Hi
This is the flashdrive infection I mentioned :-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6e7aba-4783-11dc-891b-0014a5723710}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
sxs.exe -> Trojan.QQPass.ln
It normaly results in the appearance of a chinese infection ...
I would have expected to see a lot more malware files in the logs you posted, if you undeed had this infection ... the sxs.exe file will be on the flashdrive, not your harddrive ...
I want you to run AVG Anti-Spyware ... if you have any of the infected files, this program will delete them ... if anything is found, I'll get you to run another program as well to immunise against this infection ...
make sure your flashdrive is plugged in when you run the scan
Download and install the 30 day trial of AVG Anti-Spyware from HERE :-
http://www.ewido.net/en/download/
1. Download it to your desktop
2. Doubleclick the AVG Anti-Spyware icon to start the AVG Anti-Spyware setup process...
3. update the definition files....
Click the Update icon then select the Update now link...
Select the Start Update button, the update will start and a progress bar will show the updates being installed.
4. select the Scanner icon at the top of the screen, then select the Settings tab
click on Recommended actions and then select Quarantine
5. Under Reports...
Select Automatically generate report after every scan
Un-Select Only if threats were found
6. Close AVG Anti-Spyware > Do not run the scan yet.
Boot your computer into Safemode
1. Go to Start> Shut Off your Computer> Restart
2. As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
3. Use the Up and Down Arrow Keys to scroll up to SAFEMODE
4. Then press the Enter on your Keyboard
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process
1. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
2. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
3. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
4. Once the scan is complete do the following:
5. If you have any infections you will prompted, then select Apply all actions
6. Next select the Reports icon at the top.
7. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
8. make sure to remember where you saved that file, this is important
9. Close AVG Anti-Spyware
10. Copy & paste the AVG Anti-Spyware report in your next post
-
YES ... enable Tea Timer
You can keep Adaware and update & run a scan with it every so often...
You can also keep SUPERAntiSpyware, update and run occasionaly...
You can delete Smitfraudfix, Sophos Anti-Rootkit, & combofix when we are finished ... but leave Combofix for now we will probably use it to remove the flashdrive malware regidtry key.
Have a look here :-
So how did I get infected in the first place? for ways to protect yourself by TonyKlein :-
http://forums.spybot.info/showthread.php?t=279
steam