Jump to content

Trojan.Agent.BEWGen found


Recommended Posts

I recently ran a scan with MalwareBytes Free edition and it found 2 objects related to Trojan.Agent.BEWGen in files left over from when I deleted a game on my computer.

Malwarebytes stated that it needed to restart the computer in order to remove the threat. I did this, I ran the scan again but it found the threat again. Malwarebytes again needed a restart for the threat to be removed. I did this again, and after another scan the threat was still there. I decided to check the file where it said it found the trojan. As it was in left over files from a deleted game, I thought I would just delete those files.

I ran Malwarebytes again and (it finds the object at the start of the scan) it did not find the trojan this time. When I has the trojan, I noticed no slowing down etc, so I can't tell this way if the threat has been removed completely.

If Malwarebytes no longer finds the threat, does this mean it has entirely gone, or is there anything else I should do to ensure there is nothing left over?

Link to post
Share on other sites

I'm not sure I can edit my post so here are the DDS logs:

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Madiha at 23:50:24 on 2013-05-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2047.1042 [GMT 1:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\madiha\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{172247A8-E44D-43D8-945C-4C8AB0A2EFB1} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{1C4445C5-7EA9-44A8-95ED-1CBBCC6D0A9A} : DHCPNameServer = 194.168.4.100 194.168.8.100

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\madiha\appdata\roaming\mozilla\firefox\profiles\vsouvui2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.0.1\npsitesafety.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\users\madiha\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-1 31576]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-13 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2012-9-2 27760]

R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-1-22 945328]

R3 AVEO;STARTEC UVC Driver;c:\windows\system32\drivers\AVEOdcnt.sys [2011-10-24 278528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-13 22856]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-9-2 1832560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-11-25 55448]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-31 1343400]

.

=============== Created Last 30 ================

.

2013-05-15 08:18:22 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 08:18:22 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 08:18:21 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 08:18:13 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 08:18:13 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 08:18:04 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 08:18:04 1796096 ----a-w- c:\windows\system32\authui.dll

2013-05-15 08:18:04 101720 ----a-w- c:\windows\system32\consent.exe

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-04-24 09:07:42 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-24 00:44:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-05-18 22:46:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-18 22:46:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 01:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 02:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe

2013-03-11 16:30:21 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-11 16:30:21 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-01 10:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-25 23:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-25 23:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-25 23:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-25 23:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-25 23:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll

2013-02-25 23:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-02-25 23:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll

2013-02-25 23:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-25 23:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-25 23:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll

2013-02-25 23:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-25 23:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll

.

============= FINISH: 23:51:01.77 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 31/08/2012 17:05:01

System Uptime: 18/05/2013 21:33:02 (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 88.932 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP113: 01/05/2013 12:32:18 - Scheduled Checkpoint

RP114: 09/05/2013 09:25:52 - Scheduled Checkpoint

RP115: 15/05/2013 09:26:08 - Windows Update

RP116: 18/05/2013 23:47:45 - Removed Bing HRS Toolbar

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 12.0

Apple Application Support

Apple Software Update

AVG 2013

AVG Security Toolbar

CCleaner

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Express Scribe

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Java 7 Update 21

Java Auto Updater

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Platform

QuickTime

Revo Uninstaller 1.94

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.3

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

VIA Platform Device Manager

WinPatrol

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

18/05/2013 21:35:59, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

18/05/2013 21:35:59, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

18/05/2013 21:32:18, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

18/05/2013 20:13:15, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

17/05/2013 00:40:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

15/05/2013 22:06:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello vl23 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Okay, let's get started.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • RogueKiller log

Link to post
Share on other sites

Thank you for your reply Maniac. I was worried that the thread was going to get buried! Apologies for the late reply, I have opted to follow the thread but did not receive an update via email so I will check the forum directly in future.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.19.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16576

Madiha :: MADIHA-PC [administrator]

19/05/2013 13:24:53

mbam-log-2013-05-19 (13-24-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 257579

Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\$RECYCLE.BIN\S-1-5-21-3782161779-1467987401-2167224717-1000\$RMKQEWU.rar (Trojan.Agent.BEWGen) -> Quarantined and deleted successfully.

C:\$RECYCLE.BIN\S-1-5-21-3782161779-1467987401-2167224717-1000\$RMXI5WQ.rar (Trojan.Agent.BEWGen) -> Quarantined and deleted successfully.

(end)

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Madiha [Admin rights]

Mode : Scan -- Date : 05/19/2013 14:40:46

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Madiha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023A ATA Device +++++

--- User ---

[MBR] 390cbaf5bb030ea6035c59fb6720323d

[bSP] 23e489ccb6274d14bb22b744c294df3b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler G3 USB Device +++++

--- User ---

[MBR] e5fef4635da761a5fdac3eeb990c4fcb

[bSP] 0021bf324b09f686f975d985a8c31a70 : MBR Code unknown

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3689 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_05192013_02d1440.txt >>

RKreport[1]_S_05192013_02d1440.txt

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi Maniac, here is the ComboFix log you requested:

ComboFix 13-05-18.03 - Madiha 19/05/2013 15:16:32.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2047.1355 [GMT 1:00]

Running from: c:\users\Madiha\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-19 to 2013-05-19 )))))))))))))))))))))))))))))))

.

.

2013-05-19 14:24 . 2013-05-19 14:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-19 14:24 . 2013-05-19 14:24 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-19 14:24 . 2013-05-19 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-19 14:24 . 2013-05-19 14:24 -------- d-----w- c:\users\Account for ABH\AppData\Local\temp

2013-05-15 08:18 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 08:18 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 08:18 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 08:18 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 08:18 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 08:18 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-05-15 08:18 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-05-15 08:18 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2013-04-24 09:07 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-24 00:44 . 2013-04-24 00:44 -------- d-----w- c:\program files\Common Files\Java

2013-04-24 00:44 . 2013-04-04 04:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-18 22:46 . 2012-09-01 16:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-18 22:46 . 2012-09-01 16:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-13 04:45 . 2013-05-15 08:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 08:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-04 13:50 . 2012-09-13 08:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 01:53 . 2013-03-29 01:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-22 00:48 . 2013-03-22 00:48 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-22 00:48 . 2013-03-22 00:48 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-03-22 00:48 . 2013-03-22 00:48 158720 ----a-w- c:\windows\system32\msls31.dll

2013-03-22 00:48 . 2013-03-22 00:48 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-03-22 00:48 . 2013-03-22 00:48 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-03-22 00:48 . 2013-03-22 00:48 138752 ----a-w- c:\windows\system32\wextract.exe

2013-03-22 00:48 . 2013-03-22 00:48 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-22 00:48 . 2013-03-22 00:48 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-22 00:48 . 2013-03-22 00:48 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-03-22 00:48 . 2013-03-22 00:48 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-22 00:48 . 2013-03-22 00:48 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-03-22 00:48 . 2013-03-22 00:48 12800 ----a-w- c:\windows\system32\mshta.exe

2013-03-22 00:48 . 2013-03-22 00:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-22 00:48 . 2013-03-22 00:48 361984 ----a-w- c:\windows\system32\html.iec

2013-03-22 00:48 . 2013-03-22 00:48 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-22 00:48 . 2013-03-22 00:48 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-22 00:48 . 2013-03-22 00:48 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-21 02:08 . 2013-03-21 02:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-19 05:04 . 2013-04-10 07:17 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 07:17 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 04:48 . 2013-04-10 07:17 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 02:49 . 2013-04-10 07:17 69632 ----a-w- c:\windows\system32\smss.exe

2013-03-11 16:30 . 2012-09-24 08:43 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-11 16:30 . 2012-09-24 08:43 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-01 10:32 . 2013-03-01 10:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-25 23:22 . 2013-02-25 23:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-25 23:22 . 2012-02-09 21:43 1017120 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-25 23:22 . 2013-02-25 23:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-25 23:22 . 2013-02-25 23:22 2505144 ----a-w- c:\windows\system32\nvapi.dll

2013-02-25 23:22 . 2013-02-25 23:22 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-02-25 23:22 . 2012-10-10 21:14 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-25 23:22 . 2013-02-25 23:22 15129960 ----a-w- c:\windows\system32\nvd3dum.dll

2013-02-25 23:22 . 2013-02-25 23:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-25 23:22 . 2013-02-25 23:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-25 23:22 . 2013-02-25 23:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll

2013-02-25 23:22 . 2013-02-25 23:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-25 23:22 . 2013-02-25 23:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll

2013-04-12 09:44 . 2013-04-12 09:44 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-01-31 13:57 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-31 1883824]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-06-08 3921552]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-31 1101488]

"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2013-01-30 1020512]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Madiha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]

S3 AVEO;STARTEC UVC Driver;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 22:46]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-16 10:09]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-16 10:09]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782161779-1467987401-2167224717-1000Core.job

- c:\users\Madiha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 17:31]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782161779-1467987401-2167224717-1000UA.job

- c:\users\Madiha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 17:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll

FF - ProfilePath - c:\users\Madiha\AppData\Roaming\Mozilla\Firefox\Profiles\vsouvui2.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2916)

c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL

.

