Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

phoenix exploit kit & Hupigon trojan


  • This topic is locked This topic is locked
13 replies to this topic

#1 Gdirect

Gdirect

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 30 January 2012 - 10:17 PM

About a week ago I got an AVG pop-up "Threat detected warning - Exploit Phoenix Exploit Kit(Type 769)", after clicking on what I thought was a safe google search result. I immediately ran Malwarebytes, SpyBot and an Eset online scan none of which found any problems. My computer was acting erratic and running slow some of the time after that warning. Several days later, I discovered that AVG had found 10 files infected with Trojan Horse BackDoor.Hupigon5.CBOV, but was unable to "Heal" any of the infected files.

Here is my dds report:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 21:08:45 on 2012-01-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.350 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\Program Files\Verbatim\MediaShare Desktop Applications\HipServAgent\HipServAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [Panasonic IP Address Checker for Multi-Function Station software] c:\program files\panasonic\mfstation\PccChgIP.exe -s10
mRun: [Panasonic LPD Manager] c:\program files\panasonic\mfstation\PCMFSMLM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [HipServ Agent] c:\program files\verbatim\mediashare desktop applications\hipservagent\HipServAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255562076359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E1D2374-2511-4AD0-8A19-310BCD959E85} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\8gkxx245.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.rand=1074355059370&.o=&.l=dik5h8d/o
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\8gkxx245.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-11-2 56208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-14 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-14 297752]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2009-10-19 36864]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-25 401920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 8456]
.
=============== Created Last 30 ================
.
2012-01-16 16:57:27 -------- d-----w- c:\windows\system32\cache
2012-01-03 23:33:00 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-09 04:28:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:10:29.44 ===============

and my GMER report:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-30 20:42:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120026A rev.8.01
Running: iy6c6wlw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[492] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}
Reg HKLM\SOFTWARE\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}@U353QTLYPIOPYRLMV5JFS1QAXG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}
Reg HKLM\SOFTWARE\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}@U353QTLYPIOPYRLMV5JFS1QAXG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EB668333-F612-E1D7-2FB00B30B4B4E4AA}\{D1B6E034-64F3-148A-55D2E81E9958627F}\{B02B1958-B4EC-2E2F-D228BAC73E6936F4}
Reg HKLM\SOFTWARE\Classes\CLSID\{EB668333-F612-E1D7-2FB00B30B4B4E4AA}\{D1B6E034-64F3-148A-55D2E81E9958627F}\{B02B1958-B4EC-2E2F-D228BAC73E6936F4}@U353QTLYPIOPYRLMV5JFS1QAXG1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

Thank you very much,
GDirect

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 04 February 2012 - 08:30 AM

Hello, my name is Elise and I'll assist you with this issue.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 04 February 2012 - 11:30 AM

Hi Elise,

I really appreciate your help with this!

Here is the TDSSKiller log:

