SuperAnti also includes cookies in it's scan checks, so not sure if the majority of what it found were those. I would like to check those logs though.
For Malwarebytes just click the Logs tab, and copy/paste the contents of that log with the infection activities back here. For SUPERAntiSpyware, click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Those tips for SUPERAntiSpyware's log may be a little outdated.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Here's the MalwareBytes log:
Malwarebytes' Anti-Malware 1.44
Database version: 3601
Windows 6.1.7100
Internet Explorer 8.0.7100.0
1/19/2010 9:13:27 PM
mbam-log-2010-01-19 (21-13-27).txt
Scan type: Full Scan (C:\|)
Objects scanned: 175844
Time elapsed: 27 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
The SuperAntiSpyware log will be posted after this one.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/24/2010 at 02:23 PM
Application Version : 4.28.1010
Core Rules Database Version : 4512
Trace Rules Database Version: 2324
Scan type : Complete Scan
Total Scan Time : 00:26:00
Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 6819
Registry threats detected : 0
File items scanned : 31515
File threats detected : 33
Adware.Tracking Cookie
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@atdmt[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@ads.pointroll[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@zedo[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@pointroll[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@doubleclick[3].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\fra nk@doubleclick[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@a1.interclick[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@ad.wsod[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@ad.yieldmanager[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@adecn[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@ads.bridgetrack[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@ads.pointroll[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@advertising[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@apmebf[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@at.atwola[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@atdmt[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@casalemedia[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@content.yieldmanager[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@content.yieldmanager[3].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@doubleclick[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@fastclick[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@interclick[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@kanoodle[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@media.adrevolver[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@mediaplex[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@msnbc.112.2o7[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@msnportal.112.2o7[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@pointroll[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@questionmarket[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@revsci[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@tacoda[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@trafficmp[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low \frank@tribalfusion[2].txt
Malwarebytes looks to have mistaken some old SDFix files as malicious, and SuperAnti only located harmless cookies. So not seeing any active infection here so far. Let's check with a scan for the possible unseen items. I am not 100% that Gmer will work with Windows 7, but as you have the 32 bit install let's check that. In of itself it is not a change maker, so any issues that might come from running it should correct after a reboot.
Be sure to right click - Run as administrator any of the scan files we use here.
Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.
Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-06 22:01:42
Windows 6.1.7100
Running: m08d8uo8.exe; Driver: C:\Users\Frank\AppData\Local\Temp\uglcypog.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A182D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A17898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A301A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A84549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA46B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 97D60C9D 28 Bytes [04, F3, FF, F7, AE, 49, 7C, ...]
.text peauth.sys 97D60CC1 28 Bytes [04, F3, FF, F7, AE, 49, 7C, ...]
PAGE peauth.sys 97D66E20 2 Bytes [09, FA] {OR EDX, EDI}
PAGE peauth.sys 97D66E2B 90 Bytes [21, E1, 2E, 2E, 6F, 87, C9, ...]
PAGE peauth.sys 97D6702C 102 Bytes [90, 8B, 81, 5C, 2E, 01, 69, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9ACAD000 667 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 522C 9ACAD29C 74 Bytes [01, 00, 51, 51, 8B, CC, 6A, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5681 9ACAD6F1 71 Bytes [6A, 0C, 68, 58, 74, CA, 9A, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 56C9 9ACAD739 74 Bytes [00, 33, C9, 84, C0, 0F, 94, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5714 9ACAD784 483 Bytes [AB, 6A, 10, AB, 58, 2B, C1, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2468] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2468] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75604A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}\Connection@Name isatap.{690FC854-121C-4BD0-8F68-BDF26D7629DD}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2BA23813-240D-4F97-B8F3-F0DD588C2268}\Linkage@Bind \Device\{AFB87D18-C0C4-425B-B15D-D97D533C4E6D}?\Device\{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}?\Device\{146ED65A-B43B-47D1-9E49-BB4BDD0336D5}?\Device\{DB717FB1-27F6-4930-B043-BEA0F3A38155}?\Device\{F9A2CE49-0787-4DA4-899D-78DAD32B71D8}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2BA23813-240D-4F97-B8F3-F0DD588C2268}\Linkage@Route "{AFB87D18-C0C4-425B-B15D-D97D533C4E6D}"?"{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}"?"{146ED65A-B43B-47D1-9E49-BB4BDD0336D5}"?"{DB717FB1-27F6-4930-B043-BEA0F3A38155}"?"{F9A2CE49-0787-4DA4-899D-78DAD32B71D8}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2BA23813-240D-4F97-B8F3-F0DD588C2268}\Linkage@Export \Device\TCPIP6TUNNEL_{AFB87D18-C0C4-425B-B15D-D97D533C4E6D}?\Device\TCPIP6TUNNEL_{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}?\Device\TCPIP6TUNNEL_{146ED65A-B43B-47D1-9E49-BB4BDD0336D5}?\Device\TCPIP6TUNNEL_{DB717FB1-27F6-4930-B043-BEA0F3A38155}?\Device\TCPIP6TUNNEL_{F9A2CE49-0787-4DA4-899D-78DAD32B71D8}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\I satap\{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}@InterfaceName isatap.{690FC854-121C-4BD0-8F68-BDF26D7629DD}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\I satap\{B017FCD0-BF2D-4593-8C5D-9BF5A5D01682}@ReusableType 0
---- EOF - GMER 1.0.15 ----
Here you go.
Not clear on some of those items. I will need to research them a little, and will post back tomorrow as time permits.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Just not seeing a clear function or file that suggests active malware in these views, and those scans you have run also locate nothing. These freezes are just when you use high cpu-use programs, like games? Also, for the redirects, what occurs that tells you it is a redirect issue please?
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Regarding redirects, I believe there was spyware on my computer for sure that just overtook Firefox. I had to immediately run an anti-malware scan to get rid of it. That and I also deleted all the cookies, history, temporary files, everything stored in Mozilla Firefox to give it a fresh start of browsing experience. Usually it might freeze during a video or just randomly even if I'm not using high-CPU usage.
Not looking like malware. Maybe you can tie an event log entry to these problems.
Click on the Start button and type Event Viewer in the Start Search box. Event Viewer will appear at the top of the Menu. Right click on it and choose "Run as Administrator".
Look through those events and see if you can locate some related to the problems. I do not have the steps for 7 to create a log, but will post the steps for earlier Windows versions you can use as a guideline to create a log.
Double-clicking on each Error/Warning in the log. In the upper corner of that display is an icon (a sorta double file icon) you can click to copy the information to your clipboard, then open a Notepad text and Paste the information, and repeat that to develop a log to post back here for review.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
If I can get my computer to work, I'll do that. Haha.
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Forumregeln
Mit Zitat antworten