Logs for a Malware Expert

Thank you for taking the time to read this. I think the site is great.

About my problems … I believe they started back at the end of January but I cannot be 100% sure. There are three users and three computers on my home network and they share a readynas duo central storage drive. I am guessing they came from downloading music or videos files (I have since read your warnings and advice but that does not help me now).

Anyway I think all three computers became infected but I know it is one computer per post so I will only describe the problems of the one pc I am posting logs for but if you want to know more details about the others just ask. All computers have been disconnected from the internet & LAN for protection/fear of causing more problems. If you want me to connect one and rerun the read me first steps I happily will but I thought I should wait for you to tell me.

This pc began acting strangely like there is something running in the back ground but nothing is showing in task manager. It was becoming hard to do anything. Windows media player would play but the display was black – no picture. The desktop changed and the recycle bin is now in the bottom right hand corner. When I delete a file it does not go into the recycle bin (and may in fact not be deleting). When I try to access the properties it tells me they are unavailable even though I am the administrator. When it tried to run some tools it would say could not initialize or check to see if I have admin rights (and I am signed in as the administrator). When I clear the check boxes to show hidden files if I go back in they are checked again. When I tried to use SFC I get RPC server is unavailable. Have also seen messages like system admin has set policies to prevent this installation. Spy Sweeper is popping up messages like wmiadap.exe is attempting to delete wmiaprpl and svchost.exe is attempting to delete tcpip. Not sure if this is normal. Searchfilter.exe is appearing red in my process viewer.

I did my best to follow the read me first instructions. Had trouble uninstalling Java. It was no longer listed in add/remove programs but I could see folders for it still on the computer. Also had trouble installing updated Java (policies preventing error message) but was able to finally get it to work in safe mode. Hopefully everything is correct.

There was no button or option to empty my Norton 360 quarantine and I could not figure out how to do that.

I don’t think viewing of hidden files is staying enabled … but I could be wrong.

Well here are my log files please let me know what you think and if you need me to redo any steps. Your help is very much appreciated. Thank you!

 

Final Log

 

Hi Tim (my name is also Tim) thanks for getting back to me. I did my best to follow your instructions but ...

The computer had been off and disconnected from the internet (I had been emailing from an unaffected PC) so when I turned it on everything started(Norton/Spysweeper/etc). Your instructions did not say to disable any programs so I just did what they said. When I ran combofix I got a message about Norton so I turned it off (was not connected to the internet yet anyway). Also Spy Sweeper started giving me messages (maybe 20?) about things being deleted/install/modify. I saved the log files for Spy Sweper if you would like to see but I am not sending as I have seen it said in the forum not send additional files unless asked. Anyway I allowed everything because I did not know if it was related to combofix.

I could not run a bitdefender scan. The program failed to update the virus definitons and the virus signatures failed. I was given the option to scan anyway which I did but the scan failed to so no log. I tried this more than once just to be sure. I should mention that when I connected to the internet everything wanted to update of course from having been down for so long. But I did wait until the updates were finished before trying the bitdefender scan. Also this might be worth noting too - I did try a Trend Micro online scan before I came to this website/forum and it also could not run.

Here are the new logs and I can't say enough how much I appreciate the help. I hope it is okay shutting it down until I hear from you or do you prefer the computer to be left on? Can I at least disconnect it from the internet? I am not sure Norton is working correctly or what my problems are. Please let me know. Thanks