virus/malware

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: virus/malware

Post by sarah1215 on 5th August 2009, 11:53 pm

i ran mbam again and here is the log

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00C0D52.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00EF2E1.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00c0d52 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a284.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f127b7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f44f726.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F1A284.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F44F726.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F127B7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\19.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\4.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C0D52.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0098149.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00EF2E1.dat (Trojan.Agent) -> Delete on reboot.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 6th August 2009, 3:35 pm

Re-run Combofix and post a new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 3:57 pm

ComboFix 09-07-31.04 - sarah g 08/06/2009 11:41.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1533 [GMT -4:00]
Running from: c:\documents and settings\sarah g.SARAH.000\Desktop\Combo-fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649C.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649O.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649P.manifest
c:\documents and settings\sarah g.SARAH.000\Application Data\02000000ec975e43649S.manifest
c:\documents and settings\sarah g.SARAH.000\My Documents\winlogon.exe
c:\windows\GnuHashes.ini
c:\windows\system32\__c0015940.dat
c:\windows\system32\__c00F6660.dat
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\245.crack.zip
c:\windows\system32\SystemX86\245.crack.zip.kwd
c:\windows\system32\SystemX86\246.keygen.zip
c:\windows\system32\SystemX86\246.keygen.zip.kwd
c:\windows\system32\SystemX86\247.serial.zip
c:\windows\system32\SystemX86\247.serial.zip.kwd
c:\windows\system32\SystemX86\248.setup.zip
c:\windows\system32\SystemX86\248.setup.zip.kwd
c:\windows\system32\SystemX86\249.music.au
c:\windows\system32\SystemX86\249.music.au.kwd
c:\windows\system32\SystemX86\250.music2.au
c:\windows\system32\SystemX86\250.music2.au.kwd
c:\windows\system32\SystemX86\251.music3.au
c:\windows\system32\SystemX86\251.music3.au.kwd
c:\windows\system32\SystemX86\252.music.snd
c:\windows\system32\SystemX86\252.music.snd.kwd
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 15:47 . 2009-08-06 15:47 557 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-08-06 15:47 . 2009-08-06 15:47 -------- d-sh--w- c:\windows\system32\SystemX86
2009-08-06 00:12 . 2009-08-06 00:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-05 23:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 23:45 . 2009-08-05 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 23:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 22:18 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-05 22:18 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-05 22:18 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\scripting
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\en
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\l2schemas
2009-08-05 22:11 . 2009-08-05 22:11 -------- d-----w- c:\windows\system32\bits
2009-08-05 22:10 . 2009-08-05 22:10 -------- d-----w- c:\windows\ServicePackFiles
2009-08-05 22:06 . 2009-08-05 22:06 -------- d-----w- c:\windows\EHome
2009-08-04 21:52 . 2009-08-04 21:53 -------- d-----w- c:\windows\system32\NtmsData
2009-08-04 21:38 . 2009-08-04 21:38 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-30 14:15 . 2009-07-30 14:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\Pando Networks
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- C:\users
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\AIM Toolbar
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar
2009-07-30 14:14 . 2009-07-30 14:14 -------- d-----w- c:\program files\Opera
2009-07-30 01:21 . 2009-07-30 01:21 -------- d--h--r- c:\documents and settings\sarah g.SARAH.000\Application Data\SecuROM
2009-07-30 01:00 . 2009-07-30 01:00 10134 ----a-r- c:\documents and settings\sarah g.SARAH.000\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-30 01:00 . 2009-07-30 00:28 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-30 01:00 . 2009-07-30 01:00 -------- d-----w- c:\program files\Microsoft WSE
2009-07-30 00:57 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-07-30 00:57 . 2009-07-30 00:57 -------- d-----w- c:\windows\Logs
2009-07-29 23:48 . 2009-07-29 23:48 -------- d-----w- c:\program files\ESET
2009-07-29 23:21 . 2009-07-29 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-07-29 23:20 . 2009-07-30 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-07-29 22:29 . 2009-08-01 01:49 -------- d-----w- c:\documents and settings\sarah g.SARAH.000\Application Data\SUPERAntiSpyware.com
2009-07-29 21:09 . 2009-07-29 21:09 -------- d-----w- C:\ProgramData
2009-07-29 21:09 . 2009-07-29 21:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-07-29 21:08 . 2009-07-30 00:46 -------- d-----w- c:\program files\Electronic Arts
2009-07-29 19:53 . 2009-07-29 19:53 120320 ----a-w- c:\windows\system32\icardie32.dll
2009-07-28 14:35 . 2009-07-28 14:35 4096 ----a-w- c:\windows\d3dx.dat
2009-07-28 14:35 . 2009-07-30 14:08 -------- d-----w- c:\program files\Kudos Demo
2009-07-13 19:30 . 2009-08-04 21:26 -------- d-----w- c:\program files\Transparent Windows

