-
Posts
27 -
Joined
-
Last visited
Reputation
0 Neutral-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 27 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
AdwCleanerS1.txt Will now run the other thing you told me to do. Will report back shortly.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
AdwCleanerR1.txt- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
unhide.txt We've got sound now, yay! But the folders in the Start Menu are still grayed out and empty, even after running Unhide twice and rebooting. Second time I ran it with all the virus-software disabled. Still no go. Am now printing out the instructions for restoring Start Menu Items and will try these. Do you have suggestions on how much/what kind of anti-virus software I should be running? Also, could you point me in the right direction for speeding up/spring cleaning my pc? Thanks!- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
Still no sound. And when I look under "programs" on the start menu, most of them still read "empty." Thank you for your help.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
12102012_223928.log Sorry for the delay. Thanks for hanging in there.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
Just learned that we have no sound, even though the mute button is off.... isn't that special? :-o- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
OTL.Txt Extras.Txt The free version of Avast running on my pc thinks c:\windows\msisear.exe is bad and has quarantined it. Is it possible that I now have too many anti-virus/firewalls/anti-malware programs running? Malwarebytes (paid version) Windows (security & firewall) Avast (trial) Panda USB vaccine- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
c:\windows\msisear.exe is still present. The other files are not present. The PC is running very slowly (it was doing this before the virus attack) I am about to back up my files to an external hard drive. Where shall I look now for suggestions on cleaning up the system and speeding things up? Thank you.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
I have sent a donation through PayPal. Thank you very much for your help. I'm sorry I can't afford to send you a larger donation. My sincerest thanks.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
Thank you, Mr. C. unhide.txt- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
And the F-Drive: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.27.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 shae :: DRAGONLADY [administrator] Protection: Disabled 11/27/2012 11:10:39 PM mbam-log-2012-11-27 (23-10-39).txt Scan type: Full scan (F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243890 Time elapsed: 11 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
ComboFix 12-11-27.01 - shae 11/27/2012 22:50:30.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1010 [GMT -8:00] Running from: c:\documents and settings\shae\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\shae\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\msisear.exe" "c:\windows\system32\drivers\53419241.sys" "c:\windows\system32\drivers\69148762.sys" "c:\windows\system32\drivers\78844860.sys" . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))) . . 2012-11-27 05:12 . 2012-11-27 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2012-11-27 05:12 . 2012-11-27 05:12 -------- d-----w- C:\Panda USB Vaccine 2012-11-27 05:04 . 2012-11-27 05:04 -------- d-----w- c:\windows\system32\KB905474 2012-11-24 04:27 . 2012-11-24 04:27 -------- d-----w- C:\CCE_Quarantine 2012-11-22 21:56 . 2012-11-22 21:56 307712 ----a-w- c:\windows\msisear.exe 2012-11-22 20:33 . 2012-11-22 20:33 177496 ----a-w- c:\windows\system32\drivers\53419241.sys 2012-11-22 20:21 . 2012-11-22 20:21 177496 ----a-w- c:\windows\system32\drivers\69148762.sys 2012-11-22 19:44 . 2012-11-22 19:44 177496 ----a-w- c:\windows\system32\drivers\78844860.sys 2012-11-20 16:56 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-20 16:56 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-20 16:56 . 2012-10-30 23:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-11-20 16:55 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-11-20 16:55 . 2012-10-30 23:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-11-20 16:55 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-20 16:55 . 2012-10-30 23:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-11-20 16:55 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-20 16:55 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-11-20 16:55 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-11-20 16:55 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-11-20 16:52 . 2012-09-21 09:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-11-20 16:52 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-20 16:52 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\program files\AVAST Software 2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-11-16 08:30 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 08:30 . 2012-11-16 08:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 06:14 . 2012-11-16 06:14 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2012-10-30 09:09 . 2012-11-08 00:01 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 05:14 . 2012-07-11 03:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-16 05:14 . 2011-06-05 12:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-22 08:37 . 2008-05-03 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-05-03 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-06-05 06:18 . 2012-06-05 06:07 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe 2003-08-27 14:19 . 2009-02-25 08:36 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648] "EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] c:\docume~1\ADMINI~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 17:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series (Copy 1)] 2003-05-27 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2C1.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-10-19 08:59 126976 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2004-04-13 22:36 1470464 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 ----a-r- c:\windows\SM1bg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 14:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [11/20/2012 8:52 AM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [11/20/2012 8:55 AM 199320] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11/20/2012 8:56 AM 106560] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11/20/2012 8:55 AM 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/20/2012 8:55 AM 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/20/2012 8:56 AM 361032] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/20/2012 8:56 AM 21256] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [11/20/2012 8:52 AM 133912] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 12:30 AM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 12:30 AM 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 12:30 AM 22856] S1 MpKslb2b6002e;MpKslb2b6002e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E21659E5-641D-4A14-B42A-8F6FED3420D6}\MpKslb2b6002e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E21659E5-641D-4A14-B42A-8F6FED3420D6}\MpKslb2b6002e.sys [?] S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [9/27/2011 5:47 PM 167936] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [9/27/2011 5:47 PM 264576] S3 SASENUM;SASENUM;\??\c:\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> C:c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 11:34] . 2012-11-27 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-20 23:50] . 2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004Core.job - c:\documents and settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-24 14:09] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004UA.job - c:\documents and settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-24 14:09] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 06:15] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 06:15] . 2012-11-27 c:\windows\Tasks\PandaUSBVaccine.job - c:\panda usb vaccine\RunInteractiveWin.exe [2012-11-27 00:45] . 2012-11-27 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-11-27 06:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-27 23:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3512) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-11-27 23:03:49 ComboFix-quarantined-files.txt 2012-11-28 07:03 ComboFix2.txt 2012-11-27 07:03 ComboFix3.txt 2012-11-25 05:56 ComboFix4.txt 2011-10-01 23:17 . Pre-Run: 9,311,186,944 bytes free Post-Run: 9,300,705,280 bytes free . - - End Of File - - 11E2A8D803E08C949A9E7B5D73E316BC- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
DOH! I forgot... there is a second hard drive in this computer, the F-Drive. From the logs generated concerning the threats found on this PC, can you tell whether or not the F-drive was affected? Has it been scanned and were threats contained/removed? Most programs are hidden. Right now I can access files and photos on the C-Drive (in a round-about way), but the ones on the F-Drive are still hidden. Thanks!- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with:
-
Novice needs Help - TDSS Rootkit
Uisna88 replied to Uisna88's topic in Resolved Malware Removal Logs
ComboFix.txt The thumb drive is benign and has been inoculated.- 45 replies
-
- SmartHDD
- getting worse
-
(and 2 more)
Tagged with: