Jump to content

Elmer Rivera

Members
  • Content Count

    24
  • Joined

  • Last visited

About Elmer Rivera

  • Rank
    Member

Previous Fields

  • System Specifications:
    OS Name Microsoft Windows 7 Home Premium Version 6.1.7601 Service Pack 1 Build 7601 System Manufacturer Hewlett-Packard System Model HP G62 Notebook PC System Type x64-based PC Processor AMD Athlon(tm) II P340 Dual-Core Processor, 2200 Mhz, 2 Core(s), 2 Logical Processor(s) BIOS Version/Date Hewlett-Packard F.17, 11/7/2010 SMBIOS Version 2.6
  1. windows firewall seems to be working it's activated. is there anything else you need me to do after i deleted the tdsskiller folder and the .exe file?
  2. The machine is working fine now. what can i delete now that we have done all this? files you had me download
  3. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Elmer at 14:50:53 on 2012-11-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1161 [GMT -8:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaun
  4. C:TDSSKiller_Quarantine15.10.2012_21.37.25mbr0000tdlfs0000tsk0001.dta Win64/Olmarik.AK trojan C:TDSSKiller_Quarantine15.10.2012_21.37.25mbr0000tdlfs0000tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:TDSSKiller_Quarantine27.11.2012_07.19.07tdlfs0000tsk0001.dta Win64/Olmarik.AK trojan C:TDSSKiller_Quarantine27.11.2012_07.19.07tdlfs0000tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:UsersElmerDownloadsjZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application
  5. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.29.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Elmer :: ELMER-HP [administrator] Protection: Enabled 11/29/2012 11:39:51 AM mbam-log-2012-11-29 (11-39-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223275 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious
  6. ComboFix 12-11-27.01 - Elmer 11/27/2012 7:30.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1429 [GMT -8:00] Running from: c:usersElmerDesktopComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowssvchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 ))))))))))))))))))))))))))))))) . . 2012-11-27 05:22 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C8F35E6A-8348-4652-
  7. I ran the combo fix. it produced a log, but when i tried to go into my google chrome or internet explorer to reply i was not able to. It gave me an error message saying they were deleted. i restarted my computer and it worked fine. I was not able to save the combofix log. i dont want to run it again. please advise on what to do next. thank you very much
  8. Common FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE 07:19:44.0033 3740 osppsvc - ok 07:19:44.0079 3740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:Windowssystem32pnrpsvc.dll 07:19:44.0079 3740 p2pimsvc - ok 07:19:44.0111 3740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:Windowssystem32p2psvc.dll 07:19:44.0111 3740 p2psvc - ok 07:19:44.0142 3740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:Windowssystem32DRIVERSparport.sys 07:19:44.0142 3740 Parport - ok 07:19:44.0173 3740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr
  9. 07:19:06.0897 0968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 07:19:07.0583 0968 ============================================================ 07:19:07.0583 0968 Current date / time: 2012/11/27 07:19:07.0583 07:19:07.0583 0968 SystemInfo: 07:19:07.0583 0968 07:19:07.0583 0968 OS Version: 6.1.7601 ServicePack: 1.0 07:19:07.0583 0968 Product type: Workstation 07:19:07.0583 0968 ComputerName: ELMER-HP 07:19:07.0583 0968 UserName: Elmer 07:19:07.0583 0968 Windows directory: C:Windows 07:19:07.0583 0968 System windows directory: C:Windows 07:19:07.0583
  10. i copied the report but it didnt all fit on the first reply
  11. 22:10:11.0014 5576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:WindowsSystem32wcncsvc.dll 22:10:11.0023 5576 wcncsvc - ok 22:10:11.0045 5576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:WindowsSystem32WcsPlugInService.dll 22:10:11.0048 5576 WcsPlugInService - ok 22:10:11.0081 5576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:Windowssystem32DRIVERSwd.sys 22:10:11.0083 5576 Wd - ok 22:10:11.0136 5576 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:Windowssystem32driversWdf01000.sys 22:10:11.0150 5576 Wdf01000 - ok 22:10:11.0172 5576
  12. 22:09:06.0448 2764 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 22:09:08.0457 2764 ============================================================ 22:09:08.0458 2764 Current date / time: 2012/11/26 22:09:08.0457 22:09:08.0458 2764 SystemInfo: 22:09:08.0458 2764 22:09:08.0458 2764 OS Version: 6.1.7601 ServicePack: 1.0 22:09:08.0458 2764 Product type: Workstation 22:09:08.0458 2764 ComputerName: ELMER-HP 22:09:08.0464 2764 UserName: Elmer 22:09:08.0465 2764 Windows directory: C:Windows 22:09:08.0465 2764 System windows directory: C:Windows 22:09:08.0466
  13. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-25 17:44:15 ----------------------------- 17:44:15.931 OS Version: Windows x64 6.1.7601 Service Pack 1 17:44:15.932 Number of processors: 2 586 0x603 17:44:15.933 ComputerName: ELMER-HP UserName: Elmer 17:44:18.376 Initialize success 17:48:04.651 AVAST engine defs: 12112501 17:48:36.620 Disk 0 (boot) DeviceHarddisk0DR0 -> Device00000059 17:48:36.625 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 11 17:48:36.642 Disk 0 MBR read successfully 17:48:36.645 Disk 0 MB
  14. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Elmer at 17:40:24 on 2012-11-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1123 [GMT -8:00] . . ============== Running Processes =============== . C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS c:Program FilesMicrosoft Security ClientMsMpEng.exe C:Windowssystem32atiesrxx.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowss
  15. Hello. I still do need help. I will try your first suggestion. I was out of town and wasnt able to reply.
×
×
  • Create New...