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 15:47 . 2009-08-06 15:47 518144 --sha-w- c:\windows\system32\3.tmp
2009-08-06 14:03 . 2009-08-06 12:06 117 ----a-w- c:\documents and settings\sarah g.SARAH.000\udpcrawl.tmp
2009-08-06 12:06 . 2009-08-06 12:06 518144 --sha-w- c:\windows\system32\1E.tmp
2009-08-06 10:57 . 2009-08-06 10:57 0 ----a-w- c:\windows\system32\4.tmp
2009-08-06 00:42 . 2008-09-27 16:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-05 22:13 . 2008-05-16 18:00 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-01 01:55 . 2008-05-15 15:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 01:49 . 2008-05-15 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-30 14:16 . 2008-05-17 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-07-30 14:14 . 2009-06-27 14:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-30 14:14 . 2009-06-09 13:38 -------- d-----w- c:\program files\Safari
2009-07-30 14:14 . 2008-05-17 22:55 -------- d-----w- c:\program files\AIM6
2009-07-30 14:14 . 2009-06-09 13:38 -------- d-----w- c:\program files\Bonjour
2009-07-30 14:10 . 2009-06-27 13:41 -------- d-----w- c:\program files\RegGenie
2009-07-30 01:07 . 2009-07-29 23:24 1328 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-30 00:46 . 2008-05-10 03:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 00:11 . 2008-05-15 15:58 -------- d-----w- c:\program files\LabelCommand
2009-07-29 22:49 . 2008-05-22 13:55 12720 ----a-w- c:\documents and settings\sarah g.SARAH.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 20:45 . 2008-07-29 22:42 -------- d-----w- c:\program files\SIM Edit Tool
2009-06-29 16:12 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 14:44 . 2009-06-27 14:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-27 14:43 . 2009-06-27 14:43 152576 ----a-w- c:\documents and settings\sarah g.SARAH.000\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-27 14:39 . 2009-06-27 14:40 38208 ----a-w- c:\documents and settings\sarah g.SARAH.000\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-21 21:14 . 2008-05-10 03:02 -------- d-----w- c:\program files\Java
2009-06-19 14:05 . 2009-06-19 14:05 -------- d-----w- c:\documents and settings\john\Application Data\Apple Computer
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 20:50 . 2008-11-17 15:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-06-09 13:38 . 2009-06-09 13:38 12736 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-09 13:38 . 2008-08-07 22:28 -------- d-----w- c:\documents and settings\sarah g.SARAH.000\Application Data\Apple Computer
2009-06-05 21:43 . 2009-06-05 21:43 69632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-08-04 21:41 . 2009-06-27 13:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:03 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-18 00:37 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-09-18 00:37 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2008-05-17 10:37 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\twain_32.dll
+ 2009-08-06 15:47 . 2009-08-06 15:47 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2008-05-16 17:57 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
- 2008-05-16 17:57 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\xmlprovi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 30720 c:\windows\system32\xcopy.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\system32\wtsapi32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\system32\wstdecod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\wship6.dll
+ 2004-08-04 10:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\system32\wscntfy.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 32256 c:\windows\system32\wpabaln.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpcore.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 92672 c:\windows\system32\wlnotify.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 53760 c:\windows\system32\winsta.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17408 c:\windows\system32\winshfhc.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 99328 c:\windows\system32\winscard.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\winrnr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 75776 c:\windows\system32\wiascr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
- 2004-08-04 10:00 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
- 2004-08-04 00:56 . 2004-08-04 07:56 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-04 10:00 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest.dll
- 2004-08-04 10:00 . 2006-03-24 04:37 49152 c:\windows\system32\wdigest.dll

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:04 pm

- 2008-05-16 17:57 . 2004-08-04 10:00 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 18944 c:\windows\system32\wbem\wbemprox.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 86528 c:\windows\system32\wbem\stdprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2008-05-16 17:57 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 47104 c:\windows\system32\wbem\ncprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
- 2008-05-16 17:57 . 2004-08-04 10:00 16384 c:\windows\system32\wbem\mofcomp.exe
- 2008-05-16 17:57 . 2004-08-04 10:00 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2008-05-16 17:57 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-08-04 10:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 10:00 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 10:00 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\system32\w3ssl.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\version.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
- 2006-03-17 00:38 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2006-03-17 00:38 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\system32\vdmdbg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 30749 c:\windows\system32\vbajet32.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\usmt\log.dll
+ 2004-08-04 10:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2008-09-18 00:37 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2008-05-16 10:54 . 2004-08-04 07:56 74240 c:\windows\system32\usbui.dll
+ 2008-05-16 10:54 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\usbmon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 18432 c:\windows\system32\ups.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 13824 c:\windows\system32\uniplat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 74240 c:\windows\system32\unimdmat.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2007-11-13 11:31 . 2008-04-14 00:12 60416 c:\windows\system32\tzchange.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 12168 c:\windows\system32\tsddd.dll
+ 2004-08-04 10:00 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
- 2008-05-16 17:57 . 2004-08-04 10:00 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
+ 2004-08-04 10:00 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\system32\tracert.exe
- 2004-08-04 10:00 . 2005-05-10 23:45 75776 c:\windows\system32\telnet.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\telnet.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\system32\tcpmonui.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 45568 c:\windows\system32\tcpmon.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\system32\tcpmib.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 57856 c:\windows\system32\synceng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\svchost.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
- 2008-05-16 10:53 . 2004-08-04 00:56 74752 c:\windows\system32\storprop.dll

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:06 pm

+ 2008-05-16 10:53 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2009-08-06 00:12 . 1996-01-12 21:00 24576 c:\windows\system32\STKIT432.DLL
- 2004-08-04 10:00 . 2004-08-04 10:00 14848 c:\windows\system32\stimon.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2008-05-16 17:57 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 14336 c:\windows\system32\ssstars.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\ssmyst.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 47104 c:\windows\system32\ssmypics.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
- 2004-08-04 10:00 . 2004-08-04 10:00 20992 c:\windows\system32\ssmarque.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 34816 c:\windows\system32\ssdpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\ssbezier.scr
+ 2004-08-04 10:00 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
- 2004-08-04 10:00 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
+ 2008-05-16 17:58 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
- 2008-05-16 17:58 . 2004-08-04 10:00 67584 c:\windows\system32\srclient.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
- 2004-08-04 10:00 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2004-08-04 10:00 . 2008-04-14 12:42 11264 c:\windows\system32\spnpinst.exe
+ 2008-11-13 05:53 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2008-11-13 05:53 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\snmpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50688 c:\windows\system32\smss.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 89600 c:\windows\system32\smlogsvc.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-09-18 00:38 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 98304 c:\windows\system32\slbiop.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25088 c:\windows\system32\slayerxp.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 26112 c:\windows\system32\skeys.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 70144 c:\windows\system32\sigverif.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\system32\sigtab.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\system32\shutdown.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 27648 c:\windows\system32\shscrap.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 77824 c:\windows\system32\shrpubw.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
+ 2004-08-04 10:00 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 68096 c:\windows\system32\shgina.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 25088 c:\windows\system32\shfolder.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
+ 2008-09-18 00:38 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:13 pm

i will be here all day posting it! it is pages and pages long? is there an easier way? i dont know why it is so long. that is only some of it that i posted.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:55 pm

[You must be registered and logged in to see this link.]
MD5: 75EC90CCCA16BD75EA5C05293316523D

here is a link to it

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 4:57 pm

it seems to be running ok now. im not getting anymore pop ups. i will know for sure if i am on the internet a little longer to tell.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 6th August 2009, 6:29 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 7:16 pm

its driving me crazy, i am still getting ie add pop ups. i did not get the windows explorer message saying my computer is infected so thats good. but i still think the virus is there. when i do a google search, i get results to download antispyware 2009 and still get redirected to this:
[You must be registered and logged in to see this link.]

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 7:17 pm

should i wait to do that last step since the virus is still there?