Completion time: 2013-05-19 15:28:34

ComboFix-quarantined-files.txt 2013-05-19 14:28

.

Pre-Run: 95,009,030,144 bytes free

Post-Run: 95,066,030,080 bytes free

.

- - End Of File - - 46B7FF2C95CDF4380FA101D7D2D27D41

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites

Hi Maniac, thank you for your quick responses! This may be an obvious question, but I'd just like to double check if possible. I am using Firefox, do I need to click the blue "Run ESET Online Scanner" and then download the ESET Smart Installer?

When I checked with Internet Explorer, the page looked the same as on Firefox, on both browsers I haven't located the green "ESET Online Scanner" button. Sorry to be such a newb! >.<

Link to post
Share on other sites

Thanks again for your help, Maniac. This scan took a while and found 7 threats.

C:\Users\Madiha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1f606be9-42beda6f a variant of Java/Exploit.Agent.NPJ trojan cleaned by deleting - quarantined

C:\Users\Madiha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\41e609b4-4c498c8d multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Application Data\Sun\Java\Deployment\cache\6.0\19\2430c0d3-3c8c3966 multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Local Settings\Temp\jar_cache3273771048737222206.tmp multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Local Settings\Temp\jar_cache3820215888743595837.tmp multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Local Settings\Temp\jar_cache4771770279559248300.tmp multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Local Settings\Temp\jar_cache6974598627879059417.tmp multiple threats cleaned by deleting - quarantined

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

Hi Maniac, thanks for your reply. Can I clarify if I need to do this if the Control Panel states that I have Java 7 Update 21? I recently updated Java, so I was surprised and I went to the official Java site to check my version and it states I have the latest Version 7 Update 21 on my pc. http://java.com/en/download/index.jsp

Is it that I have more than one version? Because I appear to have the latest version according to the official Java site, I'm wondering if I still need to do this step or if there is something else I should do.

Link to post
Share on other sites

Maybe due your old version, but you have some infections:

C:\Users\Madiha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1f606be9-42beda6f a variant of Java/Exploit.Agent.NPJ trojan cleaned by deleting - quarantined

C:\Users\Madiha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\41e609b4-4c498c8d multiple threats cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Madiha\Application Data\Sun\Java\Deployment\cache\6.0\19\2430c0d3-3c8c3966 multiple threats cleaned by deleting - quarantined

They are there because of vulnerable Java version. I would like to clean everything and to install it on clean, just to be sure everything is fine.

Link to post
Share on other sites

Thanks for explaining the situation. I will do this as soon as I can - but there may be a bit of a delay because currently my time is being eaten up and I thought I would send you a quick note to let you know. Sorry about that and I will let you know as soon I finish the clean Java install. I hope that's alright!

Link to post
Share on other sites

Thanks for your support. I've downloaded JavaRa and completed the clean install of Java. Java installed fine, there was an error message, after Java had completely installed,about a browser error but this may have been something to do with launching a new browser page after Java has installed?

I checked the Control Panel and Java is installed there Version 7 Update 21.

Is there anything else I should do?

Link to post
Share on other sites

Java installed fine, there was an error message, after Java had completely installed,about a browser error but this may have been something to do with launching a new browser page after Java has installed?

Without seeing your error message, I couldn't tell anything. If you still have a problem post the error message in your next reply.

Now tell me how is your system after all.

Link to post
Share on other sites

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner and manually delete JavaRa.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

I ran OTC and uninstalled ESET and manually removed JavaRa. Thank you very much for your kind support! I really appreciate being able to come here if I have a problem and to get such good help. I think the work you guys do here is great and a real blessing! Thanks again for guiding me through this process. I will send a donation shortly.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.