Jump to content

Please help me clean my computer


jp0p

Recommended Posts

I seem to be having problems with malware. A friend suggested that I run mbam. It did encounter some threats (including Trojan.ZbotR.Gen). I removed the with mbam. A second scan showed Trojan.ZbotR.Gen again. I followed the instructions in the thread "I'm infected - What do I do now?" Thanks for your help!

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.10.2

Run by Jen at 9:33:34 on 2013-02-15

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3581.1640 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\F5InstallerService.exe

C:\Program Files\Fitbit\fitbit.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe

C:\Users\Jen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Stickies\stickies.exe

C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned>

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [{D3845E3A-96DC-5CDA-CF5B-6C3189E1529A}] c:\users\jen\appdata\roaming\nees\vyaxf.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jen\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\SABnzbd.exe

StartupFolder: c:\users\jen\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: SoftwareSASGeneration = dword:1

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\jen\appdata\local\temp\f5tmp\cachecleaner.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\windows\temp\f5tmp\urxvpn.cab

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\windows\temp\f5tmp\f5tunsrv.cab

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\windows\temp\f5tmp\urxhost.cab

TCP: Interfaces\{858DA8AD-ECE5-4BCC-B2B7-4029B36776E9} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jen\appdata\roaming\mozilla\firefox\profiles\jnpaax5w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\users\jen\appdata\roaming\mozilla\firefox\profiles\jnpaax5w.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

FF - ExtSQL: 2012-12-19 11:53; firefox@ghostery.com; c:\users\jen\appdata\roaming\mozilla\firefox\profiles\jnpaax5w.default\extensions\firefox@ghostery.com

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2011-10-27 13224]

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]

R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-2-3 273552]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-28 242240]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2ba5baa4\AEstSrv.exe [2010-4-28 73728]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-5 1168632]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]

R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [2012-2-13 379320]

R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2011-12-1 788000]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 JungleDiskService;JungleDiskService;c:\program files\jungle disk desktop\JungleDiskMonitor.exe [2011-5-17 7343432]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-14 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-14 682344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-11-26 1248256]

R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-7-16 548264]

R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-14 370504]

R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]

R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-4-28 475136]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-30 29736]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-4-28 203264]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-14 21104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-15 40776]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-28 144672]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-28 277440]

R3 QuickBooksDB23;QuickBooksDB23;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb23 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB23 [?]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2011-6-7 38992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]

S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2008-1-20 29696]

S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-11-14 13944]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-9-28 19456]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-12-1 19744]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2012-7-8 770008]

.

=============== Created Last 30 ================

.

2013-02-15 15:23:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-02-15 01:32:31 -------- d-----w- c:\windows\ERUNT

2013-02-15 01:32:21 -------- d-----w- C:\JRT

2013-02-14 23:46:08 -------- d-----w- c:\users\jen\appdata\roaming\Malwarebytes

2013-02-14 23:45:58 -------- d-----w- c:\programdata\Malwarebytes

2013-02-14 23:45:54 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-14 23:45:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-04 04:19:50 -------- d-----w- c:\program files\common files\Nuance

2013-02-04 04:19:32 -------- d-----w- c:\programdata\Nuance

2013-02-03 17:53:01 -------- d-----w- c:\program files\Akamai

2013-01-24 03:14:20 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2013-01-24 03:06:30 2463976 ----a-w- c:\windows\system32\NPSWF32.dll

2013-01-24 03:06:30 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe

2013-01-24 02:44:45 -------- d-----w- c:\program files\common files\Macrovision Shared

2013-01-23 14:43:01 -------- d-----w- c:\users\jen\appdata\roaming\Ziqele

2013-01-23 14:43:01 -------- d-----w- c:\users\jen\appdata\roaming\Nees

2013-01-23 14:42:43 -------- d-----w- c:\users\jen\appdata\roaming\tor

2013-01-22 13:58:30 -------- d-----w- c:\programdata\AVG January 2013 Campaign

2013-01-19 14:07:44 -------- d-----w- c:\program files\Mozilla Firefox.bak

.

==================== Find3M ====================

.

2013-02-07 22:06:33 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-07 22:06:33 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-02 14:01:03 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-02 14:00:56 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-02 14:00:56 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-26 17:15:56 1694992 ----a-w- c:\windows\system32\VBA6.DLL

2012-11-26 17:15:08 741008 ----a-w- c:\windows\system32\SPR32D30.DLL

.

============= FINISH: 9:35:22.43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 4/30/2010 9:21:13 AM

System Uptime: 2/15/2013 8:59:31 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0H275K

Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 32.477 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 10 GiB total, 9.069 GiB free.

G: is CDROM ()

Z: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{4E5176C5-98A7-3DCA-62D7-CDB2B6803BD6}_LOCALMFG&000F\8&33278E17&0&000D44BBEB45_C00000001

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{4E5176C5-98A7-3DCA-62D7-CDB2B6803BD6}_LOCALMFG&000F\8&33278E17&0&000D44BBEB45_C00000001

Service:

.

