Jump to content

TR/Trash Gen Vundo

Sooz

By Sooz
in Resolved Malware Removal Logs

 Share

Recommended Posts

Sooz

Sooz

Posted
Posted

Jean in Montana helped me clean up my system from a Vundo infection last week (different one) and I implemented all the protection measures she recommended to help prevent another infection. But, lo and behold, here I am back again with another Vundo, this time it is TR/Trash Gen per Avira's scan. I had Avira quarantine the file. Below are the Avira, Hijack This, and MBAM scan reports (all updated). As you can see, MBAM did not detect the infection. Thanks for any help. Sue

Avira AntiVir Personal

Report file date: Saturday, November 01, 2008 11:04

Scanning for 1001710 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: YOUR-0CDC4F5844

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 10/16/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 17:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 03:07:03

ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 10/31/2008 17:30:30

ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 10/31/2008 17:30:31

ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 10/31/2008 17:30:37

Engineversion : 8.2.0.10

AEVDF.DLL : 8.1.0.6 102772 Bytes 10/28/2008 03:08:07

AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/28/2008 03:08:03

AESCN.DLL : 8.1.1.3 123252 Bytes 10/28/2008 03:07:57

AERDL.DLL : 8.1.1.2 438644 Bytes 10/28/2008 03:07:53

AEPACK.DLL : 8.1.2.4 369014 Bytes 10/28/2008 03:07:45

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 10/28/2008 03:07:41

AEHEUR.DLL : 8.1.0.63 1479032 Bytes 10/28/2008 03:07:37

AEHELP.DLL : 8.1.1.2 115062 Bytes 10/28/2008 03:07:23

AEGEN.DLL : 8.1.0.42 319861 Bytes 10/28/2008 03:07:21

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/28/2008 03:07:16

AECORE.DLL : 8.1.2.9 172407 Bytes 10/29/2008 03:01:44

AEBB.DLL : 8.1.0.3 53618 Bytes 10/28/2008 03:07:08

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 10/28/2008 03:07:07

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Saturday, November 01, 2008 11:04

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned

Scan process 'Webshots.scr' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'oahlp.exe' - '0' Module(s) have been scanned

Scan process 'lsmon.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'LClock.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'oaui.exe' - '0' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned

Scan process 'mqsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SonyIEx.exe' - '1' Module(s) have been scanned

Scan process 'oacat.exe' - '0' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'oasrv.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

44 processes with 44 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '72' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Valued Customer\Temporary Internet Files\Content.IE5\CWQMZ530\swflash[1].cab

[0] Archive type: CAB (Microsoft)

--> FP_AX_CAB_INSTALLER.exe

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP172\A0015909.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '493ca1cd.qua'!

Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: Saturday, November 01, 2008 11:48

Used time: 43:39 Minute(s)

The scan has been done completely.

10721 Scanning directories

418380 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

418377 Files not concerned

13067 Archives were scanned

3 Warnings

1 Notes

********************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:18 PM, on 11/1/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\windows\eHome\ehRecvr.exe

C:\windows\eHome\ehSched.exe

C:\windows\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\nvsvc32.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\SonyIEx.exe

C:\windows\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\windows\eHome\ehmsas.exe

C:\windows\System32\alg.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\LClock\lclock.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\LinkStash\lsmon.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\Webshots\Webshots.scr

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\LinkStash\lnkstash.exe

C:\windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"

O4 - HKLM\..\Run: [Program] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"

O4 - HKLM\..\Run: [CHDAudPropShortcut.exe] "C:\windows\system32\CHDAudPropShortcut.exe"

O4 - HKLM\..\Run: [synTPEnh.exe] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [RecGuard.exe] "C:\Windows\SMINST\RecGuard.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [nwiz] "C:\windows\system32\nwiz.exe" /installquiet /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] "C:\windows\system32\RUNDLL32.EXE" C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\lclock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html

O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html

O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html

O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html

O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\Program Files\LinkStash\lsshow.exe (HKCU)

O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\Program Files\LinkStash\lsshow.exe (HKCU)

O9 - Extra button: Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\Program Files\LinkStash\lsgrab.exe (HKCU)

O9 - Extra 'Tools' menuitem: LinkStash Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\Program Files\LinkStash\lsgrab.exe (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173489959775

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173489894197

O17 - HKLM\System\CCS\Services\Tcpip\..\{B63AFA86-B099-4FA9-A799-61CE99E833DC}: NameServer = 66.81.1.250 66.81.1.252

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--

End of file - 13004 bytes

********************

Malwarebytes' Anti-Malware 1.30

Database version: 1352

Windows 5.1.2600 Service Pack 3

11/1/2008 12:03:26 PM

mbam-log-2008-11-01 (12-03-26).txt

Scan type: Quick Scan

Objects scanned: 51740

Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Sooz Avira cleaned the trojan it shows in the log. It was located in your system restore. If you had done as you say and implemented the prevention things I mentioned, they would show up in your HJT log, at least some would, and none do. There is no Spybot Search & Destroy, no WinPatrol and I'm betting you didn't install SpywareBlaster or a hosts file. you didn't reset System Restore or Avira woudn't have found a trojan there. In other words, you didn't do much you were advised. Here is my final advice to you.

Turn on the root scan in Avira you have it off.

Choose a secondary action for any found threats. Ignore is not a good one, choose repair, remove something. Don't try to fool the people that help you.

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.