Jump to content

adleisia

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by adleisia

  1. Merged post I apparently have a nasty virus on my work computer. I've been having problems with it since getting this "new" computer, and our IT guy at work (who is less of an IT guy and more of an engineer) seems to only be making the problem worse. His solution is to block yahoomail and gmail. I ran the Kapersky TDSS killer a few days ago, and it found 6 viruses but is now finding nothing. I also ran the free scan through PC Tools Spyware Doctor, and it found a plethora of issues that none of the virus protection my company uses can find, but since this is my work computer and not my home computer I can't exactly pay for a year subscription to get rid of it. But through the Spyware Doctor scan, it found that there are 2 Rootkit.Mentil infections and a scarily high number (almost 2000) of tracking & spyware from those infections. I didn't realize there was a still a problem with my computer until I started doing a google search, and whatever website I chose would take me to a random search engine that is clearly a virus. Okay I'm currently using Windows Essentials, and I do have MBAM, as well as Advanced SystemCare 5. WE, ASC, and MBAM haven't found any of the things that Spyware-Doctor did. Here is my latest report from MBAM Quick Scan: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 copy1 :: COPYONE [administrator] 3/22/2012 12:15:17 PM mbam-log-2012-03-22 (12-15-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239940 Time elapsed: 8 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is my DDS scan: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by copy1 at 14:04:48 on 2012-03-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2020.778 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\IProsetMonitor.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\WOTraffic\WOTraffic.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\iMediaTouch\Production\MTP.exe C:\Program Files\iMediaTouch\Production\OMTdb2x.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM mRun: [JobHisInit] c:\program files\rmclient\JobHisInit.exe mRun: [MplSetUp] c:\program files\rmclient\MplSetUp.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [iSTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [cfgbin] c:\documents and settings\all users\cfgbin.exe dRun: [dplaysvr] %APPDATA%\dplaysvr.exe dRun: [synclogon] c:\documents and settings\all users\Synclogon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316813974765 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab TCP: Interfaces\{DF5ED57E-36B1-43C5-B666-A1A3551000E6} : NameServer = 192.168.2.3,4.2.2.2,192.168.4.3 TCP: Interfaces\{F5320189-CCE8-4D64-970B-4DAD31BC3330} : DhcpNameServer = 10.1.10.1 Notify: igfxcui - igfxdev.dll Hosts: 94.63.147.17 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-22 331880] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-22 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-22 909728] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl8970073a;MpKsl8970073a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b048488f-42e0-4708-914f-5f353f482b54}\MpKsl8970073a.sys [2012-3-22 29904] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-20 185560] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-9 913752] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-22 550864] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-26 132768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-22 402336] R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-22 1117624] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-9-23 2656280] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-22 56840] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-23 1691480] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [2011-9-23 174248] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-9-23 45056] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336] . =============== Created Last 30 ================ . 