612a73619a755c596a4441f25d9 c:\program files\avira\antivir desktop\ccgenrc.dll MD5: 126b2f509341c36d99bd15188592123a c:\program files\avira\antivir desktop\ccgrdrc.dll MD5: 7e6ba46e48a45dbad5aade3510598bdd c:\program files\avira\antivir desktop\ccgrdw.dll MD5: db7f445e3a62f96b8e5b4b61bcffd22e c:\program files\avira\antivir desktop\ccguard.dll MD5: 795d4835ce714f4a0c601766134f344b c:\program files\avira\antivir desktop\cclic.dll MD5: 5ac47e3ac56e5e8827c9c593cb86881e c:\program files\avira\antivir desktop\cclicrc.dll MD5: 82464461acdfba6b876bf9f74a66bcbb c:\program files\avira\antivir desktop\ccmainrc.dll MD5: 388129c269db1db1e36d89c8d27c330f c:\program files\avira\antivir desktop\ccmsg.dll MD5: 9d1c5d971235a5e84b1c25e7cefc52e4 c:\program files\avira\antivir desktop\ccmsgrc.dll MD5: 06f93da727d348689707611448470c9e c:\program files\avira\antivir desktop\ccupdate.dll MD5: 0800ff435a29dcd07d275798cfeb6ef2 c:\program files\avira\antivir desktop\ccupdrc.dll MD5: 5336c3171a5b80bb58220fe4ed795e47 C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll MD5: 8e95eeecc7ec8624a360d4ee73e8e140 c:\program files\avira\antivir desktop\ccwgrd.dll MD5: 0915ef55171347230e465c98fa44dded C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll MD5: 13b7445daad8ea6774d65fd9def5d199 c:\program files\avira\antivir desktop\cfglib.dll MD5: 670690fd78d7a14ff6b2579502c7fffb c:\program files\avira\antivir desktop\gpavgio.dll MD5: 0d99e1210ecbc560e53fd759cfa4eab5 c:\program files\avira\antivir desktop\gpgen.dll MD5: 729f4d9ec5e17a5588dd187d0f5f2738 c:\program files\avira\antivir desktop\gpgenrep.dll MD5: 991f2c676b636e475cb9c8c30ed8e570 c:\program files\avira\antivir desktop\gpgrd.dll MD5: c2c2335e62da083e06bd99a70dfa8785 c:\program files\avira\antivir desktop\gpgui.dll MD5: 80126bc6148cad0fdb4eff948232dc34 c:\program files\avira\antivir desktop\gpipc.dll MD5: 2ec0d1737c05adb6156c65bd4a2613f6 c:\program files\avira\antivir desktop\gplegacy.dll MD5: c48e0d43530060cad4a0b231b10eb5ba c:\program files\avira\antivir desktop\gpschd.dll MD5: 3ef34ffab47a2ecf4ce395edb6d15334 C:\Program Files\Avira\AntiVir Desktop\grdcore.dll MD5: ea196c9873949a3d2050c86b7ae95fdd C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll MD5: 31222a7f19ef7013fd43e47168e4400a c:\program files\avira\antivir desktop\onlcfg.dll MD5: 3b31850fff112be58294896eb9f684f1 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll MD5: 0a1cc583e8147004e4ad4625d7fbf88c C:\Program Files\Avira\AntiVir Desktop\sched.exe MD5: 453a81f0537d7619bdc677e9a733c3fa C:\Program Files\Avira\AntiVir Desktop\schedr.dll MD5: 503fe48bc3b68f40018520aeae3beac1 C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MD5: 93e118b465160d9d01907ea3350353ca C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe MD5: ab8134127f786c9603817b5318dceeaa C:\Program Files\Common Files\LightScribe\LSSrvc.exe MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Google\Picasa3\npPicasa3.dll MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll MD5: 028fd0e10b2248c75f07e2fec2562e2e C:\Program Files\Internet Explorer\ieproxy.dll MD5: bc95b80d8699f3ecccc467bff97fd9a4 C:\Program Files\Internet Explorer\xpshims.dll MD5: 923bb61d913c37eab1570f236ccdce41 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll MD5: 420e9bf21339f51b31df4194d5a0e12e C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll MD5: e0d2f6bf46e6053193faa3e294d657ff C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MD5: aebdb652d9273ad61e10c5d8f51c86fb C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll MD5: 0dcf16b1449811efa47ab52cac84093c C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe MD5: 9eaaba4d601004bea4daa6e146e19a96 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: cb8af049ac9be419a77adae288673359 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe MD5: 12df9c0c576875866d040518222ae08a C:\Program Files\Sandboxie\SbieCtrl.exe MD5: 913311f5f69932adc29b0ff3015494cd C:\Program Files\Sandboxie\SbieDll.dll MD5: 224049c51e2c2d07b02b1bed262976a1 C:\Program Files\Sandboxie\SbieDrv.sys MD5: 3129023cef1a2225665d44f9545daed4 C:\Program Files\Sandboxie\SbieSvc.exe MD5: 1ce8490e8919ef5c72275952c202e749 C:\Program Files\Secunia\PSI\PSIA.exe MD5: 9337c7c45392a32cac5e59ddac0d0342 C:\Program Files\Secunia\PSI\sua.exe MD5: 352f2c9cd0fa40e7f61f01ca72c64424 C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL MD5: 7b52a122d3e9ee55dbe476e56bf20edf C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe MD5: 1f8ffde82c52353906244afdc6baf2ab C:\Program Files\VideoLAN\VLC\npvlc.dll MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: a5e06a91cf82d97985c90b12fee33a01 C:\WINDOWS\Downloaded Program Files\avsniff.dll MD5: 457af40a5dbd3a0a8a3d968dee7d27ea C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll MD5: 9c2410960d8425bb70161787ff2fd8a1 C:\WINDOWS\Downloaded Program Files\AXXPEE.dll MD5: 03ca4a509e1b0e59005a731f54eb9481 C:\WINDOWS\Downloaded Program Files\ecmldr32.dll MD5: 0cf3dfb03f62d8b3794e86f0c8b2237e C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll MD5: ca74a39806ecd04fd412eabcb70473c9 C:\WINDOWS\Downloaded Program Files\navapi32.dll MD5: 251753abdc8ce1b9fcb0a9a860768fd4 C:\WINDOWS\Downloaded Program Files\naveng32.dll MD5: 87d36ec240af391aa830ba5caa3f28a9 C:\WINDOWS\Downloaded Program Files\navex32a.dll MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: d9021b7c1d765851774fd9a753aec435 C:\WINDOWS\Downloaded Program Files\rufsi.dll MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe MD5: 16fded08c873555859d2c83c82f0348d C:\WINDOWS\SOUNDMAN.EXE MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 30bb1bde595ca65fd5549462080d94e5 C:\WINDOWS\system32\DRIVERS\AegisP.sys MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys MD5: 292ce6f164008e825d71c07fd0265943 C:\WINDOWS\system32\drivers\ALCXWDM.SYS MD5: d5541f0afb767e85fc412fc609d96a74 C:\WINDOWS\system32\DRIVERS\avgntflt.sys MD5: 7d967a682d4694df7fa57d63a2db01fe C:\WINDOWS\system32\DRIVERS\avipbb.sys MD5: 271cfd1a989209b1964e24d969552bf7 C:\WINDOWS\system32\DRIVERS\avkmgr.sys MD5: cfc4cc73c903152a23e1db28eaba1f03 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys MD5: 3a74c423cf6bcca6982715878f450a3b C:\WINDOWS\system32\DRIVERS\gagp30kx.sys MD5: 5faba4775d4c61e55ec669d643ffc71f C:\WINDOWS\system32\DRIVERS\HPZid412.sys MD5: a3c43980ee1f1beac778b44ea65dbdd4 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys MD5: 2906949bd4e206f2bb0dd1896ce9f66f C:\WINDOWS\system32\DRIVERS\HPZius12.sys MD5: 65e794e86468b61f2bc79abc48bc4433 C:\WINDOWS\system32\drivers\mbam.sys MD5: 0db7527db188c7d967a37bb51bbf3963 C:\WINDOWS\system32\drivers\mbamswissarmy.sys MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 47c16c6c710b99f2d1cbfb0a3b24d1e8 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys MD5: 8dcda7ddbd68971e7833ffdc31f63b07 C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys MD5: d24dfd16a1e2a76034df5aa18125c35d C:\WINDOWS\system32\DRIVERS\psi_mf.sys MD5: f7bb4e7a7c02ab4a2672937e124e306e C:\WINDOWS\System32\Drivers\PxHelp20.sys MD5: 604567bf6f9742f6c69730dbc87227b3 C:\WINDOWS\system32\DRIVERS\RecAgent.sys MD5: 5c45add6599137e5499ac9c4a11854cb C:\WINDOWS\system32\DRIVERS\slntamr.sys MD5: ec437c138e5a6c53b2605fbcb77f2845 C:\WINDOWS\system32\DRIVERS\Slnthal.sys MD5: 03ec63e1de00d7efa51997ddd208ca2b C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys MD5: e78c98378a071ce4d48a7c514fa98fa1 C:\WINDOWS\system32\DRIVERS\snapman.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: d352fff2a623b916c08ceacbfc8b5c32 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys MD5: 64694b2a5c772e1c61feac300ed90ca6 C:\WINDOWS\system32\DRIVERS\timntr.sys MD5: fa9e00bdaa1ad155a60bfd42f8ec9d44 C:\WINDOWS\system32\DRIVERS\vtmini.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: 901c43516504cbe582e4c4193e00876a C:\WINDOWS\system32\HPZipm12.exe MD5: 2030af1f7504a82e31c892d14be55d6f C:\WINDOWS\system32\hpzlnt10.dll MD5: d573deb87cb2df4e5116d2a4e284eab4 C:\WINDOWS\system32\ieframe.dll MD5: ff5dc0e7b0fb876523751bc39b0ffc9f C:\WINDOWS\system32\iepeers.dll MD5: 0579cc3b95edd1ce664a35e016f3dd58 C:\WINDOWS\system32\iertutil.dll MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 2ed65cf5725fcd0dfd40f87782ae37d5 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll MD5: 2a2c442f00b45e01d4c882eea69a01bc C:\WINDOWS\system32\MFC100ENU.DLL MD5: f3de10aabd5c7a1a186c9966f037d0c0 C:\WINDOWS\system32\mfc100u.dll MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.dll MD5: 7473fecbcc12090389df7c60191ec09f C:\WINDOWS\system32\msfeeds.dll MD5: df3c3ca94cbc9de07ac3eb49440a8d45 C:\WINDOWS\system32\mshtml.dll MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll MD5: 2f4781f84c92e8c4b1586e47a78e8a61 C:\WINDOWS\system32\npDeployJava1.