Class GUID:

Description: Media Center

Device ID: UUID:B349717A-0090-A9A3-7F8C-8F01AB458313\UMB\3&2E8E435A&0&UUID:B349717A-0090-A9A3-7F8C-8F01AB458313

Manufacturer:

Name: Media Center

PNP Device ID: UUID:B349717A-0090-A9A3-7F8C-8F01AB458313\UMB\3&2E8E435A&0&UUID:B349717A-0090-A9A3-7F8C-8F01AB458313

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe After Effects CS3 Presets

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Download Assistant

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Player 9 ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.5)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Ai Charger

ATI Catalyst Control Center

ATI Catalyst Install Manager

AuthenTec Fingerprint System

AVG 2013

BIG-IP Edge Client

BIG-IP Edge Client Components (All Users)

Bonjour

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCleaner

CuteFTP 8 Professional

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DelinvFile - 4.04

Dell Edoc Viewer

Dell Touchpad

Digsby

Dropbox

erLT

Exifer

Fitbit Base Station (Driver Removal)

Fitbit v2.1.0

Flickr Uploadr 3.2.1

Garmin Communicator Plugin

Garmin Lifetime Updater

GenoPro 2.5.4.1

Google Talk (remove only)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Integrated Webcam Driver (1.03.02.0919)

Intel® Matrix Storage Manager

iSEEK AnswerWorks English Runtime

ITECIR Driver

iTunes

Java 7 Update 10

Java Auto Updater

Jungle Disk Desktop

Kid-Tough Digital Studio Software

LeapFrog Connect

LeapFrog Tag Plugin

LockHunter 2.0 beta 2, 32 bit

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4.5

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 18.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MyFonts Order M1181409

MyFonts Order M1181429

MyFonts Order M1269442

Notepad++

PDF Settings

Picasa 3

QualxServ Service Agreement

QuickBooks

QuickBooks Pro 2013

Quicken 2012

QuickSet

RoboForm 7-8-5-7 (All Users)

SABnzbd 0.6.10

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skins

Skype™ 6.0

Splashtop Streamer

Spotify

Stickies 7.1b

TightVNC 2.0.4

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmniper

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wmniper

TurboTax 2012 wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)

VLC media player 1.1.11

WD Link

WD SmartWare

WIDCOMM Bluetooth Software 6.1.0.4400

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

Link to post
Share on other sites

Hello jp0p and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

Link to post
Share on other sites

Thanks for the quick response, Maniac! Before I go any further, I want to say that I really appreciate the work that you do on the forums. It's awesome that you're willing to advise people in fixing their computer issues. I'm sure that it's not easy to sort things out without actually being in front of the infected computer.

That said, I followed your directions to download, update and run Mbar. It took a couple tries, but I was able to get it to scan.

As requested, the logs are pasted below.

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

www.malwarebytes.org

Database version: v2013.02.15.09

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

Jen :: ANN-DRAMA-DAH [administrator]

2/15/2013 7:37:46 PM

mbar-log-2013-02-15 (19-37-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 28233

Time elapsed: 30 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{D3845E3A-96DC-5CDA-CF5B-6C3189E1529A} (Trojan.ZbotR.Gen) -> Data: C:\Users\Jen\AppData\Roaming\Nees\vyaxf.exe -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 2.493000 GHz

Memory total: 3755008000, free: 1569038336

------------ Kernel report ------------

02/15/2013 19:07:29

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\xhxcahfs.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\DRIVERS\AiCharger.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iastor.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avglogx.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\bcmwl6.sys

\SystemRoot\system32\DRIVERS\k57nd60x.sys

\SystemRoot\system32\DRIVERS\ohci1394.sys

\SystemRoot\system32\DRIVERS\1394BUS.SYS

\SystemRoot\system32\DRIVERS\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmptsk.sys

\SystemRoot\system32\DRIVERS\rimsptsk.sys

\SystemRoot\system32\DRIVERS\rixdptsk.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\itecir.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\povrtdev.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\covpnwlh.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\DRIVERS\stwrt.sys

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\??\C:\Windows\system32\drivers\cbfs3.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\OA001Vid.sys

\SystemRoot\system32\DRIVERS\OA001Ufd.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\System32\Drivers\ATSwpWDF.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\DRIVERS\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\drivers\btwavdt.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwl2cap.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Users\Jen\AppData\Local\Temp\mbr.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86fd5558

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xffffffff85aa7030

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff86fd5558, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86fd5248, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86fd5558, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff85aa7030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xffffffffa7240278, 0xffffffff86fd5558, 0xffffffff86f493c8

Lower DeviceData: 0xffffffffbb35ec00, 0xffffffff85aa7030, 0xffffffff86fae4a0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 60000000

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 112640 Numsec = 20971520

Partition 2 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 21084160 Numsec = 467310592

Partition file system is NTFS

Partition is bootable

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Performing system, memory and registry scan...

Read File: File "c:\ProgramData\AVG2013\chjw\e022e90422e8e090.dat" is sparse (flags = 32768)

Read File: File "c:\Users\Jen\AppData\Local\Avg2013\log\avgual.2013-02-12.log" is compressed (flags = 1)

Read File: File "c:\Users\Jen\AppData\Local\Avg2013\log\avgual.2013-02-12.log" is compressed (flags = 1)

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{D3845E3A-96DC-5CDA-CF5B-6C3189E1529A} --> [Trojan.ZbotR.Gen]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 2.493000 GHz

Memory total: 3755008000, free: 2584694784

Removal queue found; removal started

Removal finished

=======================================

Link to post
Share on other sites

Good! :)

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.