Jump to content

Trojan.Agent & Browser Hijacker problem

CompConfusion
 Share

Recommended Posts

CompConfusion

CompConfusion

Posted
  • Author
Posted

The SysProt scan root drive log is here:

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

Process:

Name: [system Idle Process]

PID: 0

Hidden: No

Window Visible: No

Name: System

PID: 4

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\smss.exe

PID: 416

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe

PID: 484

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\wininit.exe

PID: 528

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe

PID: 540

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\services.exe

PID: 572

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\lsass.exe

PID: 584

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\lsm.exe

PID: 600

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\winlogon.exe

PID: 676

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 768

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 828

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 948

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1008

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1020

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\audiodg.exe

PID: 1132

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1152

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\SLsvc.exe

PID: 1172

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1216

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1336

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\spoolsv.exe

PID: 1648

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 1696

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe

PID: 1708

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\dwm.exe

PID: 1756

Hidden: No

Window Visible: Yes

Name: C:\WINDOWS\explorer.exe

PID: 1816

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe

PID: 292

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\igfxtray.exe

PID: 492

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\hkcmd.exe

PID: 564

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\igfxpers.exe

PID: 672

Hidden: No

Window Visible: No

Name: C:\Program Files\Apoint2K\Apoint.exe

PID: 756

Hidden: No

Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PID: 588

Hidden: No

Window Visible: No

Name: C:\Program Files\HP\QuickPlay\QPService.exe

PID: 1016

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

PID: 1124

Hidden: No

Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

PID: 1312

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

PID: 1332

Hidden: No

Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PID: 1404

Hidden: No

Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe

PID: 1444

Hidden: No

Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe

PID: 1480

Hidden: No

Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe

PID: 1504

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe

PID: 988

Hidden: No

Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PID: 124

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgnsx.exe

PID: 444

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 2196

Hidden: No

Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe

PID: 2212

Hidden: No

Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PID: 2276

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 2328

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe

PID: 2356

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\SearchIndexer.exe

PID: 2376

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\drivers\XAudio.exe

PID: 2456

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgrsx.exe

PID: 2540

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgchsvx.exe

PID: 2548

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

PID: 2564

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe

PID: 2676

Hidden: No

Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe

PID: 3068

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\igfxsrvc.exe

PID: 3204

Hidden: No

Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe

PID: 3288

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe

PID: 3412

Hidden: No

Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe

PID: 3468

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

PID: 3504

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

PID: 3820

Hidden: No

Window Visible: No

Name: C:\Program Files\Apoint2K\ApMsgFwd.exe

PID: 3900

Hidden: No

Window Visible: No

Name: C:\Program Files\Apoint2K\ApntEx.exe

PID: 3932

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\wbem\unsecapp.exe

PID: 4088

Hidden: No

Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

PID: 876

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\conime.exe

PID: 5736

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\SearchProtocolHost.exe

PID: 4304

Hidden: No

Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

PID: 3584

Hidden: No

Window Visible: No

Name: C:\WINDOWS\System32\SearchFilterHost.exe

PID: 4596

Hidden: No

Window Visible: No

Name: C:\Users\Judy\Desktop\SysProt\SysProt\SysProt.exe

PID: 4880

Hidden: No

Window Visible: Yes

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \??\C:\Users\Judy\Desktop\SysProt\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: AE41B000

Module End: AE426000

Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe

Service Name: ---

Module Base: 81C0A000

Module End: 81FC3000

Hidden: No

Module Name: C:\Windows\system32\hal.dll

Service Name: ---

Module Base: 81FC3000

Module End: 81FF6000

Hidden: No

Module Name: C:\Windows\system32\kdcom.dll

Service Name: ---

Module Base: 80402000

Module End: 80409000

Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll

Service Name: ---

Module Base: 80409000

Module End: 80479000

Hidden: No

Module Name: C:\Windows\system32\PSHED.dll

Service Name: ---

Module Base: 80479000

Module End: 8048A000

Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll

Service Name: ---

Module Base: 8048A000

Module End: 80492000

Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS

Service Name: CLFS

Module Base: 80492000

Module End: 804D3000

Hidden: No

Module Name: C:\Windows\system32\CI.dll

Service Name: ---

Module Base: 804D3000

Module End: 805B3000

Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys

Service Name: Wdf01000

Module Base: 8060C000

Module End: 80688000

Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS

Service Name: ---

Module Base: 80688000

Module End: 80695000

Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys

Service Name: ACPI

Module Base: 80695000

Module End: 806DB000

Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS

Service Name: ---

Module Base: 806DB000

Module End: 806E4000

Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys

Service Name: msisadrv

Module Base: 806E4000

Module End: 806EC000

Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys

Service Name: pci

Module Base: 806EC000

Module End: 80713000

Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys

Service Name: partmgr

Module Base: 80713000

Module End: 80722000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys

Service Name: Compbatt

Module Base: 80722000

Module End: 80725000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS

Service Name: BattC

Module Base: 80725000

Module End: 8072F000

Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys

Service Name: volmgr

Module Base: 8072F000

Module End: 8073E000

Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys

Service Name: volmgrx

Module Base: 8073E000

Module End: 80788000

Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys

Service Name: intelide

Module Base: 80788000

Module End: 8078F000

Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS

Service Name: ---

Module Base: 8078F000

Module End: 8079D000

Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys

Service Name: MountMgr

Module Base: 8079D000

Module End: 807AD000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\iaStor.sys

Service Name: iaStor

Module Base: 8220B000

Module End: 822D3000

Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys

Service Name: atapi

Module Base: 822D3000

Module End: 822DB000

Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS

Service Name: ---

Module Base: 822DB000

Module End: 822F9000

Hidden: No

Module Name: C:\Windows\system32\drivers\msahci.sys

Service Name: msahci

Module Base: 822F9000

Module End: 82303000

Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys

Service Name: FltMgr

Module Base: 82303000

Module End: 82335000

Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys

Service Name: FileInfo

Module Base: 82335000

Module End: 82345000

Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys

Service Name: KSecDD

Module Base: 82345000

Module End: 823B6000

Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys

Service Name: NDIS

Module Base: 85E01000

Module End: 85F0C000

Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS

Service Name: ---

Module Base: 85F37000

Module End: 85F72000

Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys

Service Name: Tcpip

Module Base: 86003000

Module End: 860ED000

Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys

Service Name: ---

Module Base: 860ED000

Module End: 86108000

Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys

Service Name: Ntfs

Module Base: 86208000

Module End: 86318000

Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys

Service Name: volsnap

Module Base: 86318000

Module End: 86351000

Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys

Service Name: spldr

Module Base: 86351000

Module End: 86359000

Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys

Service Name: Mup

Module Base: 86359000

Module End: 86368000

Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys

Service Name: Ecache

Module Base: 86368000

Module End: 8638F000

Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys

Service Name: disk

Module Base: 8638F000

Module End: 863A0000

Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS

Service Name: ---

Module Base: 863A0000

Module End: 863C1000

Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys

Service Name: crcdisk

Module Base: 863C1000

Module End: 863CA000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys

Service Name: tunnel

Module Base: 863D7000

Module End: 863E2000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys

Service Name: tunmp

Module Base: 863E2000

Module End: 863EB000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys

Service Name: intelppm

Module Base: 863EB000

Module End: 863FA000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys

Service Name: CmBatt

Module Base: 863FA000

Module End: 863FE000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys

Service Name: HBtnKey

Module Base: 86200000

Module End: 86203000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Service Name: ---

Module Base: 861D0000

Module End: 861E0000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Service Name: ---

Module Base: 861E0000

Module End: 861E7000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys

Service Name: WmiAcpi

Module Base: 861E7000

Module End: 861F0000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys

Service Name: igfx

Module Base: 89C01000

Module End: 8A20A000

Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys

Service Name: DXGKrnl

Module Base: 8A20A000

Module End: 8A2AB000

Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys

Service Name: ---

Module Base: 8A2AB000

Module End: 8A2B7000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys

Service Name: HDAudBus

Module Base: 8A2B7000

Module End: 8A344000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\athr.sys

