Jump to content

Inter16

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I'll take a look at those today, its my day off so plenty of time to get it done. Thanks again, I really appreciate your help. Inter16
  2. Hi, Here is the scan results after the update. Thanks, Inter16 Malwarebytes' Anti-Malware 1.44 Database version: 3689 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/5/2010 3:04:47 AM mbam-log-2010-02-05 (03-04-47).txt Scan type: Full Scan (C:\|) Objects scanned: 160562 Time elapsed: 42 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Hi, A few weeks ago I noticed after using a search engine that the links I cliked on would send me to random sites. I pulled up my virus scanner (AVG 9.0) and tried to scan, and nothing happened. I scheduled some scans, but when the time came to scan it would just reset to the next time it was suppose to scan and wouldn't actually scan the computer. Today I got on and the AVG security component picked up a file named "clb32.dll". As soon as I moved it to the virus vault my scanner kicked in and started working again. The next problem came over a 2 hour period when I put the same file, clb32.dll, in the virus vault over 350 times (no I am not exaggerating). During that time a friend recommended I use MBAM and check out the forums for any additional help. I just finished up the scan a little bit ago and the MBAM worked picking up alot of stuff and deleted it all. Now the virus scanner works, search engines work, I even notice my computer is running better and I'm not deleting clb32 every 10-15 seconds anymore. I feel like I am out of the woods now, but just want a 2nd opinion before relaxing completly. Below are the results of the big scan by MBAM that cleared out alot of junk. Any advice or help would be greatly appreciated. Thanks in advance, Inter16 Malwarebytes' Anti-Malware 1.44 Database version: 3683 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/3/2010 11:20:28 PM mbam-log-2010-02-03 (23-20-28).txt Scan type: Full Scan (C:\|) Objects scanned: 160378 Time elapsed: 43 minute(s), 31 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 15 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 13 Memory Processes Infected: C:\Documents and Settings\Inter16\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\System32\clb32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\3B.tmp (Trojan.Tracur) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\e68001a4741 (Trojan.Tracur) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\clb32.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\clb32.dll -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\System32\clb32.dll (Trojan.Tracur) -> Delete on reboot. C:\WINDOWS\system32\3B.tmp (Trojan.Tracur) -> Delete on reboot. C:\Documents and Settings\Inter16\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\Inter16\Local Settings\Temp\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Inter16\Local Settings\Temp\33.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Inter16\Local Settings\Temp\37.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.