Change Mode

kensob
Members-
Content Count
19 -
Joined
-
Last visited
About kensob

-
Rank
Member
-
It is running much much better. Thank you. Here are the logs you requested. ========== OTL ========== C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\w1vjs2h771 moved successfully. C:\Documents and Settings\All Users\Application Data\w1vjs2h771 moved successfully. C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\q841 moved successfully. C:\Documents and Settings\All Users\Application Data\q841 moved successfully. C:\Documents and Settings\KSOBECKI\Local Settings\Application Data\34f60 moved successfully. C:\Documents and Settings\All Users\Appli
-
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAsbcofvcpci\PRAGMAd.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\tafqgkzvxu.exe.vir Win32/Adware.GooochiBiz.AE.Gen application deleted - quarantined C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000110.dll probably a variant of Win32/Agent trojan cleaned by deleting - quaranti
-
I am sorry but it went to a second page and when I scrolled down there I just saw your last post and thought that was the end. I will post the requested logs in separate replies with the first one here. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/1/2010 7:05:43 AM mbam-log-2010-05-01 (07-05-43).txt Scan type: Quick scan Objects scanned: 124278 Time elapsed: 11 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry K
-
ComboFix 10-04-29.05 - KSOBECKI 04/30/2010 7:00.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.771 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))))) . 2010-04-29 02:19 . 2010-04-29 02:27 ---
-
ComboFix 10-04-28.03 - KSOBECKI 04/28/2010 22:20:42.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.921 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 ))))))))))))))))))))))))))))))) . 2010-04-28 01:53 . 2010-04-28 02:00 -------- d-----w- c:\doc
-
ComboFix 10-04-26.05 - KSOBECKI 04/27/2010 21:46:40.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.999 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe Command switches used :: c:\documents and settings\KSOBECKI\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} file zipped: c:\windows\Jcirejifigocixa.dat file zipped: c:\windows\Psapewisurase.bin . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))
-
I tried to shut off the Symantec EndPoint but every time I did.....it locked the computer. I ran it while it was on. ComboFix 10-04-21.01 - KSOBECKI 04/25/2010 18:25:41.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1084 [GMT -4:00] Running from: c:\documents and settings\KSOBECKI\Desktop\schrauber.exe AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settin
-
GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-04-24 23:17:32 Windows 5.1.2600 Service Pack 3 Running: nvmx55zj.exe; Driver: C:\DOCUME~1\KSOBECKI\LOCALS~1\Temp\uwldqpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation
-
OTL logfile created on: 4/24/2010 10:33:53 PM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\KSOBECKI\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data
-
Jon Tom said Hello kensob You had some very nasty stuff on your machine (Backdoors and Rootkits). It may be the case that there are still a few things that need to be taken care of. If I were you I would create a thread in the HJT forum and ask the good people there to check your system: http://forums.pcpitstop.com/index.php?showforum=25 Include a link to this thread or alternatively post the MBAM log in the new thread. Then wait for a Trusted HJT Advisor to get in touch. They will ask you to perform some system scans and then advise you if anything else needs to be don
-
Here are the results of the scan. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4021 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/22/2010 8:38:59 AM mbam-log-2010-04-22 (08-38-59).txt Scan type: Quick scan Objects scanned: 113818 Time elapsed: 8 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\Documents and Set
-
I checked into a hotel and got the wireless internet. Almost immediately I got messages from Antimalware Doctor that Iam infected. I know this is the virus but want to stop it. It seems as though there is an endless loop where I cannot open Firefox either. I tried to open Task Manager or to look at the Hidden Files but both options seem to be blocked. I find Packed.Mystic!gen3 is found by Symantec Endpoint which it says is quarantined. How can I get rid of this bug?