Jump to content

dwt

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by dwt

    trojans, sirefef, small, rootkit.0access

    in Resolved Malware Removal Logs

    Posted

    not getting the popups saying malware detected and quaratined trojan.small etc. however on full scan there are items in a quarantine folder, should 'remove selected' be done on these?

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400

    www.malwarebytes.org

    Database version: v2012.06.20.07

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    PBSLLaptop8 :: DWTLAPTOP [administrator]

    Protection: Enabled

    20/06/2012 8:24:10 PM

    mbam-log-2012-06-20 (21-00-56).txt

    Scan type: Full scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 335961

    Time elapsed: 30 minute(s), 35 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 6

    C:\Qoobox\Quarantine\C\Users\PBSLLaptop8\AppData\Local\uztigowwm.exe.vir (Trojan.Agent.P3Xgen) -> No action taken.

    C:\Qoobox\Quarantine\C\Users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\n.vir (Trojan.Dropper.PE4) -> No action taken.

    C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\00000001.@.vir (Trojan.Small) -> No action taken.

    C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\80000000.@.vir (Trojan.Sirefef) -> No action taken.

    C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\800000cb.@.vir (Rootkit.0Access) -> No action taken.

    C:\Users\PBSLLaptop8\Desktop\RK_Quarantine\uztigowwm.exe.vir (Trojan.Agent.P3Xgen) -> No action taken.

    (end)

    trojans, sirefef, small, rootkit.0access

    in Resolved Malware Removal Logs

    Posted

    showing clean. log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400

    www.malwarebytes.org

    Database version: v2012.06.20.07

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    PBSLLaptop8 :: DWTLAPTOP [administrator]

    Protection: Enabled

    20/06/2012 7:06:54 PM

    mbam-log-2012-06-20 (19-06-54).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 227348

    Time elapsed: 2 minute(s), 29 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    trojans, sirefef, small, rootkit.0access

    in Resolved Malware Removal Logs

    Posted

    ok, thanks for you prompt and helpful replies on this. It's appreciated.

    log below from combofix:

    ComboFix 12-06-19.03 - PBSLLaptop8 20/06/2012 7:35.1.4 - x86

    Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3241.2174 [GMT -4:00]

    Running from: c:\users\PBSLLaptop8\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\Install.exe

    c:\users\PBSLLA~1\AppData\Local\Temp\{FBAFD646-00BF-44C6-A92F-70E6C4B4DD2F}\fpb.tmp

    c:\users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\@

    c:\users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\n

    c:\users\PBSLLaptop8\AppData\Local\Temp\{FBAFD646-00BF-44C6-A92F-70E6C4B4DD2F}\fpb.tmp

    c:\users\PBSLLaptop8\AppData\Local\uztigowwm.exe

    c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\@

    c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\00000001.@

    c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\80000000.@

    c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\800000cb.@

    c:\windows\system32\drivers\npf.sys

    c:\windows\system32\instsrv.exe

    .

    Infected copy of c:\windows\system32\services.exe was found and disinfected

    Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))

    .

    .

    2012-06-20 11:40 . 2012-06-20 11:41 -------- d-----w- c:\users\PBSLLaptop8\AppData\Local\temp

    2012-06-20 11:40 . 2012-06-20 11:40 -------- d-----w- c:\users\Guest\AppData\Local\temp

    2012-06-20 11:40 . 2012-06-20 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-06-18 17:36 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

    2012-06-18 17:36 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-18 17:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

    2012-06-18 17:36 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-06-18 17:36 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-06-18 17:36 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-06-18 17:36 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

    2012-06-18 17:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-18 17:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-18 17:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\users\PBSLLaptop8\AppData\Roaming\Malwarebytes

    2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\programdata\Malwarebytes

    2012-06-18 17:34 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-17 22:32 . 2012-06-18 21:30 -------- d-sh--w- c:\windows\system32\%APPDATA%

    2012-06-17 21:22 . 2012-06-18 21:30 -------- d-----w- c:\users\PBSLLaptop8\AppData\Local\{07FD7DE2-21C0-74E1-29D4-B26E08B4A542}

    2012-06-17 12:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BFC5903-4B89-4D1C-80EA-4378CFDDE435}\mpengine.dll

    2012-06-16 10:43 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-06-12 22:41 . 2012-02-11 10:44 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6209A929-BB0E-4E0E-9447-EDB82AC1FE58}\gapaengine.dll

    2012-06-03 15:28 . 2012-06-03 16:01 -------- d-----w- c:\users\PBSLLaptop8\AppData\Roaming\SmartDraw

    2012-06-03 15:27 . 2012-06-03 15:28 -------- d-----w- c:\program files\SmartDraw 2012

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-17 22:30 . 2012-03-28 23:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-06-17 22:30 . 2011-11-17 02:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-03-31 04:39 . 2012-05-09 22:29 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-03-31 04:39 . 2012-05-09 22:29 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-03-30 10:23 . 2012-05-09 22:29 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

    2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

    2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 5955072]

    "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]

    "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 6306712]

    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384]

    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

    "Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

    "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]

    .

    c:\users\PBSLLaptop8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-11-16 50688]

    .

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "DisableCAD"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

    2010-09-15 17:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    2;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

    R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]

    R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

    R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]

    R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 21504]

    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]

    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1343400]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]

    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]

    S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 1568664]

    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]

    S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

    S2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192]

    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]

    S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]

    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 44144]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]

    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

    S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]

    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440]

    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34789903-4041923258-2902432038-1000Core.job

    - c:\users\PBSLLaptop8\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 16:48]

    .

    2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34789903-4041923258-2902432038-1000UA.job

    - c:\users\PBSLLaptop8\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 16:48]

    .

    2012-06-20 c:\windows\Tasks\SDMsgUpdate (TE).job

    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-06-03 18:22]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.ca/

    uInternet Settings,ProxyOverride = *.local

    Trusted Zone: patene.com\vpn

    TCP: DhcpNameServer = 192.168.0.1

    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.patene.com/CACHE/stc/1/binaries/vpnweb.cab

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    SafeBoot-MsMpSvc

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'lsass.exe'(568)

    c:\windows\system32\wvauth.DLL

    .

    - - - - - - - > 'Explorer.exe'(5048)

    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\IDT\WDM\STacSV.exe

    c:\program files\Common Files\SPBA\upeksvr.exe

    c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE

    c:\windows\system32\WLANExt.exe

    c:\windows\system32\conhost.exe

    c:\program files\Dell\DW WLAN Card\bcmwltry.exe

    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\windows\system32\DRIVERS\o2flash.exe

    c:\windows\system32\SDIOAssist.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\windows\system32\taskhost.exe

    c:\windows\system32\conhost.exe

    c:\windows\system32\wbem\unsecapp.exe

    c:\windows\system32\DllHost.exe

    c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    c:\windows\system32\sppsvc.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\Common Files\Java\Java Update\jusched.exe

    .

    **************************************************************************

    .

    Completion time: 2012-06-20 07:43:44 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-06-20 11:43

    .

    Pre-Run: 214,120,140,800 bytes free

    Post-Run: 214,746,390,528 bytes free

    .

    - - End Of File - - 3D1CDF4853FEFFC201E688F9FED21A30

    trojans, sirefef, small, rootkit.0access

    in Resolved Malware Removal Logs

    Posted

    new here so forgive me if incorrect. recently had some virus issues, I run MSE, but it had been disabled, once i got it back up, system started shutting down every minute. after light research restored to a previous date and was able to get malwarebytes on, ran it found some threats, cleaned them with mb but they still re-gen.

    logs attached

    Attach.txt

    DDS.txt

    mbam-log-2012-06-18 (13-36-16).txt

    mbam-log-2012-06-18 (16-23-15).txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.