Jump to content

pokerface

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by pokerface

  1. Hello, my PC is running very slow, I have done all the usual but the anti-virus program as well as malwarebytes does not seem to be recognizing any intrusion. I have ran several scans with '0' infections. I have had this happen before (about 2 years) ago and you helped me with the issue and it brought my pc performance back 100% ...it was incredible! Can you help again? What do you need me to do?
  2. Hello, my PC is running very slow, I have done all the usual to repair but my anti-virus programs as well as malwarebytes does not seem to be recognizing the intrusion. I have had this happen before (about 2 years) ago and you helped me with the issue doing several scans using several different downloads. Can you help again? What do you need me to do?
  3. I have done everything you asked, I used OT Clean and restarted my computer, I removed old versions of Java runtime Environment, I installed the new version, I deleted all what I had saved on my desk top and I set new restore points. Is there anything else? My computer is running like brand new! Very fast! You are the greatest!! Thanks again...cheers!
  4. OTL logfile created on: 6/3/2009 8:43:28 AM - Run 2 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JULIE.SCOTTY.001\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 204.54 Mb Available Physical Memory | 40.11% Memory free 1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.81% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.73 Gb Total Space | 76.84 Gb Free Space | 68.78% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCOTTY Current User Name: JULIE Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering) PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.) PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft
  5. WOW ...this seemed to work. Malwarebytes' downloaded and installed without a problem ...opened and ran a full sacn without a problem. Infected items deleted effortlessly ... WOW ...you are the greatest!!! I can't thank you enough. What is the next step? I will check back soon.
  6. Malwarebytes' Anti-Malware 1.37 Database version: 2214 Windows 5.1.2600 Service Pack 2 6/2/2009 5:30:57 PM mbam-log-2009-06-02 (17-30-57).txt Scan type: Full Scan (C:\|) Objects scanned: 287233 Time elapsed: 1 hour(s), 26 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\XML2u (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\system32\UACbrfmlwkabwjqoqq.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACpxmpxiwesiqweec.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP472\A2515082.sys (Trojan.TDSS) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP472\A2515086.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  7. I admit, this has been frustrating and I am getting help in the LOGS forum. I am not going to do anything until I am instructed to do so ...so far the advice I am receiving has been extremely helpful. I will patiently wait for the next step. Thank you so very much.
  8. I will wait for your next instructions. I have all the previous downloads and logs (Combo, OTL, GMER ...and the logs produced from running these) still saved to my desk top. When can I delete these items?
  9. Attached Combofix.log I had to compress/zip to upload. combofix.zip combofix.zip
  10. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-01 17:50:08 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 82CDD500 ZwEnumerateKey Code 82CDDCB0 ZwFlushInstructionCache Code 82CCD236 IofCallDriver Code 82CCD0D6 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82CCD23B .text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82CCD0DB PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP 82CDD504 PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 82CDDCB4 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Bonjour\mDNSResponder.exe[144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0076000A .text C:\Program Files\Bonjour\mDNSResponder.exe[144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0077000A .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A3000A .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[200] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A4000A .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[200] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Java\jre6\bin\jqs.exe[360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0073000A .text C:\Program Files\Java\jre6\bin\jqs.exe[360] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0074000A .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[456] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009E000A .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[456] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 009F000A .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0069000A .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 006A000A .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0077000A .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0079000A .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0083000A .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0087000A .text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AC000A .text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[972] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00AD000A .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1048] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 012A000A .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1048] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 012B000A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A8000A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[1228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A9000A .text C:\Program Files\Windows Live\Toolbar\wltuser.exe[1260] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E1000A .text C:\Program Files\Windows Live\Toolbar\wltuser.exe[1260] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00E2000A .text C:\WINDOWS\system32\LEXBCES.EXE[1452] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AC000A .text C:\WINDOWS\system32\LEXBCES.EXE[1452] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00AD000A .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00AD000A .text C:\Program Files\Digital Line Detect\DLG.exe[1576] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B5000A .text C:\Program Files\Digital Line Detect\DLG.exe[1576] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00B6000A .text C:\WINDOWS\system32\lexpps.exe[1584] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DF000A .text C:\WINDOWS\system32\lexpps.exe[1584] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00E0000A .text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009F000A .text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A0000A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0072000A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0073000A .text C:\Program Files\Lexmark X5100 Series\lxbabmon.exe[2020] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0097000A .text C:\Program Files\Lexmark X5100 Series\lxbabmon.exe[2020] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0098000A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2092] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C7000A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2092] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C8000A .text C:\WINDOWS\Explorer.EXE[2100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D5000A .text C:\WINDOWS\Explorer.EXE[2100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00D6000A .text C:\WINDOWS\system32\wdfmgr.exe[2164] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0062000A .text C:\WINDOWS\system32\wdfmgr.exe[2164] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0063000A .text C:\Program Files\iTunes\iTunesHelper.exe[2220] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A .text C:\Program Files\iTunes\iTunesHelper.exe[2220] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A .text C:\WINDOWS\System32\DSentry.exe[2400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AF000A .text C:\WINDOWS\System32\DSentry.exe[2400] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00B0000A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2448] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A8000A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[2448] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A9000A .text C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe[2588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AB000A .text C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe[2588] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00AD000A .text C:\WINDOWS\system32\hkcmd.exe[2632] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AA000A .text C:\WINDOWS\system32\hkcmd.exe[2632] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\igfxpers.exe[2724] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A8000A .text C:\WINDOWS\system32\igfxpers.exe[2724] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A9000A .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B7000A .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00B8000A .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00F5000A .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00FE000A .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!connect 71AB406A 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!send 71AB428A 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00FFFDA0 \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!recv 71AB615A 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[2732] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Java\jre6\bin\jusched.exe[2788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CF000A .text C:\Program Files\Java\jre6\bin\jusched.exe[2788] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00D1000A .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2920] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B9000A .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2920] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BA000A .text C:\Program Files\Canon\CAL\CALMAIN.exe[3080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0074000A .text C:\Program Files\Canon\CAL\CALMAIN.exe[3080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0075000A .text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0078000A .text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0079000A .text C:\Documents and Settings\JULIE.SCOTTY.001\Desktop\31l8f0si.exe[3716] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B3000A .text C:\Documents and Settings\JULIE.SCOTTY.001\Desktop\31l8f0si.exe[3716] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00B4000A .text C:\WINDOWS\System32\alg.exe[3832] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0073000A .text C:\WINDOWS\System32\alg.exe[3832] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0075000A ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) Device \FileSystem\Fastfat \Fat EC965C8A AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [940] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1080] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1168] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1304] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1360] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1900] 0x00B50000 Library \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2732] 0x00FF0000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\UACpxmpxiwesiqweec.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxmpxiwesiqweec.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxmpxiwesiqweec.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACbnethxbwryxviqj.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwmybxxnhvnmfoeu.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcpkoppufrrsbsmx.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrmhwuyapqhwfbso.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbrfmlwkabwjqoqq.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACvfofasctisklywi.log Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACsssmovqrsmkpxco.log Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACjehgodnwfrjlass.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACpxmpxiwesiqweec.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpxmpxiwesiqweec.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACbnethxbwryxviqj.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwmybxxnhvnmfoeu.dat Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcpkoppufrrsbsmx.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrmhwuyapqhwfbso.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbrfmlwkabwjqoqq.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACshiiqrbyxjuhboe.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACvfofasctisklywi.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACsssmovqrsmkpxco.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACjehgodnwfrjlass.log Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436} Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1 Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\LocalServer32@ "C:\Program Files\Internet Explorer\iexplore.exe" Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\ProgID@ InternetExplorer.Application.1 Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\Programmable@ Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\TypeLib@ {EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\VersionIndependentProgID@ InternetExplorer.Application ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\AMBER.SCOTTY\Local Settings\Temp\UAC9821.tmp 343040 bytes executable File C:\WINDOWS\SYSTEM32\UACbnethxbwryxviqj.dll 24064 bytes executable File C:\WINDOWS\SYSTEM32\UACbrfmlwkabwjqoqq.dll 19456 bytes executable File C:\WINDOWS\SYSTEM32\UACcpkoppufrrsbsmx.dll 19968 bytes executable File C:\WINDOWS\SYSTEM32\uacinit.dll 5595 bytes File C:\WINDOWS\SYSTEM32\UACrmhwuyapqhwfbso.dll 17408 bytes executable File C:\WINDOWS\SYSTEM32\UACshiiqrbyxjuhboe.dll 66560 bytes File C:\WINDOWS\SYSTEM32\UACvfofasctisklywi.log 117050 bytes File C:\WINDOWS\SYSTEM32\DRIVERS\UACpxmpxiwesiqweec.sys 52224 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\SYSTEM32\UACwmybxxnhvnmfoeu.dat 224 bytes File C:\WINDOWS\Prefetch\UACLAUNCHER.EXE-168B5EFF.pf 18052 bytes File C:\WINDOWS\Prefetch\UACLAUNCHER.EXE-28184219.pf 17110 bytes File C:\WINDOWS\Temp\UAC8b43.tmp 66560 bytes File C:\WINDOWS\Temp\UACf4ef.tmp 66560 bytes ---- EOF - GMER 1.0.15 ----
  11. I have a box that has appeared. It says, WARNING !!! GMER has found system modification by ROOTKIT activity. OK I am not even sure the scan is complete but it has stopped. I can assume I click the 'OK' in the box that has popped up.
