multiple infections

View previous topic View next topic Go down

Re: multiple infections

Post by Belahzur on 26th February 2009, 11:21 pm

It will remain open for about 7-10 days.
After 10 days, it will be closed.

If you want it re-opened, PM me or Doctor_Inferno.
If not, then just start a new topic.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Big Problems again:-(

Post by tinkerman on 2nd March 2009, 9:34 am

hello my saviour again.. i am too upset to say that i'm wrting from my sis's machine because the similiar problems that i've encountered on this machine has now damaged my laptop.. ıt means that i can't do anything on internet at the moment cant connect to anysite, or msn etc..

everything was working fine yesterday night for me untill my father took my laptop and nt more than 5 minutes past suddenly he revealed that he can't even log in to hotmial.com.. i am really jaded with him because i can predict that he always try to connect those bad porn sites.. i suppose the damage is maybe from saturday night.. ( cos i wasnt at home and probably he took my laptop an d done strange things.. but the machine seemed to be fine on full sunday till the night that i gave the machine to him..

the most common message that i receive when i try to connect mozilla is somthing like ' web prescription: tr.start2.mozilla.com sever is answering too late..'' ( i 've tried to translate to english)

note that: i had installed the spybotS&D and outpost firewall to mya laptop coouldn't avoid the damage:(

as a resuşt i need your invaluable helps again:(( do yuo want me to post the dds log or hijackthis log ?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 2:15 pm

DDS log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 2:51 pm

hi again..
DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 16:44:29,56 on 02.03.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2046.1553 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nodlogin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Problem Çözümleme Artıkları\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = libpxy.cc.yildiz.edu.tr:81
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NodLogin] c:\program files\eset\nodlogin.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Outpost Firewall] "c:\program files\agnitum\outpost firewall 1.0\outpost.exe" /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dk994s4c.default\

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-8 15424]
R1 VFILT;Outpost Firewall Kernel Driver;c:\progra~1\agnitum\outpos~1.0\kernel\2000\FILTNT.SYS [2009-3-1 90368]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-8 552064]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\ADBLOCK.DLL [2009-3-1 15552]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\CONTENT.DLL [2009-3-1 3904]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\DNSCACHE.DLL [2009-3-1 6144]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\FTPFILT.DLL [2009-3-1 6304]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\HTMLFILT.DLL [2009-3-1 7776]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\HTTPFILT.DLL [2009-3-1 9152]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\IMAPFILT.DLL [2009-3-1 7072]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\MAILFILT.DLL [2009-3-1 9920]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\NNTPFILT.DLL [2009-3-1 6656]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\POP3FILT.DLL [2009-3-1 7136]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\PROTECT.DLL [2009-3-1 15584]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Dönüştürücüsü;c:\windows\system32\drivers\ADM8511.SYS [2008-11-10 20160]

=============== Created Last 30 ================

2009-03-02 16:42 268 a---h--- C:\sqmdata03.sqm
2009-03-02 16:42 244 a---h--- C:\sqmnoopt03.sqm
2009-03-01 23:58 268 a---h--- C:\sqmdata02.sqm
2009-03-01 23:58 244 a---h--- C:\sqmnoopt02.sqm
2009-03-01 23:19 268 a---h--- C:\sqmdata01.sqm
2009-03-01 23:19 244 a---h--- C:\sqmnoopt01.sqm
2009-03-01 21:53 --d----- c:\program files\common files\Agnitum Shared
2009-03-01 21:53 --d----- c:\program files\Agnitum
2009-02-27 23:48 --d----- c:\program files\Spybot - Search & Destroy
2009-02-27 23:48 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-26 23:45 268 a---h--- C:\sqmdata00.sqm
2009-02-26 23:45 244 a---h--- C:\sqmnoopt00.sqm
2009-02-25 17:51 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-25 17:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 17:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 17:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 17:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 16:40 --d----- C:\Lop SD
2009-02-25 00:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 00:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-21 16:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:15 --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-02-21 16:11 --d----- c:\program files\KONAMI
2009-02-15 17:59 a-dshr-- C:\autorun.inf
2009-02-08 21:09 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 21:07 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-02-08 21:07 298,104 a------- c:\windows\system32\imon.dll
2009-02-08 21:07 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-02-02 20:45 230 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2009-03-01 22:57 413,744 a------- c:\windows\system32\perfh01F.dat
2009-03-01 22:57 82,292 a------- c:\windows\system32\perfc01F.dat

============= FINISH: 16:44:55,87 ===============

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 2:55 pm

Hello.
This log looks fine, there's no real signs of malware, only leftovers.
What problems is this machine having?

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\sqmdata*.sqm
    C:\sqmnoopt*.sqm
    C:\Lop SD


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:02 pm

as i mention before: ''hello my saviour again.. i am too upset to say that i'm wrting from my sis's machine because the similiar problems that i've encountered on this machine has now damaged my laptop.. ıt means that i can't do anything on internet at the moment cant connect to anysite, or msn etc..

everything was working fine yesterday night for me untill my father took my laptop and nt more than 5 minutes past suddenly he revealed that he can't even log in to hotmial.com.. i am really jaded with him because i can predict that he always try to connect those bad porn sites.. i suppose the damage is maybe from saturday night.. ( cos i wasnt at home and probably he took my laptop an d done strange things.. but the machine seemed to be fine on full sunday till the night that i gave the machine to him..

the most common message that i receive when i try to connect mozilla is somthing like ' web prescription: tr.start2.mozilla.com sever is answering too late..'' ( i 've tried to translate to english)

note that: i had installed the spybotS&D and outpost firewall to mya laptop coouldn't avoid the damage:(''
could the source of the damage occur when he opens his account? then affects me?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 3:06 pm

Maybe that's why DDS gave me nothing.
The malware is on the other account of the machine and just appears on yours without the files.