Service Name: athr

Module Base: 8A344000

Module End: 8A3FD000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys

Service Name: usbuhci

Module Base: 861F0000

Module End: 861FB000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS

Service Name: ---

Module Base: 85F72000

Module End: 85FB0000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys

Service Name: usbehci

Module Base: 85FB0000

Module End: 85FBF000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Rtnicxp.sys

Service Name: RTL8023xp

Module Base: 85FBF000

Module End: 85FD0000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys

Service Name: i8042prt

Module Base: 85FD0000

Module End: 85FE3000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

Service Name: HpqKbFiltr

Module Base: 86203000

Module End: 86208000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys

Service Name: kbdclass

Module Base: 85FE3000

Module End: 85FEE000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Apfiltr.sys

Service Name: ApfiltrService

Module Base: 823B6000

Module End: 823E2000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys

Service Name: mouclass

Module Base: 85FEE000

Module End: 85FF9000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys

Service Name: cdrom

Module Base: 823E2000

Module End: 823FA000

Hidden: No

Module Name: C:\Windows\System32\Drivers\GEARAspiWDM.sys

Service Name: GEARAspiWDM

Module Base: 85FF9000

Module End: 85FFF000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys

Service Name: iScsiPrt

Module Base: 807AD000

Module End: 807DC000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys

Service Name: ---

Module Base: 805B3000

Module End: 805F4000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS

Service Name: ---

Module Base: 82200000

Module End: 8220B000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys

Service Name: Rasl2tp

Module Base: 807DC000

Module End: 807F3000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys

Service Name: NdisTapi

Module Base: 807F3000

Module End: 807FE000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys

Service Name: NdisWan

Module Base: 8A808000

Module End: 8A82B000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys

Service Name: RasPppoe

Module Base: 8A82B000

Module End: 8A83A000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys

Service Name: PptpMiniport

Module Base: 8A83A000

Module End: 8A84E000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys

Service Name: RasSstp

Module Base: 8A84E000

Module End: 8A863000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys

Service Name: TermDD

Module Base: 8A863000

Module End: 8A873000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys

Service Name: swenum

Module Base: 8A873000

Module End: 8A875000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys

Service Name: ---

Module Base: 8A875000

Module End: 8A89F000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys

Service Name: mssmbios

Module Base: 8A89F000

Module End: 8A8A9000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys

Service Name: umbus

Module Base: 8A8A9000

Module End: 8A8B6000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys

Service Name: kbdhid

Module Base: 8A8B6000

Module End: 8A8BF000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys

Service Name: usbhub

Module Base: 8A8BF000

Module End: 8A8F4000

Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS

Service Name: NDProxy

Module Base: 8A8F4000

Module End: 8A905000

Hidden: No

Module Name: C:\Windows\system32\drivers\CHDRT32.sys

Service Name: CnxtHdAudService

Module Base: 8A905000

Module End: 8A93B000

Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys

Service Name: ---

Module Base: 8A93B000

Module End: 8A968000

Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys

Service Name: ---

Module Base: 8A968000

Module End: 8A98D000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys

Service Name: HSXHWAZL

Module Base: 8A98D000

Module End: 8A9CB000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys

Service Name: HSF_DPV

Module Base: 8B203000

Module End: 8B306000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys

Service Name: winachsf

Module Base: 8B306000

Module End: 8B3BB000

Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys

Service Name: Modem

Module Base: 8B3BB000

Module End: 8B3C8000

Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS

Service Name: Beep

Module Base: 8B3D8000

Module End: 8B3DF000

Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys

Service Name: vga

Module Base: 8B3DF000

Module End: 8B3EB000

Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS

Service Name: ---

Module Base: 8A9CB000

Module End: 8A9EC000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys

Service Name: RDPCDD

Module Base: 8B3EB000

Module End: 8B3F3000

Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys

Service Name: RDPENCDD

Module Base: 8B3F3000

Module End: 8B3FB000

Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS

Service Name: Npfs

Module Base: 8B60E000

Module End: 8B61C000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys

Service Name: RasAcd

Module Base: 8B61C000

Module End: 8B625000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys

Service Name: tdx

Module Base: 8B625000

Module End: 8B63B000

Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys

Service Name: AvgTdiX

Module Base: 8B63B000

Module End: 8B675000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys

Service Name: netbt

Module Base: 8B675000

