Member Avatar for aidine.rivera

I downloaded Malwarebytes Anti-Malware. I ran a scan and this is what I got back. Can someone help please? :)

Malwarebytes' Anti-Malware 1.44
Database version: 3569
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2010 1:01:57 PM
mbam-log-2010-01-15 (13-01-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 237765
Time elapsed: 58 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 13
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winsts (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5b24b16-23f2-41ad-f4e4-00abc39c0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP1\A0000043.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP1\A0000044.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP1\A0000046.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP1\A0000047.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000165.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000166.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000167.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000169.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000170.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000173.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP10\A0000174.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000178.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000179.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000180.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000183.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000190.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000192.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP11\A0000193.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP15\A0000225.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP18\A0000286.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP18\A0000287.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP18\A0000289.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP18\A0000290.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP18\A0000293.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0000068.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP34\A0003402.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP34\A0003405.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP34\A0003406.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP6\A0000131.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP6\A0000132.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP6\A0000133.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000136.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000137.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000138.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000139.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000140.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP7\A0000141.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000147.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000148.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000149.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000151.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000152.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000153.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000155.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000156.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000158.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000160.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000161.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP9\A0000162.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wincert.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Madelyn Padilla\Local Settings\Application Data\jmiidh\cckfsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Madelyn Padilla\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\curslib.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

  • 2 Contributors
  • 2 Replies
  • 152 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by jholland1964

Recommended Answers

All 2 Replies

Member Avatar for aidine.rivera

I click to go on a website (i.e. if I perform the search function in google) and then I'll get redirected to some random website. Then sometimes I"ll get this fake website that resembles my documents saying that my computer is infected, etc.

Member Avatar for jholland1964

Hi, welcome to daniweb.
We also need to see a log created by scanning with HiJackThis

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.