WiredWX Hobby Weather ToolsLog in

 


lop problem

2 posters

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
i wasnt aware of any lop problem on my pc before discovering my sisters problems.. by your help i deleted and get rid of kryptik.GH trojan last week but yesterday while deep through scan with my antivirus it found and deleted 51 kryptik.GH, kyrptik.DQ, kryptikGF and this kind of kryptik stuff that i hate to see.. but other than that there were no big problems just i realised sometimes (including trying to install 7zip just couple of minutes before) when i open explorer or mozilla i am getting an annoying advertisement from LINK REMOVED i hadn't been aware any kind of threat other than that i mentioned.. do you think am i safe now? and after resulting my situation may you give me some information about my sisters pc situation please ( just note that i just could followed the half of the steps and the final thing that i did on that pc was lop s&d option 2 step..)

just a note: i am now downloading Java update 12 but havent finished yet..

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
hello again are you gone? here i have finalised your instructions here is javaRA log of MY machine:


JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Feb 25 00:49:03 2009

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Hello.
That popup your getting, is it just from certain websites? do you get it if you go to Google?

Can I ask, are you experiencing Google hijack problems?

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
no i dont get any popup when i go to google.. i just sometimes get this popup but i don't know when as a certain..

i really appreciate the invaluable support that you are giving me since the first day we met, and i look forward to hearing from you.. i think you are getting some rest as you deserve more than anyone else..

i just supplicate that you review all we had done to night in both pc's.. and would i demand too much if i want the informaiton about last situations of my machine, and sisters machine respectively? and i am curious abput should i try to connect to internet from my sisters machine tomorrow to get help from you?
i hope to get detailed info tomorrow and
I' wish you the best..

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Your sisters machine should be fine to connect to the net assuming your careful and don't visit any bad sites until I get online.
Lets get an updated Lop S&D log.

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
hello again my precious friend, firstly i am tracking your instructions for MY machine and when you'll confirm that i am completly clean and safe i'll go to my sisters machine and follow your instructions.. i hope this way will help you to work easier..

Here i start with MY machine..

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:39 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:149 Go (Free:76 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25.02.2009|16:40 )

--------------------\\ Listing folders in APPLIC~1

[25.02.2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[21.02.2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[29.12.2008|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24.11.2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11.11.2008|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[11.11.2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[19.01.2009|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\qs
[21.01.2009|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
[14.11.2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[20.01.2009|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11.11.2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|Dosya] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt
[13|Dizin] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt boŸ

[10.11.2008|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt boŸ

[19.01.2009|19:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt boŸ

[15.11.2008|15:06] C:\DOCUME~1\Moiz\APPLIC~1\Adobe
[18.12.2008|22:59] C:\DOCUME~1\Moiz\APPLIC~1\Babylon
[09.01.2009|23:55] C:\DOCUME~1\Moiz\APPLIC~1\DivX
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Identities
[15.11.2008|15:11] C:\DOCUME~1\Moiz\APPLIC~1\Macromedia
[28.12.2008|22:06] C:\DOCUME~1\Moiz\APPLIC~1\Microsoft
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Windows Desktop Search
[22.02.2009|00:49] C:\DOCUME~1\Moiz\APPLIC~1\Windows Search
[0|Dosya] C:\DOCUME~1\Moiz\APPLIC~1\bayt
[10|Dizin] C:\DOCUME~1\Moiz\APPLIC~1\bayt boŸ

