Jump to content

Sick PC - Redirect Virus, and more


Willi02

Recommended Posts

Good morning.

I have followed some of your other member posts and your Malwarebytes team seems very competent. I hope you can help me.

Problems:

1) Over a week ago, we started getting Famous Search System redirects - annoying

2) My Malwarebytes application disappeared from my PC (only shortcut remained), so I re-downloaded it, got the latest version and started scan. It terminated within a few seconds, and then then I did not have permission to re-open the MBAM application (disappeared again).

3) The Windows Update shield has been in my system tray (at the lower right corner of screen) for the past week. Whenever I click on it, the only file to install is "Windows Malicious Software Removal Tool - November 2011 (KB890830)", but it never seems to install and the shield never goes away

4) Over the past week, my PC has abruptly stopped in the middle of booting up when I turn it on or Re-start

None of these are crippling (as I am able to use my PC and the internet), but I know this is not right, and I am afraid this will get worse and affect other applications/functions if I don't take action.

Can you offer guidance?

Thank you in advance.

Link to post
Share on other sites

Hello Willi02 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • DDS log
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Here is DDS results. I will run TDSSKiller next and post results.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 22:57:50 on 2011-11-15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1009 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\2870937584:267968596.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\java.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\WINDOWS\system32\svchost.exe"

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.google.com/nwshp?sourceid=navclient&ie=UTF-8

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uWinlogon: Shell=c:\documents and settings\owner\local settings\application data\f0071fab\X

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_19_0.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_19_0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

uRun: [backupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe

uRun: [RecordNow!]

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://webpass.rwd.com/vdesk/terminal/urxvpn.cab#version=6031,2010,125,2117

DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://webpass.rwd.com/vdesk/terminal/f5tunsrv.cab#version=6031,2010,221,2112

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://webpass.rwd.com/vdesk/terminal/InstallerControl.cab#version=6031,2010,0408,1514

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://webpass2.rwd.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0330,0846

DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://webpass.rwd.com/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1212,1610

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://webpass.rwd.com/vdesk/terminal/urxshost.cab#version=6031,2010,221,2109

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rwd.webex.com/client/T23L/webex/ieatgpc.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://webpass.rwd.com/vdesk/terminal/urxhost.cab#version=6031,2010,408,1505

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

TCP: DhcpNameServer = 24.154.1.38 24.154.1.37 192.168.1.1

TCP: Interfaces\{47D1A94B-BE0C-4038-BF3D-5C41645637A6} : DhcpNameServer = 24.154.1.38 24.154.1.37 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SpySubtract Shell Extension: {fa010552-4a27-4cb1-a1bb-3e2d697f1639} - c:\program files\intermute\spysubtract\sshook.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-4 27784]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 33920]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-6-3 10752]

.

=============== Created Last 30 ================

.

2011-11-12 19:46:49 -------- d-----w- c:\program files\MWB

2011-11-12 19:32:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 19:31:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 19:23:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 01:41:07 -------- d-----w- c:\documents and settings\all users\application data\Linksys

2011-11-10 01:40:42 -------- d-----w- c:\program files\Linksys

2011-11-10 01:40:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-21 23:05:43 -------- d-----w- c:\program files\FestiveBar_3gEI

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 23:01:17.57 ===============

Link to post
Share on other sites

Here is TDSSKiller log file contents.

23:15:24.0046 3896 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

23:15:25.0859 3896 ============================================================

23:15:25.0859 3896 Current date / time: 2011/11/15 23:15:25.0859

23:15:25.0859 3896 SystemInfo:

23:15:25.0890 3896

23:15:25.0890 3896 OS Version: 5.1.2600 ServicePack: 3.0

23:15:25.0890 3896 Product type: Workstation

23:15:25.0890 3896 ComputerName: WILLIAMS-OFFICE

23:15:25.0921 3896 UserName: Owner

23:15:25.0921 3896 Windows directory: C:\WINDOWS

23:15:25.0921 3896 System windows directory: C:\WINDOWS

23:15:25.0921 3896 Processor architecture: Intel x86

23:15:25.0921 3896 Number of processors: 1

23:15:25.0921 3896 Page size: 0x1000

23:15:25.0953 3896 Boot type: Normal boot

23:15:25.0953 3896 ============================================================

23:15:31.0500 3896 Initialize success

23:16:44.0093 2080 ============================================================

23:16:44.0093 2080 Scan started

23:16:44.0093 2080 Mode: Manual;

23:16:44.0093 2080 ============================================================

23:16:44.0953 2080 Abiosdsk - ok

23:16:45.0046 2080 abp480n5 - ok

23:16:45.0203 2080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:16:45.0203 2080 ACPI - ok

23:16:45.0343 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

23:16:45.0359 2080 ACPIEC - ok

23:16:45.0468 2080 adpu160m - ok

23:16:45.0593 2080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:16:45.0593 2080 aec - ok

23:16:45.0765 2080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

23:16:45.0781 2080 AFD - ok

23:16:45.0906 2080 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

23:16:45.0937 2080 AFS2K - ok

23:16:46.0109 2080 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

23:16:46.0218 2080 AgereSoftModem - ok

23:16:46.0359 2080 Aha154x - ok

23:16:46.0453 2080 aic78u2 - ok

23:16:46.0562 2080 aic78xx - ok

23:16:46.0718 2080 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

23:16:46.0843 2080 ALCXSENS - ok

23:16:47.0093 2080 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

23:16:47.0234 2080 ALCXWDM - ok

23:16:47.0375 2080 AliIde - ok

23:16:47.0531 2080 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

23:16:47.0546 2080 AmdK7 - ok

23:16:47.0671 2080 amsint - ok

23:16:47.0828 2080 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

23:16:47.0843 2080 Arp1394 - ok

23:16:47.0953 2080 asc - ok

23:16:48.0062 2080 asc3350p - ok

23:16:48.0187 2080 asc3550 - ok

23:16:48.0390 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:16:48.0421 2080 AsyncMac - ok

23:16:48.0531 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

23:16:48.0546 2080 atapi - ok

23:16:48.0656 2080 Atdisk - ok

23:16:48.0828 2080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:16:48.0843 2080 Atmarpc - ok

23:16:48.0984 2080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:16:49.0000 2080 audstub - ok

23:16:49.0218 2080 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

23:16:49.0250 2080 AvgLdx86 - ok

23:16:49.0406 2080 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

23:16:49.0406 2080 AvgMfx86 - ok

23:16:49.0562 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:16:49.0578 2080 Beep - ok

23:16:49.0750 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:16:49.0765 2080 cbidf2k - ok

23:16:49.0906 2080 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:16:49.0921 2080 CCDECODE - ok

23:16:50.0015 2080 cd20xrnt - ok

23:16:50.0156 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:16:50.0171 2080 Cdaudio - ok

23:16:50.0328 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:16:50.0328 2080 Cdfs - ok

23:16:50.0500 2080 Cdrom (cf2a789e8b0d35f68fe1493086a55f85) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:16:50.0515 2080 Cdrom ( Rootkit.Win32.ZAccess.g ) - infected

23:16:50.0515 2080 Cdrom - detected Rootkit.Win32.ZAccess.g (0)

23:16:50.0640 2080 Changer - ok

23:16:50.0812 2080 CmdIde - ok

23:16:50.0968 2080 Cpqarray - ok

23:16:51.0093 2080 dac2w2k - ok

23:16:51.0218 2080 dac960nt - ok

23:16:51.0359 2080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:16:51.0359 2080 Disk - ok

23:16:51.0531 2080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

23:16:51.0593 2080 dmboot - ok

23:16:51.0750 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

23:16:51.0781 2080 dmio - ok

23:16:51.0937 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:16:51.0937 2080 dmload - ok

23:16:52.0093 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:16:52.0093 2080 DMusic - ok

23:16:52.0265 2080 dpti2o - ok

23:16:52.0390 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:16:52.0390 2080 drmkaud - ok

23:16:52.0515 2080 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

23:16:52.0562 2080 eeCtrl - ok

23:16:52.0687 2080 f0071fab (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2870937584:267968596.exe

23:16:52.0687 2080 Suspicious file (Hidden): C:\WINDOWS\2870937584:267968596.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

