Jump to content

Change Mode

tieny

Members
  • Content Count

    28
  • Joined

  • Last visited

About tieny

  • Rank
    Member
  1. Hello, I recently clicked on a link, and a minute later I got this pop up, (looked like a regular error window) that stated I was infected with some trojan and I should download something to get rid of it. After the pop up, everytime I try to click a link on a google search enginem I get redirected to some other page. Also I've been signed out of all the websites I usually stay signed in on when I close internet explorer. (ex. facebook, etc) so it sounds suspicious. Should I include a hijackthis log and where can i get the latest version? thanks!
  2. ComboFix 11-12-02.02 - Tien Lam 12/03/2011 0:29.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1781 [GMT -5:00] Running from: c:usersTien LamDesktopComboFix.exe Command switches used :: c:usersTien LamDesktopCFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( File
  3. ComboFix 11-11-27.02 - Tien Lam 11/27/2011 22:50:17.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1680 [GMT -5:00] Running from: c:usersTien LamDesktopComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))
  4. OTL logfile created on: 11/24/2011 9:47:26 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersTien LamDesktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.84% Memory free 6.18 Gb Paging File | 4.99 Gb Available in Paging File | 80.79% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: |
  5. Yeah what logs should I include first for my laptop?
  6. All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found. Registry value HKEY_CURRENT_USERSoftwareMicrosof
  7. OTL logfile created on: 11/21/2011 10:47:11 AM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsershpDesktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.00 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 60.92% Memory free 10.21 Gb Paging File | 8.21 Gb Available in Paging File | 80.40% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C:
  8. Everything is running good All processes killed ========== OTL ========== C:UsershpAppDataLocal{C1C1796D-A8F2-43CF-A327-47FD7A5E743E} folder moved successfully. C:UsershpAppDataLocal{0A3512F7-34EF-4CC1-AB62-D242402392B7} folder moved successfully. C:UsershpAppDataLocal{05E10875-4D32-48DB-AA14-71EC3D50880C} folder moved successfully. C:UsershpAppDataLocal{5B17400F-0A6F-4C96-A58C-CC9733DF210C} folder moved successfully. C:UsershpAppDataLocal{C8BAEDAE-16CE-4D8D-AC01-9BB297554D98} folder moved successfully. C:UsershpAppDataLocal{62B399C4-7255-4236-8A18-5E6DDC8D3DF8} folder mo
  9. ComboFix 11-11-18.01 - hp 11/20/2011 19:37:30.4.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5117.2393 [GMT -5:00] Running from: c:usershpDesktopComboFix.exe Command switches used :: c:usershpDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:program files (x86)AIMSysfilesWxBug.EXE" "c:usersDefaultAppDataRoaming
  10. C:Program Files (x86)AIMSysfilesWxBug.EXE Win32/Adware.WBug.A application C:QooboxQuarantine[4]-Submit_2011-11-17_21.06.38.zip a variant of Win32/Kryptik.VET trojan C:QooboxQuarantineCUsershpAppDataRoamingF406D44A88.exe.vir a variant of Win32/Kryptik.ABW trojan C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan C:UsersDefaultAppDataRoamingMicrosoftWindowsStart MenuProgramsStartUponuc.exe a variant of Win32/Kryptik.VET trojan C:UsershpAppDataLocalLowSunJavaDeploymentcache6.0192fd2a313-319494d6 a variant of Java/Agent.DW trojan C:UsershpAppDataLocalLowSunJavaDepl
  11. 20:15:57.0127 3412 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 20:15:57.0470 3412 ============================================================ 20:15:57.0470 3412 Current date / time: 2011/11/18 20:15:57.0470 20:15:57.0470 3412 SystemInfo: 20:15:57.0470 3412 20:15:57.0470 3412 OS Version: 6.0.6002 ServicePack: 2.0 20:15:57.0470 3412 Product type: Workstation 20:15:57.0470 3412 ComputerName: HP-PC 20:15:57.0470 3412 UserName: hp 20:15:57.0470 3412 Windows directory: C:Windows 20:15:57.0470 3412 System windows directory: C:Windows 20:15:57.0470 3412 Running under WOW64 2
  12. OTL logfile created on: 11/18/2011 11:33:49 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsershpDesktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.00 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 67.41% Memory free 10.21 Gb Paging File | 8.63 Gb Available in Paging File | 84.47% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C:
  13. ComboFix 11-11-18.01 - hp 11/18/2011 10:38:45.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5117.2986 [GMT -5:00] Running from: c:usershpDesktopComboFix.exe Command switches used :: c:usershpDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartu
  14. ComboFix 11-11-17.03 - hp 11/17/2011 21:07:06.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5117.3040 [GMT -5:00] Running from: c:usershpDesktopComboFix.exe Command switches used :: c:usershpDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))
  15. I'm sure I didn't change any proxies. http://www.virustotal.com/file-scan/report.html?id=cf1bfc30f2c819d8b674da86ed31533555c25f0b00ac637abdf4401dc923805c-1321540334 SystemLook 30.07.11 by jpshortstuff Log created at 09:46 on 17/11/2011 by hp Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems] "Debug"="" @="mnmsrvc" "Kmode"="SystemRootSystem32win32k.sys" "Optional"="Posix" "Posix"="%SystemRoot%system32psxss.exe" "Required"="Debug Windows" "Windows"="%SystemRoot%system32csrss.exe Ob
×
×
  • Create New...