Hi alex
The combofix log is incomplete, but the description you gave may indicate it did in fact complete the scan. Unfortunately the log ends just when it is getting to the important part. But it does show one file it removed that your last SAS log showed as quarintined.(I don't recognize the extention though) I think this confirms my belief of backups that we haven't been able to get to.
I think we have to move past combofix for now. Go ahead and run WinPFind3u.exe . Follow mauserme's instructions. I'm going to hand him the wheel and let him drive for awhile. (the windows cleaner on the passenger side.
)
I'll try to address the rest of your post. (excuse my thinking out loud)
Will do. Want me to send them to avast too?
Yes, mail them to avast as they didn't detect them during the online scan. Open the chest, right click on the files, select mail to alwil software. Give a brief description and maybe a link to this topic. No need to zip when sending from the chest. Make sure the dot is beside "mapi".
Quote
Quote from: alex1234 on October 23, 2007, 05:42:05 AM
I'm currently running it on my hard drives as well, but that will take a long while. So far it has found one virus on my other drive (C), I'm thinking it's probably unrelated to this.
Let us know what turns up. It may be related.
I've uploaded the log as html so it's easier to read:
http://www.sarah-brightman-online.com/frosty/kaspersky
re: c drive- a toolbar in nero and a nero update that came in a 7zip file
Looking at the d:\ detections, it looks like your first run of combofix did remove some vundo, but none with the .bak extention. However, I do see a jkhhh.dll that was in 7zip folder in the comdofix quarintine. I'm tempted to say that vundo came via the nero update. (maybe a phoney update)
**What say you mauserme? I'll note that SAS quit detecting jkhhh after the first combofix run, but started it stared detecting another random letter file The majority of the detections where in combofix and vundofix quarintine.
Also got a notice from avast a couple hours ago about a Trojan again (only an alert from avast though, no symptoms of infection have come up yet).
Here's the full log from avast:
Did you move it to the chest?
I can see detections going back to the 15th oct. and a lot from the 17th to the 20th.
I also see that avast stopped updating on the 21st. I don't know if it's one of these critters or your firewall. Does comdo allow
avast.setup internet access?
hijackthis logs
Did you add a internet explorer plugin?
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Could there be something wrong with my hardware that's causing it to not run completely?
I honestly can't say. you mention a lot of freezes, maybe just bad timing.
Are you still experiencing the countdown timer?