2012-03-22 14:54:31 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b048488f-42e0-4708-914f-5f353f482b54}\MpKsl8970073a.sys 2012-03-22 14:54:14 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b048488f-42e0-4708-914f-5f353f482b54}\offreg.dll 2012-03-22 14:47:29 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b048488f-42e0-4708-914f-5f353f482b54}\mpengine.dll 2012-03-22 13:45:40 -------- d-----w- c:\documents and settings\copy1\local settings\application data\Google 2012-03-22 13:44:53 767952 ----a-w- c:\windows\BDTSupport.dll 2012-03-22 13:44:53 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2012-03-22 13:44:52 2250704 ----a-w- c:\windows\PCTBDCore.dll 2012-03-22 13:44:52 1681360 ----a-w- c:\windows\PCTBDRes.dll 2012-03-22 13:44:52 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-03-22 13:44:15 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2012-03-22 13:44:15 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys 2012-03-22 13:44:14 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-03-22 13:44:11 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2012-03-22 13:44:11 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-03-22 13:44:10 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2012-03-22 13:44:04 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-03-22 13:43:58 -------- d-----w- c:\program files\PC Tools 2012-03-22 13:26:48 -------- d-----w- c:\documents and settings\copy1\local settings\application data\Threat Expert 2012-03-20 21:35:45 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-03-20 21:35:42 -------- d-----w- c:\program files\common files\PC Tools 2012-03-20 21:35:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2012-03-20 21:35:06 -------- d-----w- c:\documents and settings\copy1\application data\TestApp 2012-03-20 21:28:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-19 16:20:45 602112 ----a-w- c:\windows\system32\SET1B6.tmp 2012-03-19 16:20:45 55296 ----a-w- c:\windows\system32\SET1B5.tmp 2012-03-19 16:20:45 105984 ----a-w- c:\windows\system32\SET1B0.tmp 2012-03-19 16:20:44 916992 ----a-w- c:\windows\system32\SET1AE.tmp 2012-03-19 16:20:44 247808 ------w- c:\program files\internet explorer\SET1C0.tmp 2012-03-19 16:20:44 2000384 ----a-w- c:\windows\system32\SET1BA.tmp 2012-03-19 16:20:44 12800 ------w- c:\program files\internet explorer\SET1BF.tmp 2012-03-19 16:20:43 184320 ----a-w- c:\windows\system32\SET1BB.tmp 2012-03-19 16:20:43 1212416 ----a-w- c:\windows\system32\SET1AF.tmp 2012-03-19 16:20:42 5979136 ----a-w- c:\windows\system32\SET1B4.tmp 2012-03-19 16:19:57 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-03-19 16:19:57 3072 ------w- c:\windows\system32\iacenc.dll 2012-03-19 16:19:10 726528 ----a-w- c:\windows\system32\SET1A6.tmp 2012-03-19 16:18:34 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-03-13 18:51:02 -------- d-----w- c:\documents and settings\copy1\application data\webex 2012-03-13 17:58:48 366 ----a-w- C:\cc_20120313_135847.reg 2012-03-13 17:56:46 366 ----a-w- C:\cc_20120313_135644.reg 2012-03-13 17:50:04 366 ----a-w- C:\cc_20120313_135002.reg 2012-03-09 16:16:52 2284 ----a-w- C:\cc_20120309_111650.reg 2012-03-09 14:51:54 -------- d-----w- c:\windows\system32\winrm 2012-03-09 14:51:54 -------- d-----w- c:\windows\system32\GroupPolicy 2012-03-09 14:51:47 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2012-03-09 14:50:21 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-03-09 14:37:08 -------- d-----w- c:\documents and settings\all users\application data\IObit 2012-03-09 14:37:00 -------- d-----w- c:\documents and settings\copy1\application data\IObit 2012-03-09 14:36:52 -------- d-----w- c:\program files\IObit 2012-03-08 18:45:36 2433024 ------w- c:\windows\UNNMP.exe 2012-03-08 18:43:14 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2012-03-08 18:43:13 364544 ------w- c:\windows\system32\TwnLib4.dll 2012-03-08 18:43:12 476320 ------w- c:\windows\system32\ImagXpr7.dll 2012-03-08 18:43:12 471040 ------w- c:\windows\system32\ImagXRA7.dll 2012-03-08 18:43:12 262144 ------w- c:\windows\system32\ImagXR7.dll 2012-03-08 18:43:12 1568768 ------w- c:\windows\system32\ImagX7.dll 2012-03-08 18:43:10 38912 ------w- c:\windows\system32\picn20.dll 2012-03-08 18:43:04 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2012-03-08 18:41:43 6994 ----a-w- C:\cc_20120308_134142.reg 2012-03-08 18:41:30 65472 ----a-w- C:\cc_20120308_134128.reg 2012-03-08 17:59:49 -------- d-----w- c:\windows\pss 2012-03-08 17:56:10 684 ----a-w- C:\cc_20120308_125609.reg 2012-03-08 17:51:37 366 ----a-w- C:\cc_20120308_125135.reg 2012-03-08 15:42:40 332 ----a-w- C:\cc_20120308_104238.reg 2012-03-08 15:42:21 10818 ----a-w- C:\cc_20120308_104219.reg 2012-03-08 15:33:50 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-03-08 15:33:50 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2012-03-16 12:40:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-02-01 19:14:14 1170 ----a-w- C:\cc_20120201_141410.reg 2012-02-01 19:13:54 225580 ----a-w- C:\cc_20120201_141346.reg 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-26 19:32:38 8413 ----a-w- c:\windows\system32\drivers\osaio.sys 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 14:05:21.03 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.