Jump to content

Recommended Posts

well my anti virus software ran out and i didnt really think much of it (fatal mistake i know now) and i ended up with a few viruses and trojans i was able to clean everything up with kaspersky (i downloaded it for temporary use to try and save my pc)however it is unable to remove one and the only option is to ignore it the file name is rootkit.win32.zaccess.k i tried following thisforum but i am unsure of what to do after running the combofix because that didnt seem to help. I could really use your guys expertise on this. please help!

thank you very much

Link to post
Share on other sites

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8309

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

12/4/2011 1:20:05 PM

mbam-log-2011-12-04 (13-20-00).txt

Scan type: Quick scan

Objects scanned: 162584

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Billy\AppData\Roaming\ahst.lni (Malware.Trace) -> No action taken.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_27

Run by Billy at 13:28:19 on 2011-12-04

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.815 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe

C:\Users\Billy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070809

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Auslogics BoostSpeed 4] c:\program files\auslogics\auslogics boostspeed\boostspeed.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\common files\VistaRunApp.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{5313D471-72ED-4A3F-B9A3-C19BFD6D9B30} : DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{AF49AD8C-0C8D-4072-9AE4-E6B28E16D22F} : DhcpNameServer = 192.168.1.1 71.252.0.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://gamebox.my-quick-search.com/?hp=df

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff4\kavlinkfilter4.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff5\kavlinkfilter5.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff6\kavlinkfilter6.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff7\kavlinkfilter7.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff8\kavlinkfilter8.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff4\ffvkplugin4.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff5\ffvkplugin5.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff6\ffvkplugin6.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff7\ffvkplugin7.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff8\ffvkplugin8.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\users\billy\appdata\roaming\mozilla\firefox\profiles\24xsnhsx.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\users\billy\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak2 - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar

FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com

FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WhiteSmokeToolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - %profile%\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}

FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualKeyboard@kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2007-8-27 21728]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-23 366152]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-29 24652]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-23 22216]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-2-9 213216]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-8 30192]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2011-12-04 18:00:44 644368 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

2011-11-23 01:02:40 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-23 01:02:37 -------- d-----w- c:\users\billy\appdata\local\temp

2011-11-23 00:30:04 98816 ----a-w- c:\windows\sed.exe

2011-11-23 00:30:04 518144 ----a-w- c:\windows\SWREG.exe

2011-11-23 00:30:04 256000 ----a-w- c:\windows\PEV.exe

2011-11-23 00:30:04 208896 ----a-w- c:\windows\MBR.exe

2011-11-23 00:29:55 -------- d-----w- C:\ComboFix

2011-11-22 04:20:37 -------- d-----w- c:\users\billy\appdata\roaming\ZwkIVrlONx0c1b3

2011-11-22 04:20:37 -------- d-----w- c:\users\billy\appdata\roaming\jnG4amH6sJfLg

2011-11-22 04:07:25 -------- d-----w- c:\users\billy\appdata\roaming\Ov2obF3pm5Q6W8R

2011-11-22 04:07:25 -------- d-----w- c:\users\billy\appdata\roaming\AhTXqjUCeIrOyAu

2011-11-22 04:05:16 97961 ----a-w- c:\windows\system32\drivers\klick.dat

2011-11-22 04:05:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-11-22 04:05:12 147856 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll

2011-11-22 04:02:19 -------- d-----w- c:\program files\Kaspersky Lab

2011-11-22 04:02:18 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-22 03:39:42 -------- d-----w- c:\users\billy\appdata\roaming\LnG4amH6sJfLZj

2011-11-22 03:39:42 -------- d-----w- c:\users\billy\appdata\roaming\JrlONxP0uSb3n4m

2011-11-21 15:14:10 -------- d-----w- c:\users\billy\appdata\roaming\06F14

2011-11-21 15:13:40 -------- d-----w- c:\users\billy\appdata\roaming\dFF44pmmHsQJ7E8

2011-11-21 15:13:39 -------- d-----w- c:\users\billy\appdata\roaming\pyyycAA1ivDo

2011-11-21 15:13:36 -------- d-----w- c:\users\billy\appdata\roaming\68F06

2011-11-21 15:13:30 -------- d-----w- c:\users\billy\appdata\roaming\wEK9hYwUVltzNyA

2011-11-21 15:13:28 -------- d-----w- c:\users\billy\appdata\roaming\ZnnGG4aaQ

2011-11-21 15:13:28 -------- d-----w- c:\users\billy\appdata\roaming\xYYYCwkkVrONP0c

.

