Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus and possibly others


  • This topic is locked This topic is locked
7 replies to this topic

#1 dirt54

dirt54

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 18 November 2010 - 11:21 PM

Redirects from web searches when clicked on. Browser opens a new window with websites just out of the blue. Can't fix or find the problem. Guess I don't know what I'm doing so any help to fix this computer is very much appreciated. Thank you


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2010 11:58:53 AM
System Uptime: 11/18/2010 7:03:41 PM (0 hours ago)

Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon™ 64 Processor 3800+ | CPU 1 | 2410/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 229 GiB total, 213.315 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.378 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/27/2010 1:26:19 PM - System Checkpoint
RP2: 9/27/2010 1:35:39 PM - Installed Microsoft Fix it 50389
RP3: 9/27/2010 1:50:23 PM - Installed Windows XP Service Pack 3.
RP4: 9/27/2010 2:37:50 PM - Software Distribution Service 3.0
RP5: 9/27/2010 2:58:22 PM - Software Distribution Service 3.0
RP6: 9/27/2010 3:28:49 PM - Software Distribution Service 3.0
RP7: 9/27/2010 3:51:25 PM - Software Distribution Service 3.0
RP8: 9/27/2010 4:20:59 PM - Software Distribution Service 3.0
RP9: 9/27/2010 4:47:23 PM - CA Internet Security Suite
RP10: 9/29/2010 6:42:59 PM - System Checkpoint
RP11: 10/3/2010 8:38:42 PM - System Checkpoint
RP12: 10/4/2010 10:21:35 PM - System Checkpoint
RP13: 10/5/2010 2:50:42 PM - Installed Java™ 6 Update 21
RP14: 10/6/2010 3:01:29 PM - System Checkpoint
RP15: 10/9/2010 3:59:15 PM - System Checkpoint
RP16: 10/10/2010 4:34:03 PM - System Checkpoint
RP17: 10/12/2010 7:43:40 PM - System Checkpoint
RP18: 10/15/2010 1:25:58 PM - System Checkpoint
RP19: 10/17/2010 10:52:59 AM - System Checkpoint
RP20: 10/18/2010 11:37:50 AM - System Checkpoint
RP21: 10/19/2010 12:41:23 PM - System Checkpoint
RP22: 10/20/2010 1:24:04 PM - System Checkpoint
RP23: 10/21/2010 1:29:19 PM - System Checkpoint
RP24: 10/24/2010 9:47:08 AM - System Checkpoint
RP25: 10/27/2010 1:00:27 PM - System Checkpoint
RP26: 10/28/2010 1:39:04 PM - System Checkpoint
RP27: 10/29/2010 1:47:15 PM - System Checkpoint
RP28: 10/30/2010 3:14:24 PM - System Checkpoint
RP29: 10/31/2010 10:17:57 PM - System Checkpoint
RP30: 11/2/2010 8:12:10 AM - System Checkpoint
RP31: 11/3/2010 10:31:37 AM - System Checkpoint
RP32: 11/4/2010 11:16:29 AM - System Checkpoint
RP33: 11/5/2010 11:54:07 AM - System Checkpoint
RP34: 11/7/2010 8:11:29 PM - System Checkpoint
RP35: 11/8/2010 9:22:59 PM - System Checkpoint
RP36: 11/9/2010 10:21:59 PM - System Checkpoint
RP37: 11/11/2010 12:52:32 PM - Restore Operation
RP38: 11/12/2010 12:54:42 PM - System Checkpoint
RP39: 11/12/2010 9:36:21 PM - Cleaned registry with Windows Live OneCare safety scanner
RP40: 11/13/2010 9:43:38 PM - System Checkpoint
RP41: 11/14/2010 10:55:37 PM - System Checkpoint
RP42: 11/16/2010 12:55:31 PM - System Checkpoint
RP43: 11/17/2010 1:12:59 PM - System Checkpoint
RP44: 11/18/2010 2:12:59 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AMRT
Athlon 64 Processor Driver
CA Anti-Virus Plus
CA Internet Security Suite
Comcast Universal Installer v1.2
Digital Media Reader
DIGOpt
DIGReqEx
DVD Solution
Final Media Player 2010
Full Tilt Poker.Net
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSN
MSN Messenger 6.1
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
My.Freeze.com NetAssistant
Napster
Napster Burn Engine
NVIDIA Drivers
Power2Go 4.0
PowerDVD
PriceGong 2.1.0
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop to Win 2
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Media Center Edition 2005 KB925766
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/18/2010 6:25:13 PM, error: Service Control Manager [7034] - The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).
11/15/2010 9:06:26 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016176030DB. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/15/2010 9:03:15 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
11/15/2010 9:03:15 PM, error: Dhcp [1002] - The IP address lease 192.168.100.29 for the Network Card with network address 0016176030DB has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/15/2010 8:56:51 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2A1834F5-67D0-433E-8BEC-AC402E5DB833} because another computer on the network has the same name. The server could not start.
11/12/2010 11:08:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
11/12/2010 11:01:53 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 11:01:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TfFsMon TfSysMon TosIde ultra viaagp ViaIde
11/12/2010 10:06:44 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/11/2010 12:46:57 PM, error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting.
11/11/2010 12:21:28 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/11/2010 12:21:23 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
11/11/2010 12:18:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/11/2010 12:17:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
11/11/2010 12:17:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/2010 11:29:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips KmxAgent KmxStart