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: 92904f159fe06dcb773703276d8db36b C:\WINDOWS\system32\relog_ap.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: 8ab072e905c3d04fe5efa5647e4c9620 C:\WINDOWS\system32\slserv.exe MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL MD5: 9371862d37e8f0af21e4dea95e867c39 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: de083f2a3af1432986c099984944b069 C:\WINDOWS\system32\VTDisply.dll MD5: 3d6c1afe343790244271f7f4ee60cb9c C:\WINDOWS\system32\VTGamma2.dll MD5: ebeca3851d107df38b23098a5d349a01 C:\WINDOWS\system32\VTInfo2.dll MD5: acf54d829f66c5d473e7b132857d99ee C:\WINDOWS\system32\VTOvrlay.dll MD5: 09c57a991d09a148dac582fe212573a1 C:\WINDOWS\system32\VTTimer.exe MD5: b7401a1c424e0836d7846e42548946b4 C:\WINDOWS\system32\VTTrayp.exe MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll MD5: ff1c14bca1a797ce45dd359fa2c9eda8 C:\WINDOWS\system32\WININET.dll MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll No file uploaded. Scan finished - communication took 0 sec Total traffic - 0.01 MB sent, 0.77 KB recvd Scanned 582 files and modules - 89 seconds ============================================================================== RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 09/24/2012 18:27:18 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\MEMSWEEP2 (\??\C:\WINDOWS\system32\10.tmp) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xF7C7F604) SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xF7C7F5BE) SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xF7C7F60E) SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xF7C7F5B4) SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xF7C7F5C3) SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xF7C7F5CD) SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xF7C7F5FF) SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xF7C7F5D2) SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xF7C7F5A0) SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xF7C7F5A5) SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xF7C7F627) SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xF7C7F5DC) SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xF7C7F618) SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xF7C7F5D7) SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xF7C7F613) SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xF7C7F61D) SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xF7C7F5C8) SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xF7C7F622) SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xF7C7F5AF) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C7F636) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C7F63B) _INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0x80597E78) _INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xF7C7F618) _INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x805318D6) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950212A +++++ --- User --- [MBR] 1e230136024a2e57d8ea6cceab681d57 [bSP] 94c7d9cc66e75925930cbad5105bb3b3 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 25940 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 53139454 | Size: 20794 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Farbar Service Scanner Version: 19-09-2012 Ran by Owner (administrator) on 24-09-2012 at 18:39:31 Running from "C:\Documents and Settings\Owner\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= AegisP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x080000000400000001000000020000000300000005000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** I hope I have done as instructed. Thanks in advance