Jump to content

Jaguar2090

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jaguar2090

  • Rank
    New Member
  1. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=84f767024b7ba341a1965fbccc29690b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-08 04:04:37 # local_time=2012-07-08 12:04:37 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 0 93303131 0 0
  2. ComboFix 12-07-14.01 - Home 07/14/2012 19:25:25.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3007.2296 [GMT -4:00] Running from: c:\users\Home\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Home\AppData\Local\TempDIR c:\users\Home\WINDOWS c:\users\Tomi\WINDOWS D:\Autorun.inf . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restore
  3. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Run\\XSECVA deleted successfully. C:\Users\Home\AppData\Roaming\xsecva\xsecva.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2064379631-886947475-513485053-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pnipo deleted successfully. C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\00000008.@ moved successfully. C:\Windows\Installer\{30beea25-5fb3-e2a2-857a-532aed82542e}\U\80000000.@ moved successfully. C:\Win
  4. OTL logfile created on: 7/10/2012 9:20:23 PM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Home\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 78.86% Memory free 5.36 Gb Paging File | 4.66 Gb Available in Paging File | 87.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %Program
  5. MBAM Log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-PC [administrator] 7/10/2012 9:08:28 PM mbam-log-2012-07-10 (21-08-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235494 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detecte
  6. Thanks for helping! In TDSSKiller, Cure was NOT an option given to me, so I skipped. Here is the log for TDSS: 21:00:32.0126 3140 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 21:00:32.0145 3140 ============================================================ 21:00:32.0145 3140 Current date / time: 2012/07/10 21:00:32.0145 21:00:32.0145 3140 SystemInfo: 21:00:32.0145 3140 21:00:32.0145 3140 OS Version: 6.1.7601 ServicePack: 1.0 21:00:32.0145 3140 Product type: Workstation 21:00:32.0145 3140 ComputerName: HOME-PC 21:00:32.0146 3140 UserName: Home 21:00:32.0146
  7. I'll paste the DDS log here to make the post more readable: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Home at 23:38:30 on 2012-07-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3007.1719 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\
  8. Hi everyone, My computer was recently infected with a virus, which, when I scanned it with MalwareBytes Free, brought up about 10 infections. I quarantined and removed them using MBAM, but "BCMiner" and "Sirefef" still remain. The biggest problem that is visible to me is random browser redirects, but there are probably other things going on beneath the surface. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.