==== End Of File ===========================

Attached Files


Edited by dirt54, 19 November 2010 - 11:16 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:59 AM

Posted 21 November 2010 - 11:43 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dirt54

dirt54
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 21 November 2010 - 07:49 PM

Ok I thank you for your help. The file is to big to send so I guess I'll try to send as much as I can in however many responses it requires.

ComboFix 10-11-21.01 - Owner 11/21/2010 16:18:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.626 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005105_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005182_.tmp.dll

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

#4 dirt54

dirt54
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 21 November 2010 - 07:52 PM

#2

((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-21 23:59 . 2010-11-21 23:59 -------- d-----w- c:\documents and settings\Owner\Application Data\SampleView
2010-11-13 05:49 . 2010-11-13 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-13 05:49 . 2010-11-13 07:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-13 05:48 . 2010-11-13 05:49 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-11-11 20:53 . 2010-11-11 20:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 19:28 . 2010-11-11 19:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-11 19:28 . 2010-11-11 19:28 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-11-11 03:37 . 2010-11-13 04:21 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-27 03:27 . 2010-10-27 04:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FullTiltPoker.NET
2010-10-27 03:26 . 2010-10-29 04:17 -------- d-----w- c:\program files\Full Tilt Poker.Net

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 19:41 . 2010-09-27 23:47 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-10-28 19:41 . 2010-09-27 23:47 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-10-05 21:50 . 2010-10-05 21:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-05 21:50 . 2010-10-05 21:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-25_23.25.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-01-09 16:59 . 2004-08-10 19:00 54784 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2005-01-09 16:59 . 2006-03-15 12:00 54784 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2005-01-09 23:49 . 2006-03-15 12:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
- 2005-01-09 23:49 . 2004-08-10 19:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2009-10-03 01:23 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2010-09-27 22:26 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2005-01-09 23:49 . 2006-03-15 12:00 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
- 2005-01-09 23:49 . 2004-08-10 19:00 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
.dll

#5 dirt54

dirt54
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 21 November 2010 - 07:57 PM

ok cant find where I left off on that file it looks completely different. Is there anyway to send it to you in one file or whatever?

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:59 AM

Posted 21 November 2010 - 11:40 PM

Please zip it up and attach it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 dirt54

dirt54
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 22 November 2010 - 01:07 AM

I don't know how to do that. After running combo fix it has stopped doing what it was doing. If you can tell me how to zip it up I will do that. It says it is 844 kb. Sorry I'm not very educated in this stuff and realize dealing with people like me are frustrating to those of you who do know what you're doing. I really appreciate your help and patience.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:59 AM

Posted 22 November 2010 - 08:38 AM

I don't find it at all frustrating, so don't worry, it's good to impart a little know;edge and help you learn.

to zip up a file > right click on the file > a menu opens > scroll down to "send to" > another menu should open and you should see and option to send the file to "compressed (zipped) folder" > click on that and Windows will create a new zipped folder on your desktop which contains the file

Now attach it to your next reply

to attach a file to your reply:

Under the reply window you will see "Attachments" > Use the browse button to browse to the zipped folder you made on your desktop

now press the "Attach this file" button

That's it > now press "add reply"

Edited by CatByte, 22 November 2010 - 08:39 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users