Jump to content

Change Mode

kensob

Members
  • Content Count

    19
  • Joined

  • Last visited

About kensob

  • Rank
    Member
  1. It is running much much better. Thank you. Here are the logs you requested. ========== OTL ========== C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\w1vjs2h771 moved successfully. C:\Documents and Settings\All Users\Application Data\w1vjs2h771 moved successfully. C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\q841 moved successfully. C:\Documents and Settings\All Users\Application Data\q841 moved successfully. C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\34f60 moved successfully. C:\Documents and Settings\All Users\Appli
  2. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAsbcofvcpci\PRAGMAd.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\tafqgkzvxu.exe.vir Win32/Adware.GooochiBiz.AE.Gen application deleted - quarantined C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000110.dll probably a variant of Win32/Agent trojan cleaned by deleting - quaranti
  3. I am sorry but it went to a second page and when I scrolled down there I just saw your last post and thought that was the end. I will post the requested logs in separate replies with the first one here. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/1/2010 7:05:43 AM mbam-log-2010-05-01 (07-05-43).txt Scan type: Quick scan Objects scanned: 124278 Time elapsed: 11 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry K
  4. ComboFix 10-04-29.05 - KSOBECKI 04/30/2010 7:00.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.771 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))))) . 2010-04-29 02:19 . 2010-04-29 02:27 ---
  5. ComboFix 10-04-28.03 - KSOBECKI 04/28/2010 22:20:42.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.921 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 ))))))))))))))))))))))))))))))) . 2010-04-28 01:53 . 2010-04-28 02:00 -------- d-----w- c:\doc
  6. ComboFix 10-04-26.05 - KSOBECKI 04/27/2010 21:46:40.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.999 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} file zipped: c:\windows\Jcirejifigocixa.dat file zipped: c:\windows\Psapewisurase.bin . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))
  7. I tried to shut off the Symantec EndPoint but every time I did.....it locked the computer. I ran it while it was on. ComboFix 10-04-21.01 - KSOBECKI 04/25/2010 18:25:41.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1084 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settin
  8. GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-04-24 23:17:32 Windows 5.1.2600 Service Pack 3 Running: nvmx55zj.exe; Driver: C:\DOCUME~1\KSOBECKI\LOCALS~1\Temp\uwldqpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation
  9. OTL logfile created on: 4/24/2010 10:33:53 PM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\KSOBECKI\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data
  10. Jon Tom said Hello kensob You had some very nasty stuff on your machine (Backdoors and Rootkits). It may be the case that there are still a few things that need to be taken care of. If I were you I would create a thread in the HJT forum and ask the good people there to check your system: http://forums.pcpitstop.com/index.php?showforum=25 Include a link to this thread or alternatively post the MBAM log in the new thread. Then wait for a Trusted HJT Advisor to get in touch. They will ask you to perform some system scans and then advise you if anything else needs to be don
  11. Here are the results of the scan. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4021 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/22/2010 8:38:59 AM mbam-log-2010-04-22 (08-38-59).txt Scan type: Quick scan Objects scanned: 113818 Time elapsed: 8 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\Documents and Set
  12. I checked into a hotel and got the wireless internet. Almost immediately I got messages from Antimalware Doctor that Iam infected. I know this is the virus but want to stop it. It seems as though there is an endless loop where I cannot open Firefox either. I tried to open Task Manager or to look at the Hidden Files but both options seem to be blocked. I find Packed.Mystic!gen3 is found by Symantec Endpoint which it says is quarantined. How can I get rid of this bug?
×
×
  • Create New...