Search:

OK all done.....evrything appears to be running well & no sing of threats or notifications.

Thankyou so much for your advice & patience, it is very much appreciated!

Did it all .........& no more pop ups.

i reckon you've fixed it & if so your a champion &n cant think you enough for your help.

(i'll keep an eye on it & let you know if anything pops up)

None are present, this file is close but not the actual one

clipsrv.exe (not dll as in log)

Any more ideas?

Ran it again & comes up clean......but as soon as i run it "Threat detected" warning pop up

Heres on

filename - c;\windows\system32\roxliveshare9.dll
theat name - Unknown
when i clikc on...

Thats wierd...ran the scan & it was clear.

I'll reboot & do again

haha it for my sons wii which I'm trying to mod!!

I'll do that now & let you know how I go

Did that & soon as it rebooted it came up 3 threat detected warnings

File NAme - c:\windows\system32\defrag32.dll
Threat Name - IDP.Trojan.1C8D1A13
(The options are move to vault or allow)
...

Im not sure that it finished & it came up with the following;

Microsoft Visual C++ Runtime Library
Program: C\Documents and settings\cameron\desktop\systemlook.exe

This application has...

Righto it came up with another alert & it says multiple threat detection;

This is where these are saved;
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408

The...

FYI........other than these keep popping up, pc appears to be running fine

No (but I'm not sure where to look either?)

OTL logfile created on: 29/04/2012 10:47:55 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3...

OTL logfile created on: 29/04/2012 10:21:31 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3...

This is what avg is detecting

File name c\windows\system32\snapman380.dll
Threat name idp.trojan.1c8d1a13

Ok heres the file. FYI when i enabled AVG agin 5 alerts popped up (i didnt run a scan)


C:\Documents and Settings\Cameron\Local Settings\Application...

OK ran it, when pc rebooted this opened in notepad
04292012_124540.log (cant find otl fix log?) Hope this is what your after?

All processes killed
========== SERVICES/DRIVERS ==========...

ComboFix 12-04-26.01 - Cameron 29/04/2012 8:52.6.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and...

ComboFix 12-04-26.01 - Cameron 28/04/2012 9:02.4.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and...

Sorry about that. I'm at work, will do when I get home in couple hours

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cameron :: B03F21AE66BF49C...

2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ZuneWlanCfgSvc.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,670...

Ok I'm not running AVG, when i disabled it earlier it does if form 15 mins so Im assuming it just starts again (not sure.?)

These are the warnings that popped up;
File name...

Spoke to soon, AVG threat detection warnings now popping up again

Ok, up & about (I'm in Western Australia) & did what you told me.

Heres the log. You asked hows the computer & seems OK but not sure what I'm looking for. Should I'm run an AVG scan? (FYI No AVG...

I just went & checked the other folder that you told me to check & found the correct 1 (not sure what the last 1 I posted means?)

Pretty sure this is the correct one now.



2012-04-27...

Ok. Back home form work & ran it again & just left it alone for half an hour. Came back & log.txt was opened & Im assuming this is the correct file (I hope so & sorry if its not.


ComboFix...

Hope I haven't stuffed it up. I ended up closing the window as nothing happened for nearly 25 mins.

I had to restart the pc but cant find the combofix.txt file (did search on c drive but nothing...

Hi there its taken a long time but finally gone thoguh to the following;
System file is infected!! Attempting to restore
"C:WINDOWS\system32\drivers\cdrom.sys"
Suceesfully restored:)


It's now...

OTL logfile created on: 27/04/2012 12:33:30 AM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3...

Ok found it


22:21:28.0859 5048 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:21:29.0687 5048 ============================================================
22:21:29.0687...

Ok im now confused...ive ran then TDSSkiller 3 times but it hasn't left OTL fix log or the TDSSK log

What am I doing wrong?? I've double checked the steps & Im pretty sure I've done it...

Ok pretty sure this is what you asked for?

========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Error: No service named .avgtdix was found to stop!
Service\Driver key .avgtdix...

aha didnt think of that.......I think I've atached it OK, if not I'll try again.
FYI I'm now at work so cant do too much more until I get home this evening.

When I try & submit the OTL file its saying that its 87377 characters & I need to shorten to 64000.

Any Suggestions how i can do this?

OTL Extras logfile created on: 26/04/2012 7:41:25 AM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3...

Ran it again, went through but it didn't make me reboot (I guess this is still OK)
FYI AVG warnings still popping up with threats detected.......anyway here is the file


06:48:20.0125 57244 TDSS...

Yep I'm back on the internet & sending this form my pc.

Heres the TDSSKiller log;

You guys are legends!!


21:16:27.0828 1836 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43...

G'day mate heres the FSS.txt log. Thanks for your help

Farbar Service Scanner Version: 24-04-2012
Ran by Cameron (administrator) on 25-04-2012 at 17:34:57
Running from "H:\"
Microsoft Windows...

G'day mate yeh I have a wireles connection at home & have an old notebook that that I am using to post. I'll do what you said but hope it doesn't matter that I can't get an Internet connection on my...

G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.

First can I say before I found your site & had...

Oh ok mate Soory about that, as I said I'm new. I'll go & try it now

Thanks for your help

http://forums.spybot.info/showthread.php?t=65762

G'day Guys I'm new here & not a techo & came across an old thread when i googled to find an answer to this virus.

My 7 year old son mainly uses our pc for playing games & printing out coloring in...