  12. Thanks very much. I do find this rather frustrating. I have downloaded th OTL and posted the logs and I am currently on my next step with GMER. It has been scanning for over 2 hours...will this ever end. Once done I will post those logs also.
  13. My system has just been recently cleaned. EST NOD32 V3.0 was installed as well Malwarebytes' was installed also from the advice of the computer solutions experts that cleaned my system. A virus had currupted my opeating system. They highly recommended the Malwarebytes' so I agreed to have it installed also. That was May 22nd. He ran scans on the users that were not locked and asked me to run scans on the locked users once home. I did this. Everything ran fine ...the newly installed antivirus/antispyware along with malwarebytes' until May24th when a 'personal antivirus' (pav.exe) popped up on all user sites and slowed the system down and on occassion froze the screens. The computer would not shut down properly and not start properly until I removed the 'personal antivirus' (pav.exe). Once I removed this malwarebytes' would not open to run a scan (version 1.36) I uninstalled this and went to your site malwarebytes.org and downloaded version 1.37 and saved it to my desktop, opened it, installed it and restarted my computer. I have done this several times. Malwarebytes' window will not open to perform a scan. In hijackthis Logs I have posted my logs and following the advice as it is posted.
  14. OTL.txt and EXTRAS.txt OTL.Txt Extras.Txt OTL.Txt Extras.Txt
  15. Sorry...it has taken me sometime to navigate this forum, not too computer savvy. OK, I have read through some of the posts and it seems my problems are similar or exact to other users. Here are the logs you asked me to post. I too had a 'Personal Antivirus' (PAV.EXE) attach itself some how (May 24th) and it was very difficult to get rid of but I did. It was during this time I had the most problems with Malwarebytes' Antimalware. I beleive I have removed all components of PAV.EXE I am not sure how it came to be on my computer either, EST NOD32 V3.0 Antivirus/Antispyware did not recognize it as a problem but 'Personal Antivirus' would not stop popping up and telling me I had serious problems and I must 'click here' to resolve the issues. I did not open the program rather I worked on removing it. I have version 1.36 installed on my acer netbook and McAfee Security. Both work fine together. No problems with this. Same operating system Windows XP Home Edition. DDS.txt Attach.zip DDS.txt Attach.zip
  16. I have a net book with McAfee Security and Malwarebytes version 1.36 They run together well and causes no propblems with my system.. My desktop has EST NOD32 V3.0 Antivirus/Antispyware. Malwarebytes version 1.36 was installed May 22nd, 2009. I used it once to scan. Once my computer was restrated it did not work properly. I removed the version 1.36 and installed/re-installed version 1.37 several times and so far all it has been is a problem. I am done with it, I have taken your advise and tried everthing and no matter what, it is not working. Thanks for you help, it was appreciated.
  17. The rootkit driver I could not get to work ..I do have a antivirus/antispyware subscription, automatic scans & updates occur daily. I have installed and re-installed mbam.exe vrsion 1.37 several times and it will not open to run a scan. I will try I'm infected - What do I do now? and Malware Removal - HijackThis Logs be back shortly
  18. I downloaded the DDS and did what you said. How do you want the logs attached?
  19. Hello, I am new to the forum. I have downloaded Malwarebytes' Anti-Malware and installed it. Now I am attempting to open it to run a scan. It will not open. I have uninstalled and re-installed and nothing seems to work. Am I doing something wrong? Thanks in advance for your guidance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.