Your account is fine, can you logon to the other account and post a DDS log from that account.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:16 pm

i think that will prove that i am innocent:-) we are curing the macihne and he makes it ill easily:((

========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\Lop SD moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_171126

now i will open his account and post the dds log..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:26 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by Moiz at 17:20:24,31 on 02.03.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2046.1599 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nodlogin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\cem sorun giderme\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NodLogin] c:\program files\eset\nodlogin.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Outpost Firewall] "c:\program files\agnitum\outpost firewall 1.0\outpost.exe" /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\moiz\applic~1\mozilla\firefox\profiles\6xuxhze4.default\

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-8 15424]
R1 VFILT;Outpost Firewall Kernel Driver;c:\progra~1\agnitum\outpos~1.0\kernel\2000\FILTNT.SYS [2009-3-1 90368]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-8 552064]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\ADBLOCK.DLL [2009-3-1 15552]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\CONTENT.DLL [2009-3-1 3904]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\DNSCACHE.DLL [2009-3-1 6144]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\FTPFILT.DLL [2009-3-1 6304]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\HTMLFILT.DLL [2009-3-1 7776]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\HTTPFILT.DLL [2009-3-1 9152]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\IMAPFILT.DLL [2009-3-1 7072]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\MAILFILT.DLL [2009-3-1 9920]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\NNTPFILT.DLL [2009-3-1 6656]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\POP3FILT.DLL [2009-3-1 7136]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\progra~1\agnitum\outpos~1.0\kernel\PROTECT.DLL [2009-3-1 15584]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Dönüştürücüsü;c:\windows\system32\drivers\ADM8511.SYS [2008-11-10 20160]

=============== Created Last 30 ================

2009-03-01 21:53 --d----- c:\program files\common files\Agnitum Shared
2009-03-01 21:53 --d----- c:\program files\Agnitum
2009-02-27 23:48 --d----- c:\program files\Spybot - Search & Destroy
2009-02-27 23:48 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-26 22:36 --d----- c:\docume~1\moiz\applic~1\BSplayer
2009-02-25 17:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 17:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 17:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 17:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 00:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 00:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-22 00:49 --d----- c:\docume~1\moiz\applic~1\Windows Search
2009-02-21 16:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:15 --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-02-21 16:11 --d----- c:\program files\KONAMI
2009-02-15 17:59 a-dshr-- C:\autorun.inf
2009-02-08 21:09 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 21:07 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-02-08 21:07 298,104 a------- c:\windows\system32\imon.dll
2009-02-08 21:07 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-02-02 20:45 230 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2009-03-01 22:57 413,744 a------- c:\windows\system32\perfh01F.dat
2009-03-01 22:57 82,292 a------- c:\windows\system32\perfc01F.dat

============= FINISH: 17:20:41,90 ===============

could it be a lop problem again? cos the sypmtoms is similar to the one that you healed previous week on my sistes machine the internet is unavaliable although ir seemsto be no connection problems..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:34 pm

when trying to surf it always says something like network prescription: mozilla server is anwering too late.. below that it shows some reasons may be the outpost firewall 's wrong settings could couse such problem i don't know?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 3:35 pm

The log looks okay.
We can check if it's LOP, but I doubt it is.

The problem could be the firewall.
Uninstall it for now and see if it repairs it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:51 pm

yes you were right! it turned to normal after unistalling the firewall..(I ve checked the both accounts) am i supposed to do somethnig else?

while checking his account i saw many bad sites that he usulayy uses probably.. do you advise me to delete the temp folder of his, to prevent future threats?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 3:58 pm

unless i don't know how to use a firewall well i think i shouldn't use it am i right?
and one more question i was using nod32 cracked version as you could see from the logs do you advise me to use avira personal free instead of nod32 cracked?

and finally are both spybotS&D and firefox addons enough for my defence?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 4:02 pm

Sticking with Windows firewall should be enough providing you surf safely.
The Firefox add-ons will protect you.

Yeah, uninstall nod32 and install Avira.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 4:06 pm

ok i will use avira form now on..

how can i be sure that wşndows firewall is open and protecting me properly?
it seems closed and i cant open it from windows security center!?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 2nd March 2009, 4:13 pm

Windows would alert you if the firewall wasn't switched on.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 2nd March 2009, 4:16 pm

ok thank you for everything you've done for me:) i hope you aren't jaded of dealing with my problems again anad again..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by tinkerman on 5th March 2009, 3:20 pm

hi again this time i haven't got any problems with the machine Smile just searching for Piranha Webcam Driver model PC5000 can you help me?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29249
# Likes # Likes : 0

View user profile

Back to top Go down

Re: multiple infections

Post by Belahzur on 5th March 2009, 5:13 pm

Maybe.
Please open a thread in the software area for that, since this is the malware removal section.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum