Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer infected


  • Please log in to reply
44 replies to this topic

#1 grassy

grassy

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 03 May 2009 - 06:57 PM

Well i have opened an email that was sent to me by an unknown sender and problems have occured since.
1 unable to open Internet explorer
2 unable to open malwarebytes anti malware
3 unable to open super antis free edition
4 have run c cleaner and adaware se personal
i might add that as soon as i opened the email pop ups started to occur of gambling sites. The only way i can speak with anyone online about this problem is through an email that was sent to me months ago asking for a password recovery. Lucky i saved it. Its also telling me that my avg connection failed and some components are not working. Any help on this mess would be most apreciated.I am using windows xp home edition. Regards Grassy

Edited by grassy, 03 May 2009 - 09:07 PM.

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 03 May 2009 - 07:02 PM

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.

~ Courtesy of boopme

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please include the following in your reply:
MBAM log

#3 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 03 May 2009 - 08:42 PM

malarebytes is installed but cant open to perform a scan.i have opened the folder in program files and cannot find the "mbam.exe". the only files i have are "mbam", mbam-dor, mbamgui, mbamdll,mbamextdll,mbamservice. There is no mbamexe to right click on. Am i missing something. Regards grassy

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#4 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 03 May 2009 - 11:26 PM

have tried changing te file names and it dosn"t seem to work unless i am missing something. :thumbsup:

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#5 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 04 May 2009 - 12:17 AM

I cant seem to post a scanned log file as this malware is not allowing me to copy and paste or drag the saved log file into the reply window.

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#6 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 04 May 2009 - 02:11 AM

Have finally managed to open mbam and performed a scan and came up with an mbam log file results, but still cannot copy and paste due to the malware and trojans still hanging around. I must admit at least now i can get back on the web again through internet explorer. Still have to go into program files to get the anti-virus to run.I am running another full scan again just to see if there were anything missed. Computer still not running well though, anyways back to the drawing board.

Edited by grassy, 04 May 2009 - 02:13 AM.

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#7 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 04 May 2009 - 04:32 PM

You cant copy and paste? Thats something I've never seen before :thumbsup:

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


#8 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 04 May 2009 - 06:45 PM

I'm just looking into why i cant copy and paste, i also cant restore the computer to an earlier period. Just give me an hour and i'll do as you ask. Regards grassy :thumbsup:

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#9 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 04 May 2009 - 11:14 PM

here is the log, i have had to use cnt c and cnt v to post as i still cant copy and pasteSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/05/2009 at 12:49 PM

Application Version : 4.26.1002

Core Rules Database Version : 3877
Trace Rules Database Version: 1825

Scan type : Complete Scan
Total Scan Time : 01:17:36

Memory items scanned : 234
Memory threats detected : 0
Registry items scanned : 9397
Registry threats detected : 5
File items scanned : 88809
File threats detected : 3

Rogue.Component/Trace
HKLM\Software\Microsoft\6C3571E5
HKLM\Software\Microsoft\6C3571E5#6c3571e5
HKLM\Software\Microsoft\6C3571E5#red_srv
HKLM\Software\Microsoft\6C3571E5#red_srv_bckp
HKLM\Software\Microsoft\6C3571E5#Version

Trojan.Dropper/Gen-MediaPHP
C:\DOCUMENTS AND SETTINGS\ALAN\LOCAL SETTINGS\TEMPOLD\MEDIA.PHP

Trojan.Agent/Gen-Proto
C:\DOCUMENTS AND SETTINGS\ALL USERS\PROTO.DLL

Application.PowerReg Scheduler
C:\WINDOWS\PSS\POWERREG SCHEDULER V3.EXESTARTUP

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#10 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 05 May 2009 - 03:31 AM

keep getting an error when i start up windows or reboot and it reads: ERROR LOADING c\programfiles\commonfiles\paretologic\uus.dll
The specified module could not be found
And also iget the message:ERROR LOADING c\documents and settings\allusers\proto.dll
the specified module could not be found. Any help would be great Thanks

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#11 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 05 May 2009 - 04:40 PM

Those errors may be related to pieces of malware that were set to run at startup but were removed by SAS or MBAM. Now could you post your earlier MBAM log and also do a quick scan with MBAM and post that log too.

#12 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 05 May 2009 - 06:12 PM

here are all my mbam scans in order there should be a total of 4Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/05/2009 4:39:17 PM
mbam-log-2009-05-04 (16-39-17).txt

Scan type: Quick Scan
Objects scanned: 77842
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 22
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2eeb637-a4a5-4bbb-8c0c-96af821110c2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcethj0ea4n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shccthj0ea4n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcethj0ea4n (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvd32_r (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c48cf79e-298f-4c04-8cbb-88517f3d00a7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c48cf79e-298f-4c04-8cbb-88517f3d00a7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c48cf79e-298f-4c04-8cbb-88517f3d00a7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.25,85.255.112.165 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\rhcethj0ea4n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Application Data\shccthj0ea4n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Alan\Application Data\unobi.dll (Trojan.Agent) -> Delete on reboot.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-4-2-69-100018007-100017161-100029404-1476.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM6f0650f7.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM6f0650f7.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#13 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 05 May 2009 - 06:13 PM

heres the 2ndMalwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/05/2009 5:25:05 PM
mbam-log-2009-05-04 (17-25-05).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 182360
Time elapsed: 38 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvd32_r (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#14 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 05 May 2009 - 06:15 PM

heres the 3rdMalwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/05/2009 9:25:20 PM
mbam-log-2009-05-04 (21-25-20).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 182693
Time elapsed: 27 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....


#15 grassy

grassy
  • Topic Starter

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tannum Sands
  • Local time:01:24 AM

Posted 05 May 2009 - 06:16 PM

heres the last one that i didMalwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/05/2009 5:40:16 PM
mbam-log-2009-05-05 (17-40-16).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 183338
Time elapsed: 29 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MY SYSTEM, IN-WIN 909 SILVER CASE, INTEL 3960X PROCESSOR,CORSAIR DOMINATOR 2133 RAM,RAMPAGE 4 EXTREME BLACK EDITION MOTHERBOARD, NVIDIA GTX980ti GRAPHICS CARD,,EK 980TI WATERBLOCK
CORSAIR FORCE SERIES GS 360GIG SSD,SANDISK EXTREME 480GIG SSD,SAMSUNG 180 GIG SSD,,BITSPOWER FITTINGS
2 B&W MM1 COMPUTER SPEAKERS,DELL U3011/30 INCH MONITOR,HEATKILLER PRO4 CPU WATERBLOCK,CORSAIR AX1200 POWER SUPPLY....





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users