23:16:52.0687 2080 f0071fab ( Rootkit.Win32.PMax.gen ) - infected

23:16:52.0687 2080 f0071fab - detected Rootkit.Win32.PMax.gen (0)

23:16:52.0828 2080 f5ipfw (92537c3b0483297e21afc7f650fea07e) C:\WINDOWS\system32\drivers\urfltw2k.sys

23:16:52.0859 2080 f5ipfw - ok

23:16:52.0984 2080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:16:52.0984 2080 Fastfat - ok

23:16:53.0109 2080 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

23:16:53.0109 2080 fasttx2k - ok

23:16:53.0250 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

23:16:53.0265 2080 Fdc - ok

23:16:53.0421 2080 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

23:16:53.0437 2080 FETND5BV - ok

23:16:53.0546 2080 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

23:16:53.0562 2080 FETNDISB - ok

23:16:53.0718 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

23:16:53.0734 2080 Fips - ok

23:16:53.0890 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

23:16:53.0906 2080 Flpydisk - ok

23:16:54.0046 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

23:16:54.0062 2080 FltMgr - ok

23:16:54.0234 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:16:54.0250 2080 Fs_Rec - ok

23:16:54.0406 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:16:54.0406 2080 Ftdisk - ok

23:16:54.0562 2080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

23:16:54.0578 2080 GEARAspiWDM - ok

23:16:54.0734 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:16:54.0781 2080 Gpc - ok

23:16:54.0937 2080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:16:54.0953 2080 HidUsb - ok

23:16:55.0062 2080 hpn - ok

23:16:55.0218 2080 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

23:16:55.0234 2080 HPZid412 - ok

23:16:55.0359 2080 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

23:16:55.0359 2080 HPZipr12 - ok

23:16:55.0500 2080 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

23:16:55.0515 2080 HPZius12 - ok

23:16:55.0703 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:16:55.0703 2080 HTTP - ok

23:16:55.0828 2080 i2omgmt - ok

23:16:55.0953 2080 i2omp - ok

23:16:56.0140 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:16:56.0156 2080 i8042prt - ok

23:16:56.0328 2080 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

23:16:56.0390 2080 ialm - ok

23:16:56.0562 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:16:56.0578 2080 Imapi - ok

23:16:56.0718 2080 ini910u - ok

23:16:56.0859 2080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

23:16:56.0859 2080 IntelIde - ok

23:16:57.0015 2080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:16:57.0031 2080 intelppm - ok

23:16:57.0171 2080 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

23:16:57.0187 2080 ip6fw - ok

23:16:57.0359 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:16:57.0375 2080 IpFilterDriver - ok

23:16:57.0531 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:16:57.0546 2080 IpInIp - ok

23:16:57.0687 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:16:57.0687 2080 IpNat - ok

23:16:57.0859 2080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:16:57.0875 2080 IPSec - ok

23:16:58.0031 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:16:58.0046 2080 IRENUM - ok

23:16:58.0218 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:16:58.0218 2080 isapnp - ok

23:16:58.0375 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:16:58.0390 2080 Kbdclass - ok

23:16:58.0515 2080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:16:58.0546 2080 kmixer - ok

23:16:58.0687 2080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:16:58.0687 2080 KSecDD - ok

23:16:58.0828 2080 lbrtfdc - ok

23:16:59.0015 2080 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

23:16:59.0031 2080 LVPr2Mon - ok

23:16:59.0250 2080 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

23:16:59.0296 2080 LVRS - ok

23:16:59.0421 2080 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

23:16:59.0437 2080 LVUSBSta - ok

23:16:59.0609 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:16:59.0609 2080 mnmdd - ok

23:16:59.0765 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

23:16:59.0765 2080 Modem - ok

23:16:59.0906 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:16:59.0921 2080 Mouclass - ok

23:17:00.0046 2080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:17:00.0062 2080 mouhid - ok

23:17:00.0203 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:17:00.0203 2080 MountMgr - ok

23:17:00.0312 2080 mraid35x - ok

23:17:00.0453 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:17:00.0453 2080 MRxDAV - ok

23:17:00.0625 2080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:17:00.0640 2080 MRxSmb - ok

23:17:00.0828 2080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:17:00.0828 2080 Msfs - ok

23:17:00.0968 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:17:00.0984 2080 MSKSSRV - ok

23:17:01.0140 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:17:01.0156 2080 MSPCLOCK - ok

23:17:01.0296 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:17:01.0343 2080 MSPQM - ok

23:17:01.0500 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:17:01.0500 2080 mssmbios - ok

23:17:01.0640 2080 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:17:01.0687 2080 MSTEE - ok

23:17:01.0843 2080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:17:01.0843 2080 Mup - ok

23:17:01.0984 2080 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:17:02.0000 2080 NABTSFEC - ok

23:17:02.0156 2080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:17:02.0171 2080 NDIS - ok

23:17:02.0312 2080 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:17:02.0328 2080 NdisIP - ok

23:17:02.0468 2080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:17:02.0484 2080 NdisTapi - ok

23:17:02.0671 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:17:02.0671 2080 Ndisuio - ok

23:17:02.0828 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:17:02.0843 2080 NdisWan - ok

23:17:02.0984 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

23:17:03.0000 2080 NDProxy - ok

23:17:03.0156 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:17:03.0156 2080 NetBIOS - ok

23:17:03.0281 2080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

23:17:03.0312 2080 NetBT - ok

23:17:03.0484 2080 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

23:17:03.0484 2080 NIC1394 - ok

23:17:03.0640 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:17:03.0640 2080 Npfs - ok

23:17:03.0843 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:17:03.0890 2080 Ntfs - ok

23:17:04.0046 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:17:04.0062 2080 Null - ok

23:17:04.0203 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:17:04.0218 2080 NwlnkFlt - ok

23:17:04.0375 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:17:04.0390 2080 NwlnkFwd - ok

23:17:04.0531 2080 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

23:17:04.0546 2080 ohci1394 - ok

23:17:04.0687 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

23:17:04.0734 2080 Parport - ok

23:17:04.0875 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:17:04.0875 2080 PartMgr - ok

23:17:05.0015 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

23:17:05.0015 2080 ParVdm - ok

23:17:05.0187 2080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

23:17:05.0187 2080 PCI - ok

23:17:05.0328 2080 PCIDump - ok

23:17:05.0468 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

23:17:05.0468 2080 PCIIde - ok

23:17:05.0625 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:17:05.0656 2080 Pcmcia - ok

23:17:05.0765 2080 PDCOMP - ok

23:17:05.0890 2080 PDFRAME - ok

23:17:06.0015 2080 PDRELI - ok

23:17:06.0156 2080 PDRFRAME - ok

23:17:06.0312 2080 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys

23:17:06.0328 2080 pepifilter - ok

23:17:06.0437 2080 perc2 - ok

23:17:06.0546 2080 perc2hib - ok

23:17:06.0703 2080 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

23:17:06.0734 2080 Pfc - ok

23:17:07.0000 2080 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

23:17:07.0234 2080 PID_PEPI - ok

23:17:07.0421 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:17:07.0468 2080 PptpMiniport - ok

23:17:07.0625 2080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

23:17:07.0640 2080 Processor - ok

23:17:07.0765 2080 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

23:17:07.0781 2080 Ps2 - ok

23:17:07.0953 2080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:17:07.0968 2080 PSched - ok

23:17:08.0109 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:17:08.0125 2080 Ptilink - ok

23:17:08.0296 2080 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

23:17:08.0296 2080 PxHelp20 - ok

23:17:08.0406 2080 ql1080 - ok

23:17:08.0515 2080 Ql10wnt - ok

23:17:08.0640 2080 ql12160 - ok

23:17:08.0781 2080 ql1240 - ok

23:17:08.0906 2080 ql1280 - ok

23:17:09.0062 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:17:09.0078 2080 RasAcd - ok

23:17:09.0250 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:17:09.0265 2080 Rasl2tp - ok

23:17:09.0437 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:17:09.0453 2080 RasPppoe - ok

23:17:09.0593 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:17:09.0609 2080 Raspti - ok

23:17:09.0796 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:17:09.0796 2080 Rdbss - ok

23:17:09.0937 2080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:17:09.0984 2080 RDPCDD - ok

23:17:10.0296 2080 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

23:17:10.0343 2080 RDPWD - ok

23:17:10.0500 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:17:10.0515 2080 redbook - ok

23:17:10.0734 2080 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

23:17:10.0750 2080 rtl8139 - ok

23:17:10.0968 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:17:11.0015 2080 Secdrv - ok

23:17:11.0187 2080 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

23:17:11.0203 2080 Serenum - ok

23:17:11.0375 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

23:17:11.0390 2080 Serial - ok

23:17:11.0546 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

23:17:11.0562 2080 Sfloppy - ok

23:17:11.0687 2080 Simbad - ok

23:17:11.0875 2080 SiS315 (94f6eea8a688a37f71bf9c9aeaa42666) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

23:17:11.0937 2080 SiS315 - ok

23:17:12.0078 2080 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

23:17:12.0078 2080 SISAGP - ok

23:17:12.0203 2080 SiSkp (837d26f79a1647066d75c5c811887475) C:\WINDOWS\system32\DRIVERS\srvkp.sys

23:17:12.0218 2080 SiSkp - ok

23:17:12.0359 2080 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:17:12.0375 2080 SLIP - ok

23:17:12.0515 2080 Sparrow - ok

23:17:12.0671 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:17:12.0671 2080 splitter - ok

23:17:12.0859 2080 SQTECH905C (5d7195f1c7c3e9aa7c2e5b37ba71096a) C:\WINDOWS\system32\Drivers\Capt905c.sys

23:17:12.0875 2080 SQTECH905C - ok

23:17:13.0015 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

23:17:13.0015 2080 sr - ok

23:17:13.0171 2080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

23:17:13.0187 2080 Srv - ok

23:17:13.0343 2080 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:17:13.0359 2080 streamip - ok

23:17:13.0500 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:17:13.0546 2080 swenum - ok

23:17:13.0734 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:17:13.0734 2080 swmidi - ok

23:17:13.0906 2080 symc810 - ok

23:17:14.0015 2080 symc8xx - ok

23:17:14.0140 2080 sym_hi - ok

23:17:14.0265 2080 sym_u3 - ok

23:17:14.0390 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:17:14.0406 2080 sysaudio - ok

23:17:14.0609 2080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:17:14.0656 2080 Tcpip - ok

23:17:14.0812 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:17:14.0828 2080 TDPIPE - ok

23:17:14.0968 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:17:14.0984 2080 TDTCP - ok

23:17:15.0140 2080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:17:15.0171 2080 TermDD - ok

23:17:15.0328 2080 TosIde - ok

23:17:15.0468 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:17:15.0531 2080 Udfs - ok

23:17:15.0640 2080 ultra - ok

23:17:15.0828 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:17:15.0859 2080 Update - ok

23:17:16.0031 2080 urvpndrv (197a7b3bb98add3e0a4c105a936385a8) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

23:17:16.0031 2080 urvpndrv - ok

23:17:16.0171 2080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

23:17:16.0187 2080 USBAAPL - ok

23:17:16.0312 2080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

23:17:16.0328 2080 usbaudio - ok

23:17:16.0500 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:17:16.0515 2080 usbccgp - ok

23:17:16.0656 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:17:16.0671 2080 usbehci - ok

23:17:16.0843 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:17:16.0859 2080 usbhub - ok

23:17:17.0000 2080 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

23:17:17.0015 2080 usbohci - ok

23:17:17.0187 2080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:17:17.0203 2080 usbprint - ok

23:17:17.0343 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:17:17.0359 2080 usbscan - ok

23:17:17.0531 2080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:17:17.0531 2080 USBSTOR - ok

23:17:17.0671 2080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:17:17.0703 2080 usbuhci - ok

23:17:17.0843 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:17:17.0859 2080 VgaSave - ok

23:17:18.0000 2080 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

23:17:18.0000 2080 viaagp1 - ok

23:17:18.0140 2080 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

23:17:18.0171 2080 viagfx - ok

23:17:18.0312 2080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

23:17:18.0328 2080 ViaIde - ok

23:17:18.0484 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

23:17:18.0484 2080 VolSnap - ok

23:17:18.0640 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:17:18.0671 2080 Wanarp - ok

23:17:18.0843 2080 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

23:17:18.0890 2080 Wdf01000 - ok

23:17:19.0015 2080 WDICA - ok

23:17:19.0171 2080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:17:19.0171 2080 wdmaud - ok

23:17:19.0375 2080 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

23:17:19.0390 2080 WinUSB - ok

23:17:19.0562 2080 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

23:17:19.0609 2080 WpdUsb - ok

23:17:19.0765 2080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

23:17:19.0781 2080 WS2IFSL - ok

23:17:19.0921 2080 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:17:19.0937 2080 WSTCODEC - ok

23:17:20.0093 2080 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:17:20.0093 2080 WudfPf - ok

23:17:20.0234 2080 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:17:20.0265 2080 WudfRd - ok

23:17:20.0406 2080 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys

23:17:20.0437 2080 zumbus - ok

23:17:20.0562 2080 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0

23:17:20.0562 2080 \Device\Harddisk0\DR0 - ok

23:17:20.0578 2080 Boot (0x1200) (89e6f089ef6a797fb662e0030620107f) \Device\Harddisk0\DR0\Partition0

23:17:20.0578 2080 \Device\Harddisk0\DR0\Partition0 - ok

23:17:20.0593 2080 Boot (0x1200) (8383b4cd34754551066ee37498934169) \Device\Harddisk0\DR0\Partition1

23:17:20.0625 2080 \Device\Harddisk0\DR0\Partition1 - ok

23:17:20.0625 2080 ============================================================

23:17:20.0625 2080 Scan finished

23:17:20.0625 2080 ============================================================

23:17:20.0718 4348 Detected object count: 2

23:17:20.0718 4348 Actual detected object count: 2

23:18:24.0156 4348 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\cdrom.sys) error 1813

23:18:26.0578 4348 Backup copy found, using it..

23:18:26.0703 4348 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot

23:18:31.0265 4348 C:\WINDOWS\system32\c_51361.nls - will be deleted on reboot

23:18:35.0187 4348 Cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

23:18:35.0187 4348 HKLM\SYSTEM\ControlSet001\services\f0071fab - will be deleted on reboot

23:18:35.0203 4348 HKLM\SYSTEM\ControlSet002\services\f0071fab - will be deleted on reboot

23:18:35.0203 4348 HKLM\SYSTEM\ControlSet003\services\f0071fab - will be deleted on reboot

23:18:35.0218 4348 C:\WINDOWS\2870937584:267968596.exe - will be deleted on reboot

23:18:35.0218 4348 f0071fab ( Rootkit.Win32.PMax.gen ) - User select action: Delete

23:18:42.0093 4728 Deinitialize success

Link to post
Share on other sites

And, here is Security Check log file contents.