Module End: 8B6A7000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys

Service Name: Smb

Module Base: 8B6A7000

Module End: 8B6BB000

Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys

Service Name: AFD

Module Base: 8B6BB000

Module End: 8B703000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys

Service Name: PSched

Module Base: 8B703000

Module End: 8B719000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys

Service Name: NetBIOS

Module Base: 8B719000

Module End: 8B727000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys

Service Name: Wanarp

Module Base: 8B727000

Module End: 8B73A000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys

Service Name: rdbss

Module Base: 8B73A000

Module End: 8B776000

Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys

Service Name: nsiproxy

Module Base: 8B776000

Module End: 8B780000

Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys

Service Name: DfsC

Module Base: 8B780000

Module End: 8B797000

Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys

Service Name: AvgMfx86

Module Base: 8B797000

Module End: 8B79D000

Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys

Service Name: AvgLdx86

Module Base: 8B79D000

Module End: 8B7D1000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys

Service Name: HidUsb

Module Base: 8B7D1000

Module End: 8B7DA000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS

Service Name: ---

Module Base: 8B7DA000

Module End: 8B7DC000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys

Service Name: mouhid

Module Base: 8B7DC000

Module End: 8B7E4000

Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys

Service Name: ---

Module Base: 8B7E4000

Module End: 8B7F1000

Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys

Service Name: ---

Module Base: 86108000

Module End: 861D0000

Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys

Service Name: ---

Module Base: 8B7F1000

Module End: 8B7FB000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys

Service Name: monitor

Module Base: A4602000

Module End: A4611000

Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys

Service Name: luafv

Module Base: A4611000

Module End: A462C000

Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys

Service Name: ---

Module Base: A462C000

Module End: A46DC000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys

Service Name: lltdio

Module Base: A46DC000

Module End: A46EC000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys

Service Name: NativeWifiP

Module Base: A46EC000

Module End: A4716000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys

Service Name: Ndisuio

Module Base: A4716000

Module End: A4720000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys

Service Name: rspndr

Module Base: A4720000

Module End: A4733000

Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys

Service Name: HTTP

Module Base: A4733000

Module End: A47A0000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys

Service Name: srvnet

Module Base: A47A0000

Module End: A47BD000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys

Service Name: bowser

Module Base: A47BD000

Module End: A47D6000

Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys

Service Name: mpsdrv

Module Base: A47D6000

Module End: A47EB000

Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys

Service Name: MRxDAV

Module Base: A8007000

Module End: A8028000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys

Service Name: mrxsmb

Module Base: A8028000

Module End: A8047000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Service Name: mrxsmb10

Module Base: A8047000

Module End: A8080000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Service Name: mrxsmb20

Module Base: A8080000

Module End: A8098000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys

Service Name: srv2

Module Base: A8098000

Module End: A80BF000

Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys

Service Name: srv

Module Base: A80BF000

Module End: A810D000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys

Service Name: mdmxsdk

Module Base: A810D000

Module End: A8111000

Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys

Service Name: PEAUTH

Module Base: A8111000

Module End: A81EF000

Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS

Service Name: secdrv

Module Base: A81EF000

Module End: A81F9000

Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys

Service Name: tcpipreg

Module Base: A47EB000

Module End: A47F7000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys

Service Name: XAudio

Module Base: A47F7000

Module End: A47FF000

Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys

Service Name: cdfs

Module Base: AE405000

Module End: AE41B000

Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS

Service Name: Null

Module Base: 8B3D1000

Module End: 8B3D8000

Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS

Service Name: Msfs

Module Base: 8A9EC000

Module End: 8A9F7000

Hidden: No

********************************************************************************

**********

********************************************************************************

**********

No SSDT Hooks found

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

********************************************************************************

**********

********************************************************************************

**********

No IRP Hooks found

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: JUDY-PC:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: JUDY-PC:49156

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\services.exe

State: LISTENING

Local Address: JUDY-PC:49155

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\lsass.exe

State: LISTENING

Local Address: JUDY-PC:49154

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\svchost.exe

State: LISTENING

Local Address: JUDY-PC:49153

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\svchost.exe

State: LISTENING

Local Address: JUDY-PC:49152

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\wininit.exe

State: LISTENING

Local Address: JUDY-PC:5357

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: JUDY-PC:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: JUDY-PC:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\System32\svchost.exe

State: LISTENING

Local Address: JUDY-PC:52687

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:SSDP

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:138

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: JUDY-PC:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: JUDY-PC:64659

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:52688

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:SSDP

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:LLMNR

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:IPSEC-MSFT

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

Local Address: JUDY-PC:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\System32\svchost.exe

State: NA

********************************************************************************

**********

********************************************************************************

**********

No hidden files/folders found

Another question, should I be deleting these programs after using them.. or keeping them on my desktop for future use?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

For now, no. Later will clean everything.

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted

I followed the instructions as instructed. A User Account Control popup did occur before the black window popped up. In order for me to access the application, I did have to press enter.

This message showed up

TDSS rootkit removing tool. Kaspersky Lab, 2010

Version 2.2.8.1 Mar 22 2010 10:43:04

Scanning Services .....

Scanning Kernal Memory .....

Completed

Results:

Memory objects infected / cured / cured on reboot: 0 / 0 /0

Registry objected infected/cured/cured on reboot: 0/0/0

File objects infected /cured/cured on reboot: 0/0/0

Press any key to continue ...

After I pressed (any key), the black window just disappeared. Therefore, no log was generated and I'm guessing that means Kaspersky Lab didn't detect anything?

It seems like none of these programs are detecting anything for me. :P

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Let's try with Rescue CD:

Pleas try downloading and burning the following from another computer.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from

  • Place a blank CD in your burner and double-click on the downloaded file named
    rescue_system-common-en.exe

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files

    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

  1. Please see the post
    if you're unable to view the entire screen of Avira.

  2. You can also review this one

  3. Currently only the German keyboard is supported.
    English keyboards require work arounds.

  4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted

I've completed Antvir and this was the summary/log at the end. (It was very short so I just typed it onto Word on another computer in the same household)

The specific items you requested: there were 2 Records, 0 Suspect Files and 0 Warnings. The problems are still the same on my laptop. In fact, it seems worse now. Browser is extremely laggy and it seems the malware has blocked ninjacloak's access to this site as well. I'm on here with a different proxy site.. What next?

"Antvir/Linux Version 2.1.12-265

Copyright © 2008 by Avira GmbH

All rights reserved

VDF version: 1.10.6.69 created 13 April 2010

Antvir license: 149995 for AntVir Rescue System

checking the master boot record of drive 128

error (25): cannot read record

Checking the master boot record of drive 129

error (2): cannot read record

auto excluding /sys/ from scans (is a special fs)

auto excluding /proc from scans (is a special fs)

checking drive path (list):/media/Devices/media/Devices/sda1/HP/BIN/ENDProcess.exe.XXX

Endprocess.exe.XXX <<< Contains detection pattern of the application APPL/Kill App.A

not removeable

/media/Devices/sda1/HP/HPQware/EasySetup/SetACL.exe.XXX

ALERT:[APP/ACLSET]/media/Devices/sda1/HP/HPQware/EasySetup/SetACL.exe.XXX<<<contains detection pattern of the application APPL/ACLset not removeable

----Scan Results ----

Directories: 22847

Scanned Files 416499

alerts: 2

suspicious: 0

repaired:0

deleted: 0

renamed: 0

quarantined:0

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

If not work in normal mode, try in safe mode.

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted

I've encountered the same problem with GMER as before. It simply won't complete the scan. I've tried it in both normal and safe modes. Same issue. A window pops up that claims an "unknown error as occured and GMER has to shut down" Ignore it, it won't continue scanning. Press enter, GMER disappears. No log can be generated...

I did notice a difference in normal and safe mode though. When I double click the GMER icon on my desktop in normal mode, it scans (without me prompting it to scan) and displays the following items in a list format.

Under the heading Type: Attached Device (for all four)

Name: \Driver\tdx\Device IP

\Driver\tdx\Device\Tcp

\Driver\tdx\Device\Udp

\Device\tdx\Device\Rawlp

For Value: avgtix.sys {AVG Network Connection Watcher/AVG Technologies CZ.SR.0}

I'm not sure if that's important at all.

After these four items displays is when the "scan" buttom is actually available. Otherwise it is greyed out.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Delete your copy of ComboFix.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted

This was the Combo-Fix log that was generated. (I did have to restart before being able to access the internet again). My AVG is also not currently not functioning at all. Therefore, I just uninstalled it through control panel (it seemed useless to keep a non-functional antivirus on deck..) I am only using the internet to access this forum. So any further instructions would be highly appreciated. :o Symtoms are still the same after Combo-Fix. Google searches are still being redirected, access to antivirus/antimalware sites are being blocked and that annoying fake "Microsoft Windows Internet Security" window keeps popping up prompting for download

ComboFix 10-04-14.04 - Judy 15/04/2010 15:28:13.3.2 - x86

Microsoft

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here
first.

I also need for you to download this program
to your desktop.


  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    Scan All Users
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
  • 2 weeks later...
CompConfusion

CompConfusion

Posted
  • Author
Posted

As well, my latest MBAM log was as follows:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4084

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

09/05/2010 8:23:26 PM

mbam-log-2010-05-09 (20-23-26).txt

Scan type: Quick scan

Objects scanned: 112055

Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted

The Add-Remove Programs txt located in the Qoobox folder is as follows:

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

AVG Free 9.0

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

Conexant HD Audio

DVD Suite

EA Link

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Highlight Viewer (Windows Live Toolbar)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.6

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.40 B2

HP Smart Web Printing 4.60

HP Total Care Advisor

HP Update

HP User Guides 0093

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intel® TV Wizard

LabelPrint

Malwarebytes' Anti-Malware

Map Button (Windows Live Toolbar)

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

MSN

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

NetWaiting

Power2Go

PowerDirector

PSSWCORE

QuickPlay SlingPlayer 0.4.6

QuickTime

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Smart Menus (Windows Live Toolbar)

SmartWebPrinting

Touch Pad Driver

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974561)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (kb981433)

VideoToolkit01

WeatherBug Gadget

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Upload Tool

Link to post
Share on other sites
CompConfusion

CompConfusion

Posted
  • Author
Posted
Good! :blink:

How are things now?

As I mentioned in the PM the other night, my laptop is currently "symptom free" but I wanted to be sure the virus was completely gone. As well, it seems the virus symptoms come "back" when it's hooked up with my router box. When it's just hooked to the normal cable box, the symptoms seem to disappear. Is it possible for a "virus" to live in a router box? Very confused about that.

As well, I wanted to be sure the virus/malware or whatever it is.. is gone for good?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

There was something else - AbaleZip.dll , but ComboFix deal with it. For more information:

http://www.prevx.com/filenames/X1056964785...ALEZIP.DLL.html

Now, your system seems to be clean.

Please enable this computer to the router, WORK three days and go back to my writing, how is the situation now.

There is no way anything whatever to be in a router box.

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.