Jump to content

jeepndiva

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by jeepndiva

  1. Thanks Gringo I appreciate all your help, computer is running fine. I belive we are all fixed and you can close out close this out. Again thank you!
  2. Ok I have run the scan as you have asked, Jotti did not save a file so I took a screen shot for both files. Jotti looks like it thought both files were the same file. Looks like Jotti says the files are malware, let me know what you think, thanks. Computer appears to be running fine. SystemLook.txt Jottti_scan.doc
  3. Computer seems to be running fine, but ComboFix did indicate a rootkit. File attached. ComboFixlog.txt
  4. Computer is running fine. I have attached the other dds file and will post the other file you have asked for as soon as I run it. Thanks DDS.txt
  5. I've run malwarebytes several times and it comes up with a rootkit every time. After reboot they still appear. Could someone suggest a solution? Originally had Security Essential 2010 virus on system. I believe that has been removed. Files attached according to directions. Thanks ark.txt Attach1.txt
  6. I've run malwarebytes several times and it comes up with a rootkit every time. After reboot they still appear. Could someone suggest a solution. Originally had Security Essential 2010 virus on system. I believe that has been removed. File attached Thanks mbam_log_2010_05_21__09_44_05_.txt
  7. Installed combofix and ran.... received error.... Exception processing message c0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c Does anyone know what this means?
  8. Had a virus on an old computer. Could not run Malwarebytes in normal mode so I ran it in safe mode. After running successfully in safe mode it found 4 items and removed them. Now I can not get on the internet with that computer. I run a workgroup setting and no other computer seems to be affected. I get the error cannot connect to the internet using HTTP, HTTPS, or FTP" and to check the firewall settings Any suggestions on how to fix this? Should I just reset the firewall setting back to the default? Thanks in advance.
  9. Thanks for all your help. I am an IT student and appreciate all your help. Computer is running great. No issue that I can tell, although the computer is not my personal computer. DDS file DDS (Ver_09-07-30.01) - NTFSx86 Run by owner at 18:50:58.30 on Fri 09/04/2009 Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16 Microsoft
  10. Computer seems to be running fine and malwarebytes runs without finding issues.
  11. Updated Java but can not run Kaspersky Online Scanner 7 - I am running explorer and running in adaminstrator mode but it fails.
  12. Latest ComboFix Log ComboFix 09-09-02.02 - owner 09/03/2009 18:32.2.1 - NTFSx86 Microsoft
  13. Malwarebytes file Malwarebytes' Anti-Malware 1.40 Database version: 2736 Windows 6.0.6000 9/3/2009 2:35:58 PM mbam-log-2009-09-03 (14-35-58).txt Scan type: Full Scan (C:\|) Objects scanned: 213800 Time elapsed: 50 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Alwil Software\Avast4\DATA\moved\uac80b3.tmp.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Alwil Software\Avast4\DATA\moved\uacjvdncdcjeq.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\UACfyibbmqgvr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\UACimjhhitadg.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\UACjvdncdcjeq.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\UACpwtrwrnnmh.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\drivers\UACfjxnxpdmho.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully. DDS file logs (2) DDS (Ver_09-07-30.01) - NTFSx86 Run by owner at 14:50:18.58 on Thu 09/03/2009 Internet Explorer: 7.0.6000.16890 Microsoft
  14. Contents of new GMER file.... ran in safe mode, would not run normally. Also ran malwarebytes in normal mode found 7 issues. Trojan.Agents (4) and Rootkit.TDSS (3). I have not hit the remove selected yet, advise if you want me to remove them. Thanks GMER 1.0.15.15077 [x4qcxsxj.exe] - http://www.gmer.net Rootkit scan 2009-09-03 13:03:50 Windows 6.0.6000 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8070E282] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8070E474] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8070DF32] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0x8AB4D384] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8070E67C] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  15. Contents of ComboFix log file ComboFix 09-09-02.02 - owner 09/03/2009 11:37.1.1 - NTFSx86 Microsoft
  16. Getting Avast and Norton Internet Security real time scanner active. I have deactivated avast via the systray under deactivate on-access protection. I can't find Norton at all even in the add/remove programs. Should I continue?
  17. ComboFix does not run under normal mode, do you suggest running under safe mode?
  18. Contents of the GMER file GMER 1.0.15.15077 [c53yhuio.exe] - http://www.gmer.net Rootkit scan 2009-09-02 20:44:08 Windows 6.0.6000 ---- System - GMER 1.0.15 ---- Code 85591010 ZwEnumerateKey Code 85591088 ZwFlushInstructionCache Code 8552F7FD IofCallDriver Code 8558892E IofCompleteRequest Code 8559104D ZwSaveKey Code 8558EEA5 ZwSaveKeyEx ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [344] 0x10000000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [680] 0x014E0000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [680] 0x01660000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [756] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [756] 0x006E0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [788] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [788] 0x008D0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [904] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [904] 0x008D0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [928] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [928] 0x008D0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [992] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [992] 0x008D0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1016] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1016] 0x00C60000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1148] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1148] 0x00C60000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1300] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1300] 0x008D0000 Library \\?\globalroot\systemroot\system32\UACpwtrwrnnmh.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1356] 0x013B0000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1392] 0x10000000 Library \\?\globalroot\systemroot\system32\UACjvdncdcjeq.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1532] 0x10000000 Library \\?\globalroot\systemroot\system32\UACimjhhitadg.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1532] 0x008D0000 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- Contents of the dds file DDS (Ver_09-07-30.01) - NTFSx86 Run by owner at 20:52:30.07 on Wed 09/02/2009 Internet Explorer: 7.0.6000.16890 Microsoft Attach.txt
  19. System will not run root repeal This is the error I received 20:18:25: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000104) 20:18:25: DeviceIoControl Error! Error Code = 0x1e7 20:18:25: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000104)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.