Results of screen317's Security Check version 0.99.26

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 8.5

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Java 6 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Reader X (KB403742..) Adobe Reader Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

``````````End of Log````````````

Link to post
Share on other sites

D-FRED-BROWN,

Status update....

1) I did a few quick Google searches and did not seem to get re-directed. This is a good sign.

2) I re-installed Malwarebytes and am currently running a Quick Scan (didn't abort automatically this time). This is a good sign.

3) Windows update shield is still in my system tray, but doesn't seem to be doing any harm. I will shut down tonight and look again tomorrow.

4) Time will tell if re-booting is stable

I am feeling much better now, but want to give it a couple of days before declaring anything.

You have been a big help thus far. Any other suggestions based on log files?

Link to post
Share on other sites

I am thrilled to hear things are looking better! :)

TDSSKiller took out most of the infection, but let's run ComboFix to see if there are any remaining remnants that need addressing. I'm going to call it a night, so I'll check back tomorrow morning to see how things are going ;)

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Link to post
Share on other sites

Here is the ComboFix log you had requested.

ComboFix 11-11-15.06 - Owner 11/16/2011 11:49:43.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1459 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\My Documents\DPE.DUS

c:\documents and settings\Owner\WINDOWS

c:\windows\$NtUninstallKB4179$

c:\windows\$NtUninstallKB4179$\2834622876

c:\windows\$NtUninstallKB4179$\4026998699\@

c:\windows\$NtUninstallKB4179$\4026998699\click.tlb

c:\windows\$NtUninstallKB4179$\4026998699\L\anjncqnk

c:\windows\$NtUninstallKB4179$\4026998699\loader.tlb

c:\windows\$NtUninstallKB4179$\4026998699\U\@00000001

c:\windows\$NtUninstallKB4179$\4026998699\U\@000000c0

c:\windows\$NtUninstallKB4179$\4026998699\U\@000000cb

c:\windows\$NtUninstallKB4179$\4026998699\U\@000000cf

c:\windows\$NtUninstallKB4179$\4026998699\U\@80000000

c:\windows\$NtUninstallKB4179$\4026998699\U\@800000c0

c:\windows\$NtUninstallKB4179$\4026998699\U\@800000cb

c:\windows\$NtUninstallKB4179$\4026998699\U\@800000cf

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\2870937584

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\dasetup.log

c:\windows\help\wmplayer.bak

c:\windows\system32\

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

c:\windows\TEMP\logishrd\LVPrcInj04.dll

D:\Autorun.inf

.

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061732.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061733.exe

.

Infected copy of c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061734.exe

.

Infected copy of c:\progra~1\AVG\AVG8\avgwdsvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061735.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP725\A0062690.exe

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP716\A0061845.exe

.

Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061736.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061741.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\program files\Java\jre6\bin\

.

Infected copy of c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP733\A0062967.exe

.

Infected copy of c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061738.exe

.

Infected copy of c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061739.exe

.

Infected copy of c:\windows\System32\HPZipm12.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP716\A0061914.exe

.

Infected copy of c:\windows\system32\ZuneBusEnum.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061740.exe

.

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP715\A0061732.exe

Infected copy of c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP733\A0062967.exe

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-12 19:46 . 2011-11-16 04:37 -------- d-----w- c:\program files\MWB

2011-11-12 19:31 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 19:23 . 2011-11-12 19:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 01:41 . 2011-11-10 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys

2011-11-10 01:40 . 2011-11-10 01:40 -------- d-----w- c:\program files\Linksys

2011-11-10 01:40 . 2011-11-12 19:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-21 23:05 . 2011-10-21 23:05 -------- d-----w- c:\program files\FestiveBar_3gEI

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-16 04:21 . 2004-05-20 17:51 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-10-10 14:22 . 2003-03-04 06:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-04-01 08:25 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-05-20 17:32 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-05-20 17:32 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-04-01 04:50 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-05-20 17:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-05-20 17:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

IMStart.lnk - c:\program files\InterMute\IMStart.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2004-08-21 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-31 14:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]

2004-04-01 21:29 159744 ----a-w- c:\progra~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\PCHButton.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\Program Files\\Meeting Center\\mcClient.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\OverDrive Media Console\\MediaConsole.exe"=

"c:\\Program Files\\Zune\\Zune.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\MDCrashReportTool.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jucheck.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\MWB\\mbam.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\tdsskiller\\TDSSKiller.exe"=

.

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 12:41 PM 335240]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/16/2011 12:03 PM 401920]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 4:35 PM 297752]

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 11:08 AM 33920]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [6/3/2009 2:49 PM 10752]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.google.com/nwshp?sourceid=navclient&ie=UTF-8

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 24.154.1.38 24.154.1.37 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-RecordNow! - (no file)

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-AAWTray - c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe

SafeBoot-89194557.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-TurboTax Deluxe Deduction Maximizer 2006 - c:\program files\TurboTax\Deluxe 2006\TaxUnst.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-16 12:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(9152)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\java.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\ZuneBusEnum.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\VTTimer.exe

c:\windows\AGRSMMSG.exe

c:\windows\ALCXMNTR.EXE

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-11-16 12:21:46 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 17:21

.

Pre-Run: 32,851,345,408 bytes free

Post-Run: 35,584,356,352 bytes free

.

- - End Of File - - 841F5309255407E0CEC709061479BC69