[10.11.2008|20:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt boŸ

[11.11.2008|13:22] C:\DOCUME~1\Owner\APPLIC~1\Adobe
[19.01.2009|16:46] C:\DOCUME~1\Owner\APPLIC~1\Babylon
[12.11.2008|11:38] C:\DOCUME~1\Owner\APPLIC~1\BSplayer
[12.11.2008|11:31] C:\DOCUME~1\Owner\APPLIC~1\BSplayer Pro
[10.11.2008|20:39] C:\DOCUME~1\Owner\APPLIC~1\Identities
[11.11.2008|14:35] C:\DOCUME~1\Owner\APPLIC~1\Macromedia
[11.11.2008|17:35] C:\DOCUME~1\Owner\APPLIC~1\Media Player Classic
[17.12.2008|20:54] C:\DOCUME~1\Owner\APPLIC~1\Microsoft
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Mozilla
[14.11.2008|22:49] C:\DOCUME~1\Owner\APPLIC~1\Sports Interactive
[11.11.2008|19:24] C:\DOCUME~1\Owner\APPLIC~1\Sun
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
[11.11.2008|11:30] C:\DOCUME~1\Owner\APPLIC~1\Windows Desktop Search
[12.11.2008|19:07] C:\DOCUME~1\Owner\APPLIC~1\Windows Search
[11.02.2009|11:53] C:\DOCUME~1\Owner\APPLIC~1\WinRAR
[0|Dosya] C:\DOCUME~1\Owner\APPLIC~1\bayt
[17|Dizin] C:\DOCUME~1\Owner\APPLIC~1\bayt boŸ

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[25.02.2009 16:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[24.02.2009|23:49] C:\Program Files\7-Zip
[18.12.2008|18:28] C:\Program Files\Babylon
[24.02.2009|23:42] C:\Program Files\Common Files
[10.11.2008|20:32] C:\Program Files\ComPlus Applications
[08.02.2009|22:09] C:\Program Files\ESET
[10.11.2008|22:11] C:\Program Files\Foxit Software
[11.11.2008|08:57] C:\Program Files\Google
[11.11.2008|12:16] C:\Program Files\InstallShield Installation Information
[02.02.2009|20:47] C:\Program Files\Internet Explorer
[25.02.2009|00:41] C:\Program Files\Java
[11.11.2008|09:03] C:\Program Files\K-Lite Codec Pack
[21.02.2009|16:11] C:\Program Files\KONAMI
[10.11.2008|20:35] C:\Program Files\microsoft frontpage
[11.11.2008|09:45] C:\Program Files\Microsoft Office
[11.11.2008|11:20] C:\Program Files\Microsoft Silverlight
[11.11.2008|09:45] C:\Program Files\Microsoft Visual Studio
[11.11.2008|09:45] C:\Program Files\Microsoft Works
[10.11.2008|20:33] C:\Program Files\Movie Maker
[25.02.2009|01:10] C:\Program Files\Mozilla Firefox
[10.11.2008|20:31] C:\Program Files\MSN Gaming Zone
[10.11.2008|22:12] C:\Program Files\mtu
[11.11.2008|09:01] C:\Program Files\Nero
[10.11.2008|20:33] C:\Program Files\NetMeeting
[10.11.2008|20:33] C:\Program Files\Online Services
[10.11.2008|22:13] C:\Program Files\OpenOffice.org 2.3
[10.11.2008|20:33] C:\Program Files\Outlook Express
[11.11.2008|08:57] C:\Program Files\Picasa2
[24.02.2009|23:43] C:\Program Files\QuickSnooker
[22.01.2009|11:00] C:\Program Files\Steam
[20.01.2009|12:16] C:\Program Files\Trend Micro
[10.11.2008|20:39] C:\Program Files\Uninstall Information
[12.11.2008|11:31] C:\Program Files\Webteh
[20.01.2009|13:35] C:\Program Files\Winamp
[11.11.2008|11:30] C:\Program Files\Windows Desktop Search
[11.11.2008|08:58] C:\Program Files\Windows Live
[11.11.2008|11:22] C:\Program Files\Windows Media Connect 2
[11.11.2008|11:22] C:\Program Files\Windows Media Player
[10.11.2008|20:31] C:\Program Files\Windows NT
[10.11.2008|20:33] C:\Program Files\WindowsUpdate
[11.02.2009|11:44] C:\Program Files\WinRAR
[10.11.2008|20:35] C:\Program Files\xerox
[0|Dosya] C:\Program Files\bayt
[43|Dizin] C:\Program Files\bayt boŸ

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11.11.2008|09:45] C:\Program Files\Common Files\DESIGNER
[11.11.2008|12:15] C:\Program Files\Common Files\InstallShield
[11.11.2008|10:03] C:\Program Files\Common Files\Microsoft Shared
[10.11.2008|20:33] C:\Program Files\Common Files\MSSoap
[11.11.2008|09:00] C:\Program Files\Common Files\Nero
[10.11.2008|22:18] C:\Program Files\Common Files\ODBC
[10.11.2008|20:33] C:\Program Files\Common Files\Services
[10.11.2008|22:18] C:\Program Files\Common Files\SpeechEngines
[10.11.2008|22:22] C:\Program Files\Common Files\System
[0|Dosya] C:\Program Files\Common Files\bayt
[11|Dizin] C:\Program Files\Common Files\bayt boŸ

--------------------\\ Process

( 38 Processes )

iexplore.exe ~ [PID:528]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 16:41:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Recent\CRACK ve SERIAL.lnk


[F:1007][D:27]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:100][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:7569][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 25.02.2009|16:42 - Option : [1]

--------------------\\ Scan completed at 16:42:07

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Hello.
I think we can wrap this up now.
Nothing showing up in LOP S&D.
I think the popups maybe something hiding from us, hopefully this will get it.

Once MBAM is done, I'll flag you as clean if the report isn't too bad.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
hello again.. i couldn't update the program it says ''update failed, make sure you are connected to the internet and your firewall is set to allow Malwarebytes' Anti Malware to acess the internet'' should i proceed ignoring this?

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Yes. See what the scan finds.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
process done.. what was those 16 infected files?

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

25.02.2009 18:02:04
mbam-log-2009-02-25 (18-02-04).txt

Scan type: Quick Scan
Objects scanned: 64048
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxhjuoethw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxaollvqhr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxdgmwqkih.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxdlpalyno.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxfwxwhkly.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxjdbqptxe.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlldllole.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlrdltowy.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlyappakx.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxpvuueuhd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxsapynkly.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxtymctqon.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxvwiltlog.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxwtmjctni.sys (Trojan.Agent) -> Quarantined and deleted successfully.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
It's a DNS hijacker rootkit.
Can you post a new DDS log please? I wasn't expecting this.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
i am wondering and upset about how could i smudged this much trouble by just a simple use of internet, and wondering who and what the intruder can gain by us:(


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 18:13:12,71 on 25.02.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2046.1589 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Problem Çözümleme Artıkları\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.tr/
mDefault_Page_URL = hxxp://www.google.com.tr/
uInternet Settings,ProxyServer = libpxy.cc.yildiz.edu.tr:81
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NodLogin] c:\program files\eset\nodlogin.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dk994s4c.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\dk994s4c.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}\components\FFAlert.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-8 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-8 552064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Dönüştürücüsü;c:\windows\system32\drivers\ADM8511.SYS [2008-11-10 20160]

=============== Created Last 30 ================

2009-02-25 17:51 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-25 17:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 17:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 17:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 17:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 16:40 --d----- C:\Lop SD
2009-02-25 00:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 00:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-21 16:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:15 --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-02-21 16:11 --d----- c:\program files\KONAMI
2009-02-15 17:59 a-dshr-- C:\autorun.inf
2009-02-08 21:09 6,604 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 21:07 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-02-08 21:07 298,104 a------- c:\windows\system32\imon.dll
2009-02-08 21:07 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-02-02 20:45 230 a------- c:\windows\system32\spupdsvc.inf
2009-01-29 01:08 4 a------- c:\windows\system32\gaopdxcounter

==================== Find3M ====================

2009-02-25 00:09 413,744 a------- c:\windows\system32\perfh01F.dat
2009-02-25 00:09 82,292 a------- c:\windows\system32\perfc01F.dat

============= FINISH: 18:13:30,79 ===============

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Hello.
See if you still get the Firefox popups now.

If you do, we'll go at it full force. I know the rootkit is present, we can blast it down.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
what should i do now? i do not always get popup i sometimes randomly got it ( i am not getting any since last night..)

today i experienced a strange thing before you got online i left the machine for narly 5 minutes and when i came back i can move the mouse cursor freely but cant click on anything, machine vision and keybord was frozen i could just move my mouse cursor and forced to turn off the power button but i sense this is not a big problem.. and is nothing to do with the problems you're solving..

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
Hmm.
Okay, if there's no problems left and the keyboard and mouse still work, then I think we can say were done.

descriptionlop problem - Page 3 EmptyRe: lop problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum