I hope these are falseies [Archive] - Safer-Networking Forums

View Full Version : I hope these are falseies

normanishmael

2008-07-21, 22:24

Hello this afternoon my Spy-Bot produced the below log:
I did nothing to clear the entries and I havr clear scans from
SuperAntiSpyware,A-Squared Free and Malwarebytes Antimalware.

If these are real,I am in a world of hurt.

21.07.2008 14:57:12 - ##### check started #####
21.07.2008 14:57:12 - ### Version: 1.6.0
21.07.2008 14:57:12 - ### Date: 7/21/2008 2:57:12 PM
21.07.2008 14:57:13 - ##### checking bots #####
21.07.2008 14:57:20 - found: Sgrunt User settings
21.07.2008 14:57:23 - found: Bestsearch.Scvhost User settings
21.07.2008 14:57:23 - found: Bestsearch.Scvhost User settings
21.07.2008 14:57:23 - found: Bestsearch.Scvhost Settings
21.07.2008 14:57:23 - found: Bestsearch.Scvhost Settings
21.07.2008 14:57:25 - found: CoolWWWSearch Domain settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:26 - found: CoolWWWSearch.BadZoneMap Settings
21.07.2008 14:57:28 - found: CoolWWWSearch.Googlems User settings
21.07.2008 14:57:32 - found: CoolWWWSearch.WinRes Trusted Site
21.07.2008 14:57:35 - found: TNS-Search User settings
21.07.2008 14:57:35 - found: TNS-Search User settings
21.07.2008 14:57:35 - found: TNS-Search User settings
21.07.2008 14:57:35 - found: TNS-Search User settings
21.07.2008 14:57:35 - found: TNS-Search User settings
21.07.2008 14:57:41 - found: ABetterInternet Settings
21.07.2008 14:57:47 - found: MediaMotor User settings
21.07.2008 14:57:47 - found: MediaMotor User settings
21.07.2008 14:57:47 - found: MediaMotor User settings
21.07.2008 14:58:04 - found: Smitfraud-C. Settings
21.07.2008 14:58:05 - found: Smitfraud-C. User settings
21.07.2008 14:58:05 - found: Smitfraud-C. User settings
21.07.2008 14:58:05 - found: Smitfraud-C. User settings
21.07.2008 14:58:05 - found: Smitfraud-C. User settings
21.07.2008 14:58:05 - found: Smitfraud-C. User settings
21.07.2008 14:58:55 - found: 180Solutions.SearchAssistant Settings
21.07.2008 14:59:31 - found: XPreload User settings
21.07.2008 15:01:29 - ##### checking usage tracking #####
21.07.2008 15:01:29 - found: Common Dialogs History 25 files
21.07.2008 15:01:29 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
21.07.2008 15:01:29 - found: Log Activity: imsins.log imsins.log
21.07.2008 15:01:29 - found: Log Install: comsetup.log comsetup.log
21.07.2008 15:01:29 - found: Log Install: ocgen.log ocgen.log
21.07.2008 15:01:29 - found: Log Install: setupapi.log setupapi.log
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\mofcomp.log System32\wbem\logs\mofcomp.log
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\wbemcore.log System32\wbem\logs\wbemcore.log
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\wbemess.lo_ System32\wbem\logs\wbemess.lo_
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\wmiadap.log System32\wbem\logs\wmiadap.log
21.07.2008 15:01:29 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log
21.07.2008 15:01:29 - found: Internet Explorer Typed URL list 1 files
21.07.2008 15:01:29 - found: Internet Explorer Download directory
21.07.2008 15:01:29 - found: Internet Explorer User agent
21.07.2008 15:01:29 - found: Internet Explorer User agent
21.07.2008 15:01:29 - found: Internet Explorer User agent
21.07.2008 15:01:29 - found: Internet Explorer User agent
21.07.2008 15:01:29 - found: MS Management Console Recent command list 2 files
21.07.2008 15:01:29 - found: MS Media Player Client ID

21.07.2008 15:01:29 - found: MS Media Player Client ID
21.07.2008 15:01:29 - found: MS Media Player Client ID
21.07.2008 15:01:29 - found: MS Media Player Client ID
21.07.2008 15:01:29 - found: MS DirectDraw Most recent application
21.07.2008 15:01:29 - found: MS Search Assistant Typed search terms history
21.07.2008 15:01:29 - found: MS Windows Backup 5.0 Last created backup set
21.07.2008 15:01:29 - found: MS Wordpad Recent file list 4 files
21.07.2008 15:01:29 - found: RealOne Player 2 (aka RealPlayer 6.0) Last login time
21.07.2008 15:01:29 - found: RealOne Player 2 (aka RealPlayer 6.0) Last open file directory
21.07.2008 15:01:29 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #1
21.07.2008 15:01:30 - found: Windows Drivers installation paths
21.07.2008 15:01:30 - found: Windows.OpenWith Open with list - .BMP extension 4 files
21.07.2008 15:01:30 - found: Windows.OpenWith Open with list - .CHM extension 2 files
21.07.2008 15:01:30 - found: Windows.OpenWith Open with list - .CSS extension 2 files
21.07.2008 15:01:30 - found: Windows.OpenWith Open with list - .CSV extension 4 files
21.07.2008 15:01:30 - found: Windows Explorer Recent wallpaper list 501 files
21.07.2008 15:01:30 - found: Windows Explorer Run history 2 files
21.07.2008 15:01:30 - found: Windows Explorer Run history 2 files
21.07.2008 15:01:30 - found: Windows Explorer Stream history 24 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history IE 1 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history IE 1 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history IE 11 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history IE 1 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history files 1 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history files 17 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history files 556 files
21.07.2008 15:01:30 - found: Windows Explorer User Assistant history files 1 files
21.07.2008 15:01:30 - found: Windows Explorer Last visited history 2 files
21.07.2008 15:01:30 - found: Windows Explorer Last visited history 2 files
21.07.2008 15:01:30 - found: Windows Explorer Last visited history 7 files
21.07.2008 15:01:30 - found: Windows Explorer Last visited history 2 files
21.07.2008 15:01:30 - found: Windows Explorer Recent file global history
21.07.2008 15:01:30 - found: Windows Media SDK Computer name
21.07.2008 15:01:30 - found: Windows Media SDK Computer name
21.07.2008 15:01:30 - found: Windows Media SDK Computer name
21.07.2008 15:01:30 - found: Windows Media SDK Unique ID
21.07.2008 15:01:30 - found: Windows Media SDK Unique ID
21.07.2008 15:01:30 - found: Windows Media SDK Unique ID
21.07.2008 15:01:30 - found: Windows Media SDK Volume serial number
21.07.2008 15:01:30 - found: Windows Media SDK Volume serial number
21.07.2008 15:01:30 - found: Windows Media SDK Volume serial number
21.07.2008 15:01:30 - found: Cache Cache (198)
21.07.2008 15:01:30 - found: History History (51)
21.07.2008 15:01:30 - found: Cookie Cookie (23)
21.07.2008 15:01:30 - ##### check finished #####

Windows Xp Pro Sp3 Firefox3 default IE7 once in a while
Thank you for all assistance#

md usa spybot fan

2008-07-21, 23:33

normanishmael:

Please note:

By default here are two (2) Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log file has the details of what the scan found.

The log you posted is only a summary and does not contain the details of the actual objects that were detected.

normanishmael

2008-07-21, 23:42

Sorry,here is the other log:

--- Report generated: 2008-07-21 15:54 ---

Hint of the Day: Click the bar at the right of this to see more information! ()

Sgrunt: [SBI $3CCEFC93] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\*

Bestsearch.Scvhost: [SBI $C936DB5F] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestsearch.cc\*

Bestsearch.Scvhost: [SBI $A1937CB2] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dapsol.com\*

Bestsearch.Scvhost: [SBI $16B05BC6] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestsearch.cc\*

Bestsearch.Scvhost: [SBI $11250B79] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dapsol.com\*

CoolWWWSearch: [SBI $66DFB7CF] Domain settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.com\*

CoolWWWSearch.BadZoneMap: [SBI $42756596] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com\*

CoolWWWSearch.BadZoneMap: [SBI $6421293D] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com\*

CoolWWWSearch.BadZoneMap: [SBI $EB72BC32] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com\*

CoolWWWSearch.BadZoneMap: [SBI $BC9E9BDB] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*

CoolWWWSearch.BadZoneMap: [SBI $3385780A] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com\*

CoolWWWSearch.BadZoneMap: [SBI $EA76D9DE] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*

CoolWWWSearch.BadZoneMap: [SBI $FD0D89B2] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*

CoolWWWSearch.BadZoneMap: [SBI $86A99B8E] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*

CoolWWWSearch.BadZoneMap: [SBI $A93E645B] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com\*

CoolWWWSearch.BadZoneMap: [SBI $241008D4] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com\*

CoolWWWSearch.Googlems: [SBI $A78D704A] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com\*

CoolWWWSearch.WinRes: [SBI $0A5F6636] Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*

TNS-Search: [SBI $72866050] User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*

TNS-Search: [SBI $1DDCA26E] User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*

TNS-Search: [SBI $C40B1F3A] User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*

TNS-Search: [SBI $773AA8AE] User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com\*

TNS-Search: [SBI $2E9C5653] User settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com\*

ABetterInternet: [SBI $CE49D3F7] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\*

MediaMotor: [SBI $830F8E68] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elitemediagroup.net\*

MediaMotor: [SBI $66D54986] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*

MediaMotor: [SBI $00D5F257] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com\*

Smitfraud-C.: [SBI $543C0AE6] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*

Smitfraud-C.: [SBI $9405B5A7] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*

Smitfraud-C.: [SBI $B9B0F07E] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*

Smitfraud-C.: [SBI $47760D99] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*

Smitfraud-C.: [SBI $62314A5F] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*

Smitfraud-C.: [SBI $6BD0A5E2] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-854245398-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080702) ---

2008-07-03 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-07-03 SDFiles.exe (1.6.0.4)
2008-07-03 SDMain.exe (1.0.0.6)
2008-07-03 SDShred.exe (1.0.2.3)
2008-07-03 SDUpdate.exe (1.6.0.8)
2008-07-03 SDWinSec.exe (1.0.0.12)
2008-07-03 SpybotSD.exe (1.6.0.28)
2008-07-03 TeaTimer.exe (1.6.0.19)
2008-07-03 unins000.exe (51.49.0.0)
2008-07-03 Update.exe (1.6.0.7)
2008-07-03 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-03 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-03 Tools.dll (2.1.5.7)
2008-07-15 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-11 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-15 Includes\Keyloggers.sbi (*)
2008-07-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-16 Includes\Malware.sbi (*)
2008-07-16 Includes\MalwareC.sbi (*)
2008-07-15 Includes\PUPS.sbi (*)
2008-07-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-11 Includes\Spyware.sbi (*)
2008-07-15 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-07-15 Includes\Trojans.sbi (*)
2008-07-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

thanks

normanishmael

2008-07-22, 04:41

OK,thanks guys you can close my thread. So far I have ran scans with A-Squared free,Malwarbytes Anti-Malware,SuperAntiSpyWare,Rogue Remover,Ad-Aware,ESET online scan,and Avira Anti-Vir.
All come back clean.
I know SpyBot is good,(well cute and quirky),but I also know these other programs are not so bad as
to fail to confirm at least one of the multitude of hits on the SpyBot scan.
That is the sort of infection level you would expect from six months of unprotected surfing on Mongolian Snuff-Porn sites.
My machine is clean,and I knew it was even when SpyBot was putting out all that Jazz.
I just wondered what would cause the normally well mannered SpyBot to suddenly start acting
a fool.
I just dont wonder enough to keep checking this thread.
thanks