Link to post
Share on other sites

Looking good! Let's run some online scans to confirm you're clean, before we move on to anything else ;)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

----------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

D-FRED-BROWN,

Here is the log file from the ESET scan (it took a while to run). The scan results page indicated 31 infected files.

I will run BitDefender Online scan now and post results in another reply.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1aba6c58be43994b9ba1ae25792e667d

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-17 01:53:45

# local_time=2011-11-16 08:53:45 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 63223930 63223930 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=121193

# found=31

# cleaned=0

# scan_time=4642

C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Owner\Local Settings\Application Data\f0071fab\U\800000cb.@ a variant of Win32/Agent.TEO trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\AVG\AVG8\avgnsx.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\AVG\AVG8\avgrsx.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\AVG\AVG8\avgupd.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgwdsvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\HPZipm12.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\ZuneBusEnum.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\java.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\wuauclt.exe.tmp Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng09.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Try Panda- I think something is wrong with BitDefender, you're the second person to let me know its not working.

Please go HERE to run Panda ActiveScan 2.0

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply

Link to post
Share on other sites

Strange. I got past the Active X control step, but after a moment of downloading, it stopped and a new screen labeled ActiveScan 2.0 update: Update Error came up followed by the text, "Sorry, updating is incomplete due to an error. Please try again." I tried to click the "Update" button a few times, but it kept returning me to this screen.

No joy!

Thoughts?

Link to post
Share on other sites

I do not recall if I ran the quick scan or the full scan. I disabled my firewall and virus software before running.

Here are the ActiveScan log results below.

;***********************************************************************************************************************************************************************************

ANALYSIS: 2011-11-17 00:06:26

PROTECTIONS: 1

MALWARE: 49

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

AVG Anti-Virus Free 8.5 No Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\xgaxvzh0.txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\cyu1d1zr.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\w1yeqwyz.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\u2a5t3o7.txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\87s52s86.txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\0s3hqw65.txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\qavi7fcj.txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\2k2eviyq.txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@linksynergy[1].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@maxserving[1].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@belnk[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@com[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@xiti[1].txt

00167730 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ehg.hitbox[2].txt

00167733 Cookie/Adserver TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@z1.adserver[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\3shwfh1y.txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\yiqn0zw3.txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@statcounter[2].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@counter.hitslink[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\lzztizqa.txt

00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@bilbo.counted[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\y249x1oq.txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\37l1i966.txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\s83tv2mf.txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\2gnovxcx.txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\dkcgy8vy.txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@server.iad.liveperson[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\9m758pik.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\zfi26mfv.txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@media.adrevolver[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\eqw0dfub.txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\mrhr6hrw.txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\hff1jewp.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\21qk5u0p.txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\5hlf4kat.txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@phg.hitbox[1].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@bravenet[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\3g5bhguc.txt

00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@target[2].txt

00207712 Cookie/360i TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ct.360i[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@did-it[1].txt

00216065 Cookie/Screensavers TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@i.screensavers[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\7k1yokrw.txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@cgi-bin[3].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ehg-dig.hitbox[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ads.addynamix[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\wpt2kjxr.txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@h.starware[2].txt

08558814 W32/Katusha.BN Virus Yes 1 Yes No c:\progra~1\avg\avg8\avgrsx.exe

08558814 W32/Katusha.BN Virus Yes 1 Yes No c:\windows\system32\java.exe

08558814 W32/Katusha.BN Virus No 0 Yes No c:\windows\system32\wuauclt.exe.tmp

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

Link to post
Share on other sites

Your logs appear to be clean :)

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again:

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-----

Please let me know how the updates went, as failed updates may indicate additional malware.

Link to post
Share on other sites

D-FRED-BROWN,

You have been a star thus far.

I have to leave for a Thanksgiving trip with the fam. I have to unplug my PC and pick up on these software updates when I return. Since it will be over5 days, I guess this topic will expire and I will just have to start a new one if still having problems. Thanks for the time you have put in for my sick PC to this point

Cheers!

Link to post
Share on other sites

I have to leave for a Thanksgiving trip with the fam. I have to unplug my PC and pick up on these software updates when I return. Since it will be over5 days, I guess this topic will expire and I will just have to start a new one if still having problems. Thanks for the time you have put in for my sick PC to this point

Cheers!

I understand, thank you for letting me know. Don't worry about the topic being closed, I will leave it open for you once you get back ;)

Hope you have a nice Thanksgiving :)

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.