Jump to content

Syndrome

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by Syndrome

    Trojan.TDSS

    in Resolved Malware Removal Logs

    Posted

    I uninstalled it as you instructed. I also rebooted and checked a couple things; disk de-fragmenter is now actually starting, and running a scan with MBAM (aborting it after the period where it usually picked up the problems) revealed nothing.

    Everything seems to be in order now (to my knowledge, at any rate), thanks very much for the help. :(

    Trojan.TDSS

    in Resolved Malware Removal Logs

    Posted

    Alright, thanks, here's the log:

    ComboFix 09-08-10.01 - Owner 08/10/2009 17:16.1.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.469 [GMT -4:00]

    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ?

    c:\recycler\S-1-5-21-3286318163-864645977-3896978577-500

    c:\windows\system32\Cache

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_hjgruioijirkcx

    -------\Legacy_hjgruioijirkcx

    ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))

    .

    2009-08-09 07:28 . 2009-08-09 07:28 -------- d--h--w- c:\windows\system32\GroupPolicy

    2009-08-09 06:28 . 2009-08-09 06:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

    2009-08-09 03:47 . 2009-08-09 03:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes

    2009-08-08 05:29 . 2009-08-08 05:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

    2009-08-08 05:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-08-08 05:29 . 2009-08-08 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-08-08 05:29 . 2009-08-08 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-08-08 05:29 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-08-08 03:33 . 2009-08-08 03:38 -------- d-----w- c:\documents and settings\Owner\.jnlp-applet

    2009-08-05 21:09 . 2009-08-05 21:09 -------- d-----w- c:\program files\MSSOAP

    2009-08-05 21:09 . 2009-08-05 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

    2009-08-05 21:09 . 2009-08-05 21:09 -------- d-----w- c:\program files\Webroot

    2009-08-05 21:09 . 2009-08-05 21:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot

    2009-08-05 21:09 . 2009-05-13 19:39 1563008 ----a-w- c:\windows\WRSetup.dll

    2009-08-05 21:07 . 2009-08-05 21:07 164 ----a-w- c:\windows\install.dat

    2009-08-05 20:44 . 2009-04-28 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe

    2009-08-05 20:36 . 2009-08-05 20:36 -------- d-----w- C:\cabs

    2009-08-05 20:28 . 2009-08-05 20:28 -------- d-----w- C:\NVIDIA

    2009-08-05 20:05 . 2009-08-05 20:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters

    2009-08-05 20:04 . 2009-08-05 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

    2009-08-05 20:04 . 2009-08-05 20:04 -------- d-----w- c:\program files\PC Drivers HeadQuarters

    2009-08-05 04:19 . 2009-08-05 04:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero

    2009-08-05 04:17 . 2009-08-05 04:18 -------- d-----w- c:\program files\Nero

    2009-08-05 04:17 . 2009-08-05 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

    2009-08-05 04:16 . 2009-08-05 04:18 -------- d-----w- c:\program files\Common Files\Nero

    2009-08-04 03:17 . 2009-08-04 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Participatory Culture Foundation

    2009-07-23 02:37 . 2009-07-23 02:37 8854 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

    2009-07-23 02:37 . 2009-07-23 02:37 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

    2009-07-23 02:37 . 2009-07-23 02:37 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

    2009-07-23 02:37 . 2009-07-25 07:37 -------- d-----w- c:\program files\Project64 1.6

    2009-07-21 05:23 . 2009-07-21 05:23 -------- d-----w- c:\program files\mlt

    2009-07-21 05:23 . 2009-07-21 05:23 -------- d-----w- c:\program files\gtk2

    2009-07-21 05:22 . 2009-07-21 05:22 86016 ----a-w- c:\windows\system32\OpenAL32.dll

    2009-07-21 05:22 . 2009-07-21 05:22 262144 ----a-w- c:\windows\system32\wrap_oal.dll

    2009-07-21 05:22 . 2009-07-21 05:22 -------- d-----w- c:\program files\OpenLibraries

    2009-07-19 05:16 . 2009-07-19 05:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Sibelius Software

    2009-07-19 05:14 . 2009-07-19 05:14 -------- d-----w- c:\program files\Sibelius Software

    2009-07-19 00:43 . 2009-07-19 00:43 -------- d-----w- c:\program files\Family Games

    2009-07-17 13:28 . 2009-07-13 23:42 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys

    2009-07-17 13:28 . 2009-07-13 23:41 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll

    2009-07-17 13:28 . 2009-07-13 23:41 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe

    2009-07-17 13:28 . 2009-07-13 23:41 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll

    2009-07-17 13:28 . 2009-07-13 23:42 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe

    2009-07-13 23:42 . 2009-07-13 23:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

    2009-07-13 23:42 . 2009-07-13 23:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

    2009-07-13 23:42 . 2009-08-10 12:41 -------- d-----w- c:\windows\system32\drivers\Avg

    2009-07-13 23:41 . 2009-07-13 23:41 -------- d-----w- c:\program files\AVG

    2009-07-13 23:41 . 2009-07-13 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

    2009-07-13 21:22 . 2009-07-13 21:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

    2009-07-12 05:20 . 2009-07-12 05:22 -------- d-----w- c:\program files\Musical Instrument Simulator_Mapper

    2009-07-12 05:19 . 2009-07-12 05:19 73216 ----a-w- c:\windows\ST6UNST.EXE

    2009-07-12 05:19 . 2009-07-12 05:19 249856 ------w- c:\windows\Setup1.exe

    2009-07-12 04:07 . 2009-07-12 04:07 -------- d-----w- c:\program files\NoteAttack

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-08-05 20:46 . 2008-09-12 03:43 -------- d-----w- c:\program files\ATI Technologies

    2009-08-05 05:55 . 2006-12-09 04:50 -------- d-----w- c:\program files\LucasArts

    2009-07-21 05:24 . 2006-08-19 07:51 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-07-19 05:16 . 2006-06-19 04:25 59704 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-07-17 13:28 . 2009-07-13 23:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    2009-07-14 12:31 . 2009-07-14 12:31 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

    2009-07-13 23:42 . 2009-07-13 23:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    2009-07-13 23:42 . 2009-07-17 13:28 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll

    2009-07-13 23:42 . 2009-07-17 13:28 1107224 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll

    2009-07-13 23:41 . 2009-07-17 13:28 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll

    2009-07-13 23:41 . 2009-07-17 13:28 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll

    2009-07-13 23:41 . 2009-07-17 13:28 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll

    2009-07-13 23:41 . 2009-07-17 13:27 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

    2009-07-13 23:41 . 2009-07-17 13:27 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

    2009-07-06 14:50 . 2006-12-12 13:53 1 ----a-w- c:\windows\system32\ai2drv.dat

    2009-07-06 03:34 . 2009-07-06 03:04 -------- d-----w- c:\program files\Audacity

    2009-07-05 22:49 . 2006-08-19 07:50 -------- d-----w- c:\program files\Google

    2009-07-05 22:44 . 2009-07-05 21:19 -------- d-----w- c:\program files\a-squared Free

    2009-07-05 20:11 . 2008-12-25 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    2009-07-05 19:41 . 2006-08-19 08:04 -------- d-----w- c:\program files\BigFix

    2009-07-05 19:04 . 2007-04-03 20:08 -------- d-----w- c:\program files\wings3d_0.98.36

    2009-07-01 04:21 . 2009-07-01 04:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Software

    2009-07-01 04:21 . 2009-07-01 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

    2009-07-01 04:21 . 2008-11-27 15:54 -------- d-----w- c:\program files\NCH Software

    2009-06-27 22:34 . 2008-06-13 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla

    2009-06-19 21:57 . 2008-12-21 08:19 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-06-19 21:52 . 2008-12-25 19:09 -------- d-----w- c:\program files\iTunes

    2009-06-13 05:16 . 2008-07-04 05:25 6426 -c--a-w- c:\program files\config.xml

    2009-06-13 05:16 . 2008-07-04 05:48 1387 -c--a-w- c:\program files\session.xml

    2009-06-13 05:16 . 2008-06-14 20:21 1854 -c--a-w- c:\program files\shortcuts.xml

    2009-06-13 00:39 . 2008-07-04 04:10 -------- d-----w- c:\program files\Python

    2009-06-13 13:29 . 2009-06-13 13:29 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

    2009-06-13 13:29 . 2009-06-13 13:29 184208 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

    2009-06-13 13:29 . 2009-06-13 13:29 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

    2009-06-18 17:16 . 2009-06-18 17:16 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

    2009-06-18 17:36 . 2009-06-18 17:36 108272 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

    @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

    2009-05-13 19:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Power2GoExpress"="NA" [X]

    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 169984]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-19 26112]

    "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-13 1948440]

    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]

    "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    OZ_ZQ-590A Synchronization Software.lnk - c:\program files\SHARP\OZ_ZQ-590A\sync.exe [2008-5-26 655360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

    2009-07-13 23:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    "c:\\WINDOWS\\ehome\\ehtray.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]

    R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [12/12/2006 9:53 AM 7296]

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/13/2009 7:42 PM 335752]

    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/13/2009 7:42 PM 108552]

    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/13/2009 7:41 PM 298776]

    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [8/5/2009 5:10 PM 1205760]

    S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\Owner\LOCALS~1\Temp\{1735AD57-FD6E-4EB5-A276-56C2574D6412}\atiicdxx.sys --> c:\docume~1\Owner\LOCALS~1\Temp\{1735AD57-FD6E-4EB5-A276-56C2574D6412}\atiicdxx.sys [?]

    S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Owner\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Owner\LOCALS~1\Temp\gUSBSTOi.sys [?]

    S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\drivers\SPCP825K.sys [5/26/2008 12:10 PM 26624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-08-05 c:\windows\Tasks\wrSpySweeper_L7FFC7E3E51B3445AB8684918603AF41C.job

    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-05 19:40]

    2009-08-05 c:\windows\Tasks\wrSpySweeper_L7FFC7E3E51B3445AB8684918603AF41C.job

    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-05 19:40]

    .

    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Rosary Reminder - c:\program files\Virtual Rosary\reminder.exe

    HKLM-Run-13274214 - c:\documents and settings\All Users\Application Data\13274214\13274214.exe

    Notify-urqNGxVo - urqNGxVo.dll

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5212

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\etw0f58j.default\

    FF - prefs.js: browser.startup.homepage - hxxp://google.com/

    FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\etw0f58j.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll

    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll

    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-08-10 17:21

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(636)

    c:\windows\system32\Ati2evxx.dll

    .

    Completion time: 2009-08-10 17:23

    ComboFix-quarantined-files.txt 2009-08-10 21:23

    Pre-Run: 169,494,208,512 bytes free

    Post-Run: 169,958,285,312 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    238 --- E O F --- 2009-06-11 07:11

    Trojan.TDSS

    in Resolved Malware Removal Logs

    Posted

    I used the program and there were 11 infections, but it only seems to have properly removed 9.

    This is my original log file from after the first scan:

    Malwarebytes' Anti-Malware 1.40

    Database version: 2577

    Windows 5.1.2600 Service Pack 2

    8/8/2009 2:18:34 AM

    mbam-log-2009-08-08 (02-18-34).txt

    Scan type: Full Scan (C:\|D:\|H:\|)

    Objects scanned: 218363

    Time elapsed: 45 minute(s), 40 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 9

    Registry Values Infected: 0

    Registry Data Items Infected: 2

    Folders Infected: 1

    Files Infected: 3

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    \\?\globalroot\systemroot\system32\hjgruieekjljyq.dll (Trojan.TDSS) -> Delete on reboot.

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:

    C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:

    \\?\globalroot\systemroot\system32\hjgruieekjljyq.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

    -----

    And this is my log file after I, being suspicious because I still couldn't start disk de-fragmenter, scanned again:

    Malwarebytes' Anti-Malware 1.40

    Database version: 2577

    Windows 5.1.2600 Service Pack 2

    8/8/2009 3:08:30 AM

    mbam-log-2009-08-08 (03-08-30).txt

    Scan type: Full Scan (C:\|D:\|H:\|)

    Objects scanned: 4218

    Time elapsed: 8 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    \\?\globalroot\systemroot\system32\hjgruieekjljyq.dll (Trojan.TDSS) -> Delete on reboot.

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    \\?\globalroot\systemroot\system32\hjgruieekjljyq.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

    Despite what it says about being successfully removed, the 2 files in the second scan are still appearing, even though they're quarantined (supposedly).

    Help would be very much appreciated.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.