At least, I thought I did - sorry!
At least, I thought I did - sorry!
Hi spetrarca,
Please rerun TDSSKiller. When you are present with these lines:
use the drop down menu and select delete.13:27:01.0333 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:27:01.0333 4752 \Device\Harddisk0\DR0 - detected TDSS File System (1)
Next
Please follow all previous instructions regarding security programs.
Open a new Notepad session
- Click the Start button, click run
- in the run box type notepad
- click ok
- In the notepad, Click "Format" and be certain that Word Wrap is not checked.
- Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
In the notepadCode:KillAll:: RootKit:: c:\windows\svchost.exe
- Click File, Save as..., and set the Save in to your Desktop
- In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
- Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Please post the TDSSKiller log and the combofix log.
How's the computer?
Member of UNITE and ASAP
Here's the logs - seems to be running pretty smooth so far!!
Hi spetrarca,
We seem to have a file that just won't go away.
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Member of UNITE and ASAP
Just letting you know I haven't abandoned the thread - been an exceptionally busy couple of days. I should have the updated logs later this afternoon. Thanks!
Hi spetrarca,
Member of UNITE and ASAP
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 12:24:25
-----------------------------
12:24:25.731 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:25.731 Number of processors: 2 586 0x100
12:24:25.731 ComputerName: ROB-PC UserName: Rob
12:24:29.865 Initialize success
19:46:58.741 AVAST engine defs: 12050101
19:49:23.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
19:49:23.261 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
19:49:23.276 Disk 0 MBR read successfully
19:49:23.292 Disk 0 MBR scan
19:49:23.354 Disk 0 Windows VISTA default MBR code
19:49:23.370 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:49:23.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
19:49:23.448 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
19:49:23.510 Disk 0 scanning C:\windows\system32\drivers
19:49:37.977 Service scanning
19:50:39.994 Modules scanning
19:50:40.010 Disk 0 trace - called modules:
19:50:40.026
19:50:41.679 AVAST engine scan C:\windows
19:50:47.248 AVAST engine scan C:\windows\system32
19:54:55.808 AVAST engine scan C:\windows\system32\drivers
19:55:20.023 AVAST engine scan C:\Users\Rob
19:57:50.379 AVAST engine scan C:\ProgramData
19:59:03.845 Scan finished successfully
20:08:20.024 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:20.040 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 12:24:25
-----------------------------
12:24:25.731 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:25.731 Number of processors: 2 586 0x100
12:24:25.731 ComputerName: ROB-PC UserName: Rob
12:24:29.865 Initialize success
19:46:58.741 AVAST engine defs: 12050101
19:49:23.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
19:49:23.261 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
19:49:23.276 Disk 0 MBR read successfully
19:49:23.292 Disk 0 MBR scan
19:49:23.354 Disk 0 Windows VISTA default MBR code
19:49:23.370 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:49:23.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
19:49:23.448 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
19:49:23.510 Disk 0 scanning C:\windows\system32\drivers
19:49:37.977 Service scanning
19:50:39.994 Modules scanning
19:50:40.010 Disk 0 trace - called modules:
19:50:40.026
19:50:41.679 AVAST engine scan C:\windows
19:50:47.248 AVAST engine scan C:\windows\system32
19:54:55.808 AVAST engine scan C:\windows\system32\drivers
19:55:20.023 AVAST engine scan C:\Users\Rob
19:57:50.379 AVAST engine scan C:\ProgramData
19:59:03.845 Scan finished successfully
20:08:20.024 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:20.040 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
20:08:54.110 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:54.126 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"