BleepingComputer.com: Trojan horse Generic 4_c.ALZA infection PLEASE HELP

Around 4:00pm today, September 14, 2011, when my husband opened an email, AVG Resident Shield flashed a message saying that it had caught and stopped a trojan horse. We immediately closed all open windows and ran an AVG scan.

AVG found:
"Warning";"Corrupted executable file";"C:\Users\mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05POW4YN\vclean[1].exe";"N/A";"9/14/2011, 2:29:22 PM"

"Infection";"Trojan horse Generic4_c.ALZA";"c:\Program Files\SIFXINST\VISTAMHDC4.5.EXE";"N/A";"9/14/2011, 4:53:21 PM"

AVG put these files in their Virus Vault.

Ran a MBAM full scan after AVG scan was completed. MBAM didn't find any infections.

We are using a laptop with Microsoft Windows Vista Home Basic, Service Pack 2, on a Gateway model ML3109,Intel® Celeron® M CPU 520 @ 1.60GHz 1.60 GHz processor, 512 MB ram, 32-bit Operating system.

I would really appreciate any help you can give to safely remove this trojan. But since I am not a programmer, please use simple instructions. I look forward to getting your reply.

This post has been edited by mikesandypenny: 14 September 2011 - 07:30 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

MiniToolBox by Farbar
Ran by mick (administrator) on 15-09-2011 at 10:47:57
Windows Vista ™ Home Basic Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : mick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wifi.mybrighthouse.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cfl.rr.com
Description . . . . . . . . . . . : Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-03-25-46-CE-4B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : wifi.mybrighthouse.com
Description . . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g Wireless Device
Physical Address. . . . . . . . . : 00-C0-A8-EC-C9-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::69e9:29c8:3d07:91c5%8(Preferred)
IPv4 Address. . . . . . . . . . . : 10.7.65.204(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 14, 2011 11:09:43 AM
Lease Expires . . . . . . . . . . : Thursday, September 15, 2011 11:41:27 AM
Default Gateway . . . . . . . . . : 10.7.65.1
DHCP Server . . . . . . . . . . . : 10.9.21.14
DHCPv6 IAID . . . . . . . . . . . : 201375912
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-E6-52-F5-00-C0-A8-EB-21-0A
DNS Servers . . . . . . . . . . . : 10.9.21.19
10.9.21.20
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cfl.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wifi.mybrighthouse.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1814:3fb5:f5f8:be33(Preferred)
Link-local IPv6 Address . . . . . : fe80::1814:3fb5:f5f8:be33%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.9.21.19

Name: google.com
Addresses: 74.125.47.103
74.125.47.104
74.125.47.105
74.125.47.106
74.125.47.147
74.125.47.99



Pinging google.com [74.125.47.99] with 32 bytes of data:

Reply from 74.125.47.99: bytes=32 time=32ms TTL=54

Reply from 74.125.47.99: bytes=32 time=33ms TTL=54



Ping statistics for 74.125.47.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: UnKnown
Address: 10.9.21.19

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:

Reply from 69.147.125.65: bytes=32 time=40ms TTL=54

Reply from 69.147.125.65: bytes=32 time=44ms TTL=54



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 44ms, Average = 42ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 03 25 46 ce 4b ...... Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
8 ...00 c0 a8 ec c9 14 ...... Realtek 8185 Extensible 802.11b/g Wireless Device
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.cfl.rr.com
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.7.65.1 10.7.65.204 25
10.7.65.0 255.255.255.0 On-link 10.7.65.204 281
10.7.65.204 255.255.255.255 On-link 10.7.65.204 281
10.7.65.255 255.255.255.255 On-link 10.7.65.204 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.7.65.204 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.7.65.204 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:1814:3fb5:f5f8:be33/128
On-link
8 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::1814:3fb5:f5f8:be33/128
On-link
8 281 fe80::69e9:29c8:3d07:91c5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
8 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/14/2011 11:23:19 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1790
Start Time: 01cc72a59cf30dbd
Termination Time: 35098

Error: (09/13/2011 07:03:48 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 14c4
Start Time: 01cc725bcdaaa40e
Termination Time: 17988

Error: (09/13/2011 03:25:10 PM) (Source: Application Hang) (User: )
Description: The program WksWP.exe version 8.5.818.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 13b4
Start Time: 01cc724a4f0bc15c
Termination Time: 18207

Error: (09/12/2011 11:59:25 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/12/2011 11:21:18 AM) (Source: MsiInstaller) (User: mick)mick
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070091. assembly interface: IAssemblyCacheItem, function: Commit, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}

Error: (09/12/2011 11:06:22 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Fix it 50735 -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (09/12/2011 11:05:47 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Fix it 50735 -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (09/12/2011 10:39:16 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Fix it 50735 -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (09/12/2011 10:38:39 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Fix it 50735 -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (09/12/2011 10:28:31 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Fix it 50735 -- Error 1314. The specified path '%APPDATA%\' is unavailable.


System errors:
=============
Error: (09/15/2011 09:10:23 AM) (Source: Service Control Manager) (User: )
Description: 30000

Error: (09/15/2011 09:09:53 AM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (09/14/2011 11:09:26 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (09/14/2011 02:47:03 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 02:46:58 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 02:46:53 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 02:46:48 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 02:46:43 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 02:46:38 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (09/14/2011 01:21:50 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Agere Systems HDA Modem
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.641.0)
ATI Uninstaller
AVG 2011 (Version: 10.0.1410)
AVG 2011 (Version: 10.0.1520)
Browser Address Error Redirector
Catalyst Control Center Core Implementation (Version: 0126.0004.2582.42927)
Catalyst Control Center Graphics Full Existing (Version: 0126.0004.2582.42927)
Catalyst Control Center Graphics Full New (Version: 0126.0004.2582.42927)
Catalyst Control Center Graphics Light (Version: 0126.0004.2582.42927)
Catalyst Control Center Graphics Previews Vista (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Chinese Standard (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Chinese Traditional (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Czech (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Danish (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Dutch (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Finnish (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization French (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization German (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Greek (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Hungarian (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Italian (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Japanese (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Korean (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Norwegian (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Polish (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Portuguese (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Russian (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Spanish (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Swedish (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Thai (Version: 0126.0004.2582.42927)
Catalyst Control Center Localization Turkish (Version: 0126.0004.2582.42927)
ccc-core-static (Version: 0126.0004.2582.42927)
ccc-utility (Version: 0126.0004.2582.42927)
CCC Help Chinese Standard (Version: 0126.0004.2581.42927)
CCC Help Chinese Traditional (Version: 0126.0004.2581.42927)
CCC Help Czech (Version: 0126.0004.2581.42927)
CCC Help Danish (Version: 0126.0004.2581.42927)
CCC Help Dutch (Version: 0126.0004.2581.42927)
CCC Help English (Version: 0126.0004.2581.42927)
CCC Help Finnish (Version: 0126.0004.2581.42927)
CCC Help French (Version: 0126.0004.2581.42927)
CCC Help German (Version: 0126.0004.2581.42927)
CCC Help Greek (Version: 0126.0004.2581.42927)
CCC Help Hungarian (Version: 0126.0004.2581.42927)
CCC Help Italian (Version: 0126.0004.2581.42927)
CCC Help Japanese (Version: 0126.0004.2581.42927)
CCC Help Korean (Version: 0126.0004.2581.42927)
CCC Help Norwegian (Version: 0126.0004.2581.42927)
CCC Help Polish (Version: 0126.0004.2581.42927)
CCC Help Portuguese (Version: 0126.0004.2581.42927)
CCC Help Russian (Version: 0126.0004.2581.42927)
CCC Help Spanish (Version: 0126.0004.2581.42927)
CCC Help Swedish (Version: 0126.0004.2581.42927)
CCC Help Thai (Version: 0126.0004.2581.42927)
CCC Help Turkish (Version: 0126.0004.2581.42927)
CIF Dual-Mode Camera (Version: 2.03.0000)
DVD Suite
eMusic Download Manager 4.1.4 (Version: 4.1.4)
Gateway Connect (Version: 1.1.0)
Gateway Game Console
Gateway Recovery Center Installer (Version: 1.01.025)
Gleim's FAA Test Prep 2008 2008
Google Desktop (Version: 5.7.0806.10245)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Linkit_eBay (Version: 1.0.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Digital Image Starter Edition 2006 (Version: 11.0.2018)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.2018)
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.2018)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Napster Burn Engine (Version: 3.5.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PhoTags Express (Version: )
Power2Go 5.0
PowerDVD (Version: 7.0.2407.0)
QuickTime (Version: 7.70.80.34)
RTC Client API v1.2 (Version: 1.2.0000)
Secunia PSI (2.0.0.2001)
SigmaTel Audio (Version: 5.10.5003.0)
Skins (Version: 0126.0004.2582.42927)
Synaptics Pointing Device Driver (Version: 9.1.3.0)
Viewpoint Media Player
WEBCAM (Version: 5.18.1.002)

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 445.39 MB
Available physical RAM: 96.98 MB
Total Pagefile: 1573.26 MB
Available Pagefile: 566 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:65.26 GB) (Free:25.9 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.27 GB) (Free:3.59 GB) NTFS

========================= Users: ========================================

User accounts for \\MICK-PC

Administrator Guest mick


**** End of log ****

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7722

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/15/2011 11:46:11 AM
mbam-log-2011-09-15 (11-46-10).txt

Scan type: Quick scan
Objects scanned: 166171
Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-15 13:51:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS421280H9AT00 rev.HA3OA70S
Running: hj2pt5u5.exe; Driver: C:\Users\mick\AppData\Local\Temp\kxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x979007A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x97900848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x979008E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x97900980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 820E8B74 4 Bytes [A0, 07, 90, 97]
.text ntkrnlpa.exe!KeSetEvent + 621 820E8DA4 8 Bytes [48, 08, 90, 97, E4, 08, 90, ...] {DEC EAX; OR [EAX-0x6ff71b69], DL; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 681 820E8E04 4 Bytes [80, 09, 90, 97] {OR BYTE [ECX], 0x90; XCHG EDI, EAX}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

All looks clean.

Are you experiencing any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

I ran TFC and ESET. ESET didn't come up with a List of Found Threats to post. However AVG Virus Vault still has these two files in it:

"Warning";"Corrupted executable file";"C:\Users\mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05POW4YN\vclean[1].exe";"N/A";"9/14/2011, 2:29:22 PM"

"Infection";"Trojan horse Generic4_c.ALZA";"c:\Program Files\SIFXINST\VISTAMHDC4.5.EXE";"N/A";"9/14/2011, 4:53:21 PM"

Can they be safely emptied from the AVG Virus Vault? If not, how should they be handled?

Yes you can empty AVG vault.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.

======================================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

Really appreciate your time assisting with this issue.

Already have Secunia Personal Software Inspector installed and it's showing that Java has been patched. Yet Malwarebytes' Anti-Malware has indicated that there is out of date Java installed, which is correct?

You have two Javas listed:
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)

The current version is "Update 27", so you have to install this one and uninstall the other two.