viruses back

View previous topic View next topic Go down

Re: viruses back

Post by Belahzur on Mon Nov 16, 2009 8:20 pm

Okay, go into the TeaTimer settings and turn it off. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: viruses back

Post by dookie22 on Wed Nov 18, 2009 3:52 am

Still running slow in regular mode. When i go a google search the results come up and it redirects me on some sites but not on others.

dookie22
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-09-30
OS OS : XP
Points Points : 26490
# Likes # Likes : 0

View user profile

Back to top Go down

Re: viruses back

Post by Belahzur on Wed Nov 18, 2009 6:13 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: viruses back

Post by dookie22 on Thu Nov 19, 2009 12:45 am

When i open that the only scan I see is when i click the tab autostart at the top. I hit that and in a second a bunch of files came up on the left. not sure what to do.

dookie22
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-09-30
OS OS : XP
Points Points : 26490
# Likes # Likes : 0

View user profile

Back to top Go down

Re: viruses back

Post by dookie22 on Sun Nov 22, 2009 8:31 pm

Ok I did the scan, it took a couple hours. when it finished tho nothing came up with the results.

dookie22
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-09-30
OS OS : XP
Points Points : 26490
# Likes # Likes : 0

View user profile

Back to top Go down

Re: viruses back

Post by Belahzur on Mon Nov 23, 2009 12:17 am

Can you re-run Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: viruses back

Post by dookie22 on Mon Nov 23, 2009 8:18 pm

ComboFix 09-11-22.08 - Nick 11/23/2009 13:46.6.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.343 [GMT -6:00]
Running from: c:\documents and settings\Nick\My Documents\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-15 08:34 . 2009-11-15 08:35 -------- d-----w- C:\Combo-Fix
2009-11-12 19:26 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-11 02:29 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 02:29 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 20:39 . 2009-11-23 05:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 02:32 . 2009-11-10 17:59 826 ----a-w- c:\windows\system32\wininit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 06:52 . 2007-01-23 04:54 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-23 06:46 . 2006-08-22 16:54 -------- d-----w- c:\program files\PokerStars
2009-11-23 04:17 . 2007-08-14 07:03 -------- d-----w- c:\program files\UltimateBet
2009-11-19 22:10 . 2007-09-02 23:57 -------- d-----w- c:\program files\Absolute Poker
2009-11-18 03:50 . 2009-09-03 02:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 03:36 . 2008-07-10 00:17 -------- d-----w- c:\program files\PlayersOnly Poker
2009-11-17 21:58 . 2008-06-05 22:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 19:24 . 2009-10-03 17:16 -------- d-----w- c:\documents and settings\Nick\Application Data\Common Files
2009-10-21 23:01 . 2009-10-21 23:01 127903 ----a-w- c:\documents and settings\Nick\Application Data\Move Networks\uninstall.exe
2009-10-21 23:01 . 2009-02-07 19:30 -------- d-----w- c:\documents and settings\Nick\Application Data\Move Networks
2009-10-21 23:01 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\Nick\Application Data\Move Networks\plugins\npqmp071502000008.dll
2009-10-21 18:30 . 2007-08-13 23:47 -------- d-----w- c:\program files\Bodog Poker
2009-10-15 21:57 . 2009-10-15 21:57 -------- d-----w- c:\program files\Avira
2009-10-14 18:38 . 2009-04-14 04:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 22:07 . 2009-10-12 22:07 -------- d-----w- c:\program files\ESET
2009-10-07 01:17 . 2006-10-16 17:17 45584 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 23:27 . 2006-08-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-06 23:26 . 2006-08-16 16:29 -------- d-----w- c:\program files\Viewpoint
2009-10-06 21:23 . 2009-10-06 21:23 -------- d-----w- c:\program files\Trend Micro
2009-10-05 23:03 . 2008-06-05 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-26 20:33 . 2009-09-26 20:33 -------- d-----w- c:\documents and settings\Nick\Application Data\COREL
2009-09-18 20:21 . 2009-09-18 20:21 0 ----a-w- c:\documents and settings\Nick\settings.dat
2009-09-11 14:03 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\McAfee.com\\Personal Firewall\\MpfAgent.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/16/2006 10:37 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Nick\Start Menu\Programs\UltimateBet\UltimateBet.lnk
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-23 14:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x83326170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf883bfc3
\Driver\ACPI -> ACPI.sys @ 0xf87aecb8
\Driver\atapi -> atapi.sys @ 0xf87667b4
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056d56b
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056d56b
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8658ba0
PacketIndicateHandler -> NDIS.sys @ 0xf8665b21
SendHandler -> NDIS.sys @ 0xf864387b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-23 14:07
ComboFix-quarantined-files.txt 2009-11-23 20:07
ComboFix2.txt 2009-11-14 23:56

Pre-Run: 103,630,172,160 bytes free
Post-Run: 103,875,792,896 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E50BE7402BE23AA352A95BAF71544D00

dookie22
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-09-30
OS OS : XP
Points Points : 26490
# Likes # Likes : 0

View user profile

Back to top Go down

Re: viruses back

Post by dookie22 on Wed Nov 25, 2009 10:07 pm

I ran malwarebytes and it didnt find anything.

dookie22
Novice
Novice

Posts Posts : 49
Joined Joined : 2009-09-30
OS OS : XP
Points Points : 26490
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum