Jump to content

labuke

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=8d379cf11f6a534194b6bed869c0d055 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-26 06:24:00 # local_time=2010-11-26 01:24:00 (-0500, Eastern Standard Time) # country="Japan" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=5892 16776638 100 100 20514731 127392493 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=253192 # found=5 # cleaned=5 # scan_time=10920 C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Tae Sakamoto\AppData\Roaming\Adobe\AdobeUpdate.exe a variant of Win32/TrojanDownloader.Karagany.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Tae Sakamoto\Desktop\090108IBM think pad01\C\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4144.0.4\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Tae Sakamoto\Desktop\090108IBM think pad01\C\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Tae Sakamoto\Documents\Azureus Downloads\Switch Sound File Converter Plus 1.5\Keygen.exe a variant of Win32/Keygen.AT application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  2. Nothing has popped up or hasn't given me any trouble. I just wasn't sure if you saw anything in the logs and had to do anything further. If not, thanks so much for you help! I really appreciate it.
  3. ComboFix 10-11-14.01 - Tae Sakamoto 2010/11/22 9:16.3.2 - x86 Microsoft
  4. Things seem much better now. Right now, I'm unable to get online using IE - something about the proxy setting not being set up correctly. So I'm using Firefox, after choosing "auto-detect" proxy setting. As I was surfing, a few window popped up - similar to the initial one - saying my computer is infected and needs to be scanned. I closed all the windows and restarted the computer. It seems fine now, but I'm not sure if the bug is completely gone. The keyboard stickyness is gone. Let me know what the next step is. Thanks!
  5. ComboFix 10-11-14.01 - Tae Sakamoto 2010/11/15 9:04.2.2 - x86 Microsoft
  6. By the way, before and after the Combo-Fix, the on screen response to my key strokes is very slow. Thanks again for your help!
  7. Here is the combofix log ComboFix 10-11-14.01 - Tae Sakamoto 2010/11/14 19:00:15.1.2 - x86 Microsoft
  8. Hi Borislav, Thanks in advance for your help. Here is the new MBAM log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5100 Windows 6.0.6000 (Safe Mode) Internet Explorer 7.0.6000.17037 2010/11/12 10:04:38 mbam-log-2010-11-12 (10-04-38).txt Scan type: Quick scan Objects scanned: 149120 Time elapsed: 10 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\0339939776 (Rogue.SecurityTool) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Tae Sakamoto\AppData\Local\0339939776.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Tae Sakamoto\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. and here is the DDS DDS (Ver_10-11-10.01) - NTFSx86 Run by Tae Sakamoto at 10:11:01.86 on 2010/11/12 Internet Explorer: 7.0.6000.17037 Microsoft
  9. I have gone through all of the initial steps described in the "I'm infected..." postingwith one exception- - I was unable to complete the installation of Antivir. I got message saying Windows updater was preventing this- I could not access windows updater to change any settings. Everything else is done. Thanks in advance for your help! PS Im currently running in safe mode- the popups make it impossible to do anything in normal mode. Joe Here is the DDS DDS (Ver_10-11-10.01) - NTFSx86 NETWORK Run by Tae Sakamoto at 9:19:02.39 on 2010/11/11 Internet Explorer: 7.0.6000.17037 Microsoft ark.zip Attach.zip
  10. Gringo, sorry on more thing... When I go to system restore, there are restore points from 5/4/10, (5/7/10 and 5/8/10 have a bunch of install and uninstall information) Shouldnt that restore point be gone?
  11. Gringo, Thanks for all yur help. i just finished the above procedures and did a lot of reading. Ive installed Win Patrol, spyware blaster, Antivir. Ive turned on the windows firewall, will try and stick to using Firefox when I can, and have set windows update to automatic. I do have a few questions before I visit your paypal link if you dont mind. 1- Was there ever a rootkit and can you guarantee its gone if there was? There was a file called "rootkit.dropper" in one of the first malware bytes scans. 2- Can you tell me what I did have? 3- Im not going to install symantec and will use antivir. Its hard to chose or know which antivirus is the best there are so many, any suggestions on one? 4- If I buy and install the malwarebytes realtime protection will it interfere with anything Ive installed above? 5- what do i do with windows defender? Thanks for all your help. You were very professional and quick with replies and I really appreciate that. You've made me an advocate of malwarebytes! Ill be visiting your paypal as soon as I hear back from you regarding my questions and hear my computer is now secure again (for banking, billing etc). best regards, labuke
  12. I was unable to add the antivir txt for some reason. Computer seems to be running fine. Here it is Avira AntiVir Personal Report file date: Saturday, May 08, 2010 15:45 Scanning for 2081209 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (Service Pack 2) [6.0.6002] Boot mode : Normally booted Username : SYSTEM Computer name : JOE-PC Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 23:21:24 VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 23:21:24 VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 23:21:24 VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 23:21:24 VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 23:21:24 VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 23:21:24 VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 23:21:25 VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 23:21:25 VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 23:21:25 VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 23:21:26 VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 23:21:27 VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 23:21:28 VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 23:21:30 VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 23:21:31 VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 23:21:32 VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 23:21:33 VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 23:21:34 VBASE022.VDF : 7.10.7.52 2048 Bytes 5/6/2010 23:21:34 VBASE023.VDF : 7.10.7.53 2048 Bytes 5/6/2010 23:21:34 VBASE024.VDF : 7.10.7.54 2048 Bytes 5/6/2010 23:21:34 VBASE025.VDF : 7.10.7.55 2048 Bytes 5/6/2010 23:21:34 VBASE026.VDF : 7.10.7.56 2048 Bytes 5/6/2010 23:21:35 VBASE027.VDF : 7.10.7.57 2048 Bytes 5/6/2010 23:21:35 VBASE028.VDF : 7.10.7.58 2048 Bytes 5/6/2010 23:21:35 VBASE029.VDF : 7.10.7.59 2048 Bytes 5/6/2010 23:21:35 VBASE030.VDF : 7.10.7.60 2048 Bytes 5/6/2010 23:21:35 VBASE031.VDF : 7.10.7.66 70656 Bytes 5/7/2010 23:21:36 Engineversion : 8.2.1.236 AEVDF.DLL : 8.1.2.0 106868 Bytes 5/7/2010 23:21:54 AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 5/7/2010 23:21:54 AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41 AESBX.DLL : 8.1.3.1 254324 Bytes 5/7/2010 23:21:55 AERDL.DLL : 8.1.4.6 541043 Bytes 5/7/2010 23:21:50 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/7/2010 23:21:48 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25 AEGEN.DLL : 8.1.3.7 373106 Bytes 5/7/2010 23:21:40 AEEMU.DLL : 8.1.2.0 393588 Bytes 5/7/2010 23:21:39 AECORE.DLL : 8.1.15.1 192886 Bytes 5/7/2010 23:21:38 AEBB.DLL : 8.1.1.0 53618 Bytes 5/7/2010 23:21:37 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4cc74f29\guard_slideup.avp Logging.............................: low Primary action......................: interactive Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Start of the scan: Saturday, May 08, 2010 15:45 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned Scan process 'java.exe' - '1' Module(s) have been scanned Scan process 'jp2launcher.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'FlashUtil10e.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'DDNIService.exe' - '1' Module(s) have been scanned Scan process 'DDNIMSGService.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'Apntex.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'ACWLIcon.exe' - '1' Module(s) have been scanned Scan process 'ACTray.exe' - '1' Module(s) have been scanned Scan process 'DDNIMSGUser.exe' - '1' Module(s) have been scanned Scan process 'PManage.exe' - '1' Module(s) have been scanned Scan process 'Amsg.exe' - '1' Module(s) have been scanned Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned Scan process 'LPMGR.EXE' - '1' Module(s) have been scanned Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'SmAudio.exe' - '1' Module(s) have been scanned Scan process 'TpWAudAp.exe' - '1' Module(s) have been scanned Scan process 'tpfnf7sp.exe' - '1' Module(s) have been scanned Scan process 'Apoint.exe' - '1' Module(s) have been scanned Scan process 'PMHandler.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'Dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SvcGuiHlpr.exe' - '1' Module(s) have been scanned Scan process 'SUService.exe' - '1' Module(s) have been scanned Scan process 'AcSvc.exe' - '1' Module(s) have been scanned Scan process 'xaudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'tvtsched.exe' - '1' Module(s) have been scanned Scan process 'rrservice.exe' - '1' Module(s) have been scanned Scan process 'rrpservice.exe' - '1' Module(s) have been scanned Scan process 'TPHKSVC.exe' - '1' Module(s) have been scanned Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PMSveH.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned Scan process 'FNF5SVC.exe' - '1' Module(s) have been scanned Scan process 'DkService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'AcPrfMgrSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'WLANExt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\npiiujxwp\yqnghjitssd.exe.vir' C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\npiiujxwp\yqnghjitssd.exe.vir [DETECTION] Is the TR/FakeAV.274432 Trojan Begin scan in 'C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\xnikuovbd\ykumglutssd.exe.vir' C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\xnikuovbd\ykumglutssd.exe.vir [DETECTION] Is the TR/FakeAV.274432 Trojan Beginning disinfection: C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\xnikuovbd\ykumglutssd.exe.vir [DETECTION] Is the TR/FakeAV.274432 Trojan [WARNING] The file was ignored! C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\npiiujxwp\yqnghjitssd.exe.vir [DETECTION] Is the TR/FakeAV.274432 Trojan [WARNING] The file was ignored! End of the scan: Saturday, May 08, 2010 15:55 Used time: 00:03 Minute(s) The scan has been done completely. 0 Scanned directories 96 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 94 Files not concerned 0 Archives were scanned 2 Warnings 0 Notes The scan results will be transferred to the Guard.
  13. gringo, here is the mbam log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4078 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 5/8/2010 1:27:04 PM mbam-log-2010-05-08 (13-27-04).txt Scan type: Quick scan Objects scanned: 136147 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I Ran kaspersky on "my computer" It too a long time and finished with nothing found. However, 25% of the way through the scan, Antivir gave a pop up saying two trojans were detected. I simply closed the Antivir window then I disabled antivir, and scanned the c:\ folder with kaspersky. Ive attached bith the antivir log and the kaspersky as txt files. sorry for the delay in getting tis to you labuke kaspersky_scan.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.