sgbrown68

Members
  • Content count

    25
  • Joined

  • Last visited

About sgbrown68

  • Rank
    New Member
  1. everything's working very well. ran several mwarbytes scans and no more problems. am setting up a paypal account to leave you a tip. many thanks for all of your assistance!
  2. Status: Disinfected (events: 6) 1/17/2013 8:49:10 PM Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3 High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVc.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVe.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVd.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVa.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVb.class High Status: Deleted (events: 2) 1/17/2013 8:50:08 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\61d70074-68001ee9 High 1/17/2013 8:50:14 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\28\3682889c-79afcfb3 High
  3. well, good news, i was able to run another quick scan successfully after reboot. perhaps the problem was the windows just needed to be updated, but we'll see what happens going forward. at any rate, i'd be grateful for any feedback you may have and i'll run a few more scans periodically throughout the day -- i usually do at least one full mwarebytes scan per day. i'll let you know if i run into any further irregularities. i deeply appreciate all of your assistance in this matter. best, s
  4. fyi, the sfc.exe resulted in my having to update windows (several updates, actually). once that was done, i rebooted and ran the fss, posted above, then i ran a quick scan on mwarebytes and it completed successfully. i'll now reboot again and see if it will complete another one successfully.
  5. Farbar Service Scanner Version: 16-01-2013 Ran by Steve (administrator) on 17-01-2013 at 11:30:18 Running from "C:\Documents and Settings\Steve\My Documents\Downloads" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys [2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629 C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll [2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39 C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll [2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038 C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll [2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\system32\services.exe [2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  6. went here: http://www.bleepingcomputer.com/forums/topic43051.html and am now running sfc.exe. will run fss and paste log in next reply.
  7. i'm afraid i can't do that, as i'm running windows xp, not windows 7. if there's a way to do that using windows xp, please provide detailed instructions. thanks.
  8. ok, just rebooted and ran a reg quick scan. same thing happened, got the "encountered error/needs to close" message. any ideas?
  9. for what it's worth, i just ran a regular mwarebytes quick scan and it completed successfully. nothing found. i'm wondering what will happen if i reboot and try it again. will let you know shortly.
  10. ok, just for the heck of it, i ran mwarbytes chameleon. the dos box popped up and started doing it's thing. after a few minutes, got the "encountered error/needs to close box". i clicked "don't send" when it asked if i wanted to send a report. then chameleon opened up regular mwarbytes to do a quick scan. this one was completed successfully, so i don't know what that means. at any rate, here's the FSS log: Farbar Service Scanner Version: 16-01-2013 Ran by Steve (administrator) on 17-01-2013 at 09:53:03 Running from "C:\Documents and Settings\Steve\My Documents\Downloads" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys [2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629 C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll [2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39 C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll [2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038 C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll [2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\system32\services.exe [2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  11. ok, just did that. ran mbam-clean, installed malwarebytes -- no joy. exact same problem as in first post. please advise further. thanks.
  12. below is the most recent eset log.txt. just as an fyi, if this does turn out to be a false positive, i'm still having the issue with malwarebytes not completing the scan as mentioned in the first post. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=424daba597ff2b46a958a63bd8f59bb5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-16 10:26:13 # local_time=2013-01-16 05:26:13 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=40403 # found=2 # cleaned=2 # scan_time=1147 C:\Documents and Settings\Steve\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 2503638237A9469DCB691D06A5701C55C66644D3 C C:\Documents and Settings\Steve\My Documents\Downloads\MIRCSDM.exe a variant of Win32/SweetIM.C application (cleaned by deleting - quarantined) C798A07E7128C5421D5A594F59D10CB48647243D C # version=8 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=424daba597ff2b46a958a63bd8f59bb5 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-17 02:12:45 # local_time=2013-01-17 09:12:45 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=38688 # found=0 # cleaned=0 # scan_time=1198
  13. progman.exe URL: https://www.virustotal.com/file/d3445c943437ccc1c7762a68fec331a74e679e954c9ba5843d7cc02a23d829ee/analysis/1358428486/ proquota.exe URL: https://www.virustotal.com/file/8d1f9867e180184d6dead0cbef88de1ca739c2066f4648eb808a3301ac4c613b/analysis/1358428630/ proxycfg.exe URL: https://www.virustotal.com/file/7fd2eab9b4976edb7eea3eea4fec51527d4a37af6f8b909ef4bdfbd84cc8eb72/analysis/1358428744/ tftp.exe URL: https://www.virustotal.com/file/932fc000899ad207bc8657c9ec3a699dc6d2019618e85d942094b652e5c504f7/analysis/1358428828/