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Origin on 6th August 2009, 7:39 pm

Run a Malwarebytes full scan and post the results back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 6th August 2009, 9:10 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2566
Windows 5.1.2600 Service Pack 3

8/6/2009 4:49:26 PM
mbam-log-2009-08-06 (16-49-26).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 242953
Time elapsed: 37 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\1E.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0072706.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0072706 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f7be9ec.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\1E.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\sarah g.SARAH.000\Local Settings\temp\_A00F7BE9EC.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\sarah g.SARAH.000\LOCALS~1\temp\6.tmp.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\3.tmp.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP475\A0063879.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045264.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045257.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045268.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045269.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045271.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045273.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045274.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045275.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045277.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045278.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045279.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045280.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP415\A0045281.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP420\A0045680.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP461\A0062756.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062811.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062818.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062822.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062823.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062825.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062827.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062828.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062829.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062830.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062831.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP466\A0062832.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063774.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063775.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063777.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063778.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063780.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB73696F-3811-48E4-B049-40D6F55838F7}\RP467\A0063781.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\249.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\250.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\251.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\252.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0072706.dat (Trojan.Vundo) -> Delete on reboot.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 6th August 2009, 11:33 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 7th August 2009, 12:05 am

its ok as of right now but it usually starts again when i am on the computer for awhile. i will post back and let you know. i thank you so much for all your help!

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 7th August 2009, 1:09 am

so far no crazy pop ups but the antivirus 2009 still shows up in google searches where the sponsored links are.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 7th August 2009, 10:15 am

it was doing ok till this morning when something called net scan started scanning my computer

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 7th August 2009, 6:15 pm

Rescan with Combofix AGAIN and upload the log to rapidshare


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 7th August 2009, 8:34 pm

[You must be registered and logged in to see this link.]
MD5: 90498D1A11DFF7A847FB59D376E365AC

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 7th August 2009, 11:33 pm

That looks like it should have removed it again.
You are possibly visiting a bad site, that's why it came back.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 12:44 am

but i only go on google for searches or facebook. i dont really use the computer for anything else. all the pop up ads i get are from internet explorer when i am on firefox. the other things are windows pop ups with messages saying my computer is infected trying to get me to buy stuff like the antispyware 2009.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Origin on 8th August 2009, 12:46 am

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 12:58 am

GooredFix by jpshortstuff (12.07.09)
Log created at 20:57 on 07/08/2009 (sarah g)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:29 27/06/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [14:44 27/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"myspacefftb@myspace.com"="C:\Program Files\MySpace\Toolbar\1.0.28.0_1\" []
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:14 21/06/2009]

-=E.O.F=-

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Origin on 8th August 2009, 1:00 am

I don't see any sign of infection, do the following, I want to make sure there isn't anything left:

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 1:10 am

pages do not want to load in ie. i cant even load this site. i tried to download kaspersky a few days ago but it would not download, either would avg. when i click on them it does nothing. the link works with firefox but i cant get to it in ie.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 1:14 am

ok i copied the link and pasted it, it worked. im going to try it now

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 1:38 am

i tried to run it twice in ie but i get an error saying update failed, i must be online to run it,which i am. it says error key is expired.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 11:17 am

hi, just wanted to say that i ran mbam again and after that everything seems ok now. the files in the log though i thought were deleted previously but i guess not. ie is my only problem, i keep getting pop up ads from this site:
bestscanpc.org/win/?code=934

and also pages do not load.
i appreciate all your help!

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 8th August 2009, 3:56 pm

Hello.
Lets see what's installed, a toolbar maybe causing this.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 5:58 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
AIM MusicLink 4.0.0.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Digital Line Detect
Download Updater (AOL LLC)
EA Download Manager
ESET Online Scanner v3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
Mozilla Firefox (3.0.13)
NetWaiting
OpenOffice.org Installer 1.0
Photo! Editor 1.1
PhotoScape
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SIM Edit Tool
Spybot - Search & Destroy
The Sims™ 3
Universal Caller ID
UniversalCallerID
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware

Post by Belahzur on 8th August 2009, 8:31 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 5

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus/malware

Post by sarah1215 on 8th August 2009, 8:47 pm

i feel awful to keep asking you guys for help! but the darn virus came back. its the windows pop saying im infected again, and then the antispyware 2009 starts scanning. it was running smooth this morning and then it just start happening again. its usually when i do searches on google.

sarah1215
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-07-31
OS OS : xp
Points Points : 26902
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum