Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes antimalware flagging malicious attack


  • Please log in to reply
1 reply to this topic

#1 mtr18103

mtr18103

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ny
  • Local time:07:56 PM

Posted 02 February 2010 - 06:05 PM

Hello,

I just purchased Malwarebytes anti-malware today. I have been running the free version for years. I needed the realtime protection since my daughter got a trojan and I had to re-install windows.

Thank for the great software guys.

One question. Realtime protection is now on for Malwarebytes and it flaggs a malicious attempt every once in a while. I have performed full scans by Malwarebytes.
Avast free
Bitdefender online scanner.

I have Malwarebytes realtime protection on and Avast realtime protection enabled. Again nothing is being flagged but the IP blocks are causing me concern.

Full scans by all 3 say my system is clean. I do not notice any issues. I just have Malwarebytes flagging addresses. Is this something to worry about? How can I find what file or process is trying to get to the IP address.

The IP addresses from the logs are

15:16:33 IP-BLOCK 209.44.97.131
15:16:46 IP-BLOCK 84.16.236.126
15:16:46 IP-BLOCK 209.44.97.138
15:16:47 IP-BLOCK 84.16.228.204
15:16:47 IP-BLOCK 209.44.97.162
15:16:47 IP-BLOCK 209.44.97.166
17:14:43 IP-BLOCK 209.44.97.131

Then I had none for a few hours. Any suggestions?

Thanks again,


Below is my hijack log from dds.scr


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 17:58:40.59 on Tue 02/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2726 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Zipped\AntiVirusStuff\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/My%20Documents/WebPages/new%20web%20page/Wormhole.htm
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
mRun: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.midhudsonmls.com/XMLSearch/XMLCache.CAB
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231270131390
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211505830671
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {AAB58191-AFBE-4366-93FD-1E45F7C97FA0} - hxxp://maps.bushnellgps.com/BushnellNew/FileDownloader2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.33.7/ttinst.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {16664848-0E00-11D2-8059-000000000000} - No File
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\ar1nih88.default\
FF - prefs.js: browser.startup.homepage - file:///C:/My%20Documents/WebPages/new%20web%20page/Wormhole.htm
FF - plugin: c:\documents and settings\mike\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\mike\application data\vuzestream\netscapeplugin1.0.2.9\npVuzeStream.dll
FF - plugin: c:\documents and settings\mike\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-30 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-9 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-9 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-2 236368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-1-7 16128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-2 19160]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2004-2-20 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2004-2-20 545088]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2007-8-25 11596]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-8-12 1522176]
S2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-10-29 10240]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-7 615344]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-7 615344]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-1-30 583640]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [2008-3-27 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [2008-3-27 28544]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional home 2009.sp4\RpcAgentSrv.exe [2010-1-6 99176]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-3 5120]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2007-8-25 19232]
S4 iWinGamesInstaller;iWinGamesInstaller;c:\documents and settings\mike\desktop\lisa\iwin games\iWinGamesInstaller.exe [2008-8-13 78104]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-02-02 07:39:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 07:39:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 07:39:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 17:00:36 0 d-----w- c:\program files\Microsoft Games
2010-01-31 23:46:09 0 d-----w- c:\program files\City Interactive
2010-01-31 22:26:08 0 d-----w- c:\program files\Wings of POWER II WWII FIGHTERSwings
2010-01-30 16:15:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-30 16:06:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 16:04:25 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-30 16:04:11 0 d-----w- c:\program files\Lavasoft
2010-01-30 12:25:49 0 d-----w- c:\docume~1\mike\applic~1\Registry Mechanic
2010-01-30 12:01:00 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-01-30 12:01:00 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-01-30 12:01:00 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-01-30 12:00:59 0 d-----w- c:\program files\common files\PC Tools
2010-01-29 21:01:03 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-01-29 20:55:36 0 d-----w- c:\docume~1\mike\applic~1\Symantec
2010-01-29 20:48:58 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-01-29 20:48:41 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys
2010-01-29 20:48:38 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2010-01-29 20:48:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-01-29 20:48:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-01-29 20:48:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-29 20:48:27 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-29 20:48:27 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-29 20:48:14 0 d-----w- c:\program files\Norton Ghost
2010-01-29 20:48:14 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Symantec
2010-01-29 20:48:14 0 d-----w- c:\docume~1\alluse~1.win\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-01-29 03:25:43 0 d-----w- c:\program files\IObit
2010-01-28 16:14:11 0 d-----w- c:\program files\PopCap Games
2010-01-27 23:01:36 0 d-----w- c:\docume~1\alluse~1.win\applic~1\WOP
2010-01-27 14:25:44 0 d-----w- c:\docume~1\mike\applic~1\Hoyle
2010-01-27 14:15:53 0 d-----w- c:\docume~1\mike\applic~1\Hoyle FaceCreator
2010-01-27 14:15:52 0 d-----w- c:\docume~1\mike\applic~1\Hoyle Puzzle and Board Games
2010-01-27 14:15:12 0 d-----w- c:\program files\common files\Datalode
2010-01-23 22:42:52 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-01-22 21:28:56 0 d-----w- c:\docume~1\alluse~1.win\applic~1\2DBoy
2010-01-21 16:39:24 38 ----a-w- c:\windows\AviSplitter.INI
2010-01-21 12:41:54 0 d-----w- c:\docume~1\mike\applic~1\CoreCodec
2010-01-21 12:41:41 0 d-----w- c:\program files\Haali
2010-01-21 12:41:39 0 d-----w- c:\program files\CoreCodec
2010-01-18 20:12:15 86016 ----a-w- c:\windows\unvise32.exe
2010-01-17 23:22:09 0 d-----w- c:\program files\Raxco
2010-01-16 13:05:32 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-01-16 13:05:25 0 d-----w- c:\program files\common files\Pinnacle
2010-01-16 13:04:41 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Pinnacle Studio Ultimate Collection
2010-01-16 13:00:38 0 d-----w- c:\program files\common files\Pegasus Imaging
2010-01-16 13:00:36 0 d-----w- c:\program files\Pinnacle
2010-01-16 13:00:36 0 d-----w- c:\program files\common files\Yahoo!
2010-01-16 13:00:36 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Studio 14
2010-01-16 13:00:36 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Pinnacle Studio Plus
2010-01-13 03:15:04 0 d-----w- c:\docume~1\mike\applic~1\TS3Client
2010-01-13 03:14:11 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-01-12 13:44:04 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 02:56:11 0 d-----w- c:\windows\system32\XPSViewer
2010-01-07 02:49:23 0 d-----w- c:\program files\SiSoftware
2010-01-05 01:49:52 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-01-05 01:49:52 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-01-05 01:49:52 156910 ----a-w- c:\windows\WMSysPr8.prx
2010-01-05 01:49:51 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-01-05 01:49:51 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2010-01-05 01:49:51 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-01-05 01:48:28 0 d-----w- c:\program files\coolpro2
2010-01-04 03:47:10 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-04 03:47:10 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-04 03:47:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-04 03:46:56 0 d-----w- c:\windows\Logs

==================== Find3M ====================

2010-02-02 22:29:47 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-02 22:29:38 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-29 21:01:15 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-01-29 21:01:15 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-01-29 21:01:07 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-01 21:41:04 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-30 14:17:31 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-29 05:46:19 2828 --sha-w- c:\docume~1\alluse~1.win\applic~1\KGyGaAvL.sys
2009-12-29 05:45:40 88 --sh--r- c:\docume~1\alluse~1.win\applic~1\9C9B66885E.sys
2009-12-09 20:23:38 556678 ----a-w- C:\BdUninstallTool2009.12.09-03.22.32.reg
2009-12-09 20:02:23 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-11 00:36:54 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-11 00:36:54 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-11 00:36:53 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-11-09 19:55:34 34499 ----a-w- c:\windows\system32\unins000.dat
2009-11-09 19:55:19 707682 ----a-w- c:\windows\system32\unins000.exe
2005-03-26 04:13:02 575 ----a-w- c:\program files\ServUStartUpLog.txt
2003-10-22 06:41:15 434 ----a-w- c:\program files\ttts.reg
2003-10-22 06:21:52 796 ----a-w- c:\program files\LamestBot.chan
2003-10-22 06:21:52 323 ----a-w- c:\program files\LamestBot.user
2003-10-22 05:10:44 0 ----a-w- c:\program files\LamestBot.notes
2003-10-22 05:08:55 24 ----a-w- c:\program files\RunOnce.bat
2003-10-22 04:52:49 52676 ----a-w- c:\program files\eggdrop.conf
2003-05-05 02:03:30 25159 ----a-w- c:\program files\README
2003-05-05 01:36:40 6179 ----a-w- c:\program files\install.win32.html
2003-04-11 04:00:10 94208 ----a-w- c:\program files\SvcAdmin.dll
2003-03-20 08:21:54 636416 ----a-w- c:\program files\tcl84.dll
2003-03-18 20:21:58 971080 ----a-w- c:\program files\cygwin1.dll
2003-02-11 14:25:50 171 ----a-w- c:\program files\resolv.conf
2002-10-26 19:47:54 7374 ----a-w- c:\program files\stats.conf
2001-06-15 01:49:24 3365 ----a-w- c:\program files\gseen.conf
2001-02-15 01:12:08 1194 ----a-w- c:\program files\botnetop.conf
1998-04-27 05:00:00 570128 ----a-w- c:\program files\common files\DAO350.DLL
2008-05-06 23:30:13 88 --sh--r- c:\windows\system32\187BB94ACC.sys

============= FINISH: 17:59:11.79 ===============


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:56 PM

Posted 09 February 2010 - 06:44 PM

hi mtr18103,

Your log is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users