==================== Find3M ====================

.

2007-01-06 12:09:26 208896 ----a-w- c:\program files\common files\VistaRunApp.exe

.

============= FINISH: 13:28:55.89 ===============

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • 2 weeks later...

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Im sorry it was a really busy month for me and i was just able to get a reinstallation dvd i reinstalled windows but it said it was going to keep my old files in something called windows.old (or something to that effect) is this okay?

Link to post
Share on other sites

Hi

Can I get help as well, after running Malware, combo fix, I can't get internet . Says "can't detect proxy setting" for my wirerless internet. Other computers are working fine on the system so it has to be my unit. I ran DDS and the log is below. combo fix said I had a root kit virus or soemthing similar to that.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by TIM at 0:14:19 on 2012-01-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2157 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\brsvc01a.exe

C:\Windows\system32\brss01a.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\snuvcdsm.exe

C:\Program Files\ZapShares\ZapSharesProtect.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyServer = http=127.0.0.1:54263

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [sNUVCDSM] c:\windows\snuvcdsm.exe

mRun: [ZapShares] "c:\program files\zapshares\ZapSharesProtect.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{28928FC7-FD0C-4986-8CF5-E09B9B32F1EC} : NameServer = 209.183.33.23 209.183.35.23

TCP: Interfaces\{CA33EE9B-2654-4DF1-834B-2AA149E6671A}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CA33EE9B-2654-4DF1-834B-2AA149E6671A}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.71

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-24 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-24 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-24 66616]

R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2012-1-2 65536]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-26 6755840]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-14 166912]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936]

S2 Appinfo32;Application Information ;c:\windows\system32\miguiresource32.exe --> c:\windows\system32\miguiresource32.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 228408]

S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-1-4 23608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]

.

=============== Created Last 30 ================

.

2012-01-05 03:00:48 -------- d-----w- C:\$RECYCLE.BIN

2012-01-05 02:59:06 -------- d-----w- c:\users\tim\appdata\local\temp

2012-01-05 01:59:39 -------- d-----w- C:\ComboFix

2012-01-03 05:07:40 302592 ----a-w- c:\windows\system32\cmd.execf

2012-01-03 04:06:27 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE

2012-01-03 04:06:27 45056 ----a-w- c:\windows\system32\BRSS01A.EXE

2012-01-02 03:55:52 -------- d-----w- c:\program files\iPod

2012-01-02 03:55:51 -------- d-----w- c:\program files\iTunes

2012-01-02 03:54:50 -------- d-----w- c:\program files\Bonjour

2012-01-02 03:10:08 -------- d-----w- c:\users\tim\appdata\local\AT&T

2011-12-31 22:51:41 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-31 22:51:41 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-12-31 22:50:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-12-31 22:49:55 -------- d-----w- c:\users\tim\appdata\local\Apple

2011-12-30 00:42:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 00:42:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-29 18:13:52 -------- d-----w- c:\windows\pss

2011-12-24 21:33:03 -------- d-----w- c:\programdata\Big Fish Games

2011-12-24 21:31:29 -------- d-----w- C:\BigFishGamesCache

2011-12-17 19:06:16 -------- d-----w- c:\users\tim\appdata\roaming\SuperNZB

2011-12-16 23:20:08 -------- d-----w- c:\users\tim\appdata\local\SanctionedMedia

2011-12-16 00:29:24 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-12-16 00:29:16 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-16 00:29:04 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-16 00:29:03 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-16 00:28:56 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-16 00:28:55 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

==================== Find3M ====================

.

2011-11-16 01:38:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 0:16:41.44 ===============

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.