09:55:08.0484 3948 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:55:08.0843 3948 ============================================================
09:55:08.0843 3948 Current date / time: 2012/02/04 09:55:08.0843
09:55:08.0843 3948 SystemInfo:
09:55:08.0843 3948
09:55:08.0843 3948 OS Version: 5.1.2600 ServicePack: 3.0
09:55:08.0843 3948 Product type: Workstation
09:55:08.0843 3948 ComputerName: DELL
09:55:08.0843 3948 UserName: Owner
09:55:08.0843 3948 Windows directory: C:\WINDOWS
09:55:08.0843 3948 System windows directory: C:\WINDOWS
09:55:08.0843 3948 Processor architecture: Intel x86
09:55:08.0843 3948 Number of processors: 1
09:55:08.0843 3948 Page size: 0x1000
09:55:08.0843 3948 Boot type: Normal boot
09:55:08.0843 3948 ============================================================
09:55:12.0531 3948 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:55:12.0546 3948 \Device\Harddisk0\DR0:
09:55:12.0546 3948 MBR used
09:55:12.0546 3948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
09:55:12.0546 3948 Initialize success
09:55:12.0546 3948 ============================================================
09:55:33.0406 2224 ============================================================
09:55:33.0406 2224 Scan started
09:55:33.0406 2224 Mode: Manual;
09:55:33.0406 2224 ============================================================
09:55:33.0437 2224 Abiosdsk - ok
09:55:33.0453 2224 abp480n5 - ok
09:55:33.0468 2224 ACPI - ok
09:55:33.0484 2224 ACPIEC - ok
09:55:33.0484 2224 adpu160m - ok
09:55:33.0500 2224 aec - ok
09:55:33.0515 2224 AFD - ok
09:55:33.0531 2224 Aha154x - ok
09:55:33.0531 2224 aic78u2 - ok
09:55:33.0546 2224 aic78xx - ok
09:55:33.0562 2224 AliIde - ok
09:55:33.0593 2224 amsint - ok
09:55:33.0609 2224 Arp1394 - ok
09:55:33.0609 2224 asc - ok
09:55:33.0625 2224 asc3350p - ok
09:55:33.0640 2224 asc3550 - ok
09:55:33.0671 2224 AsyncMac - ok
09:55:33.0687 2224 atapi - ok
09:55:33.0703 2224 Atdisk - ok
09:55:33.0718 2224 Atmarpc - ok
09:55:33.0734 2224 audstub - ok
09:55:33.0765 2224 AvgLdx86 - ok
09:55:33.0781 2224 AvgMfx86 - ok
09:55:33.0781 2224 AvgTdiX - ok
09:55:33.0796 2224 b57w2k - ok
09:55:33.0812 2224 bcm4sbxp - ok
09:55:33.0828 2224 Beep - ok
09:55:33.0843 2224 Bridge - ok
09:55:33.0859 2224 BridgeMP - ok
09:55:33.0890 2224 catchme - ok
09:55:33.0906 2224 cbidf2k - ok
09:55:33.0921 2224 CCDECODE - ok
09:55:33.0937 2224 cd20xrnt - ok
09:55:33.0953 2224 Cdaudio - ok
09:55:33.0968 2224 Cdfs - ok
09:55:33.0968 2224 Cdr4_xp - ok
09:55:33.0984 2224 Cdralw2k - ok
09:55:34.0000 2224 Cdrom - ok
09:55:34.0015 2224 cdudf_xp - ok
09:55:34.0015 2224 Changer - ok
09:55:34.0046 2224 CmdIde - ok
09:55:34.0078 2224 Cpqarray - ok
09:55:34.0093 2224 dac2w2k - ok
09:55:34.0109 2224 dac960nt - ok
09:55:34.0140 2224 Disk - ok
09:55:34.0156 2224 dmboot - ok
09:55:34.0171 2224 dmio - ok
09:55:34.0187 2224 dmload - ok
09:55:34.0203 2224 DMusic - ok
09:55:34.0218 2224 dpti2o - ok
09:55:34.0234 2224 drmkaud - ok
09:55:34.0250 2224 DVDVRRdr_xp - ok
09:55:34.0265 2224 dvd_2K - ok
09:55:34.0281 2224 epmntdrv - ok
09:55:34.0296 2224 EuGdiDrv - ok
09:55:34.0312 2224 Fastfat - ok
09:55:34.0328 2224 Fdc - ok
09:55:34.0343 2224 Fips - ok
09:55:34.0359 2224 Flpydisk - ok
09:55:34.0375 2224 FltMgr - ok
09:55:34.0390 2224 Fs_Rec - ok
09:55:34.0406 2224 Ftdisk - ok
09:55:34.0421 2224 gameenum - ok
09:55:34.0421 2224 Gpc - ok
09:55:34.0453 2224 HidUsb - ok
09:55:34.0468 2224 hotcore3 - ok
09:55:34.0500 2224 hpn - ok
09:55:34.0500 2224 HPZid412 - ok
09:55:34.0515 2224 HPZipr12 - ok
09:55:34.0531 2224 HPZius12 - ok
09:55:34.0546 2224 HSFHWBS2 - ok
09:55:34.0546 2224 HSF_DP - ok
09:55:34.0562 2224 HTTP - ok
09:55:34.0578 2224 i2omgmt - ok
09:55:34.0593 2224 i2omp - ok
09:55:34.0609 2224 i8042prt - ok
09:55:34.0609 2224 ialm - ok
09:55:34.0640 2224 Imapi - ok
09:55:34.0656 2224 ini910u - ok
09:55:34.0671 2224 IntelIde - ok
09:55:34.0687 2224 intelppm - ok
09:55:34.0703 2224 ip6fw - ok
09:55:34.0718 2224 IpFilterDriver - ok
09:55:34.0734 2224 IpInIp - ok
09:55:34.0734 2224 IpNat - ok
09:55:34.0750 2224 IPSec - ok
09:55:34.0765 2224 IRENUM - ok
09:55:34.0781 2224 isapnp - ok
09:55:34.0796 2224 Kbdclass - ok
09:55:34.0812 2224 kbdhid - ok
09:55:34.0828 2224 kmixer - ok
09:55:34.0828 2224 KSecDD - ok
09:55:34.0843 2224 lbrtfdc - ok
09:55:34.0875 2224 mdmxsdk - ok
09:55:34.0890 2224 mmc_2K - ok
09:55:34.0906 2224 mnmdd - ok
09:55:34.0921 2224 Modem - ok
09:55:34.0937 2224 MODEMCSA - ok
09:55:34.0937 2224 Mouclass - ok
09:55:34.0953 2224 mouhid - ok
09:55:34.0968 2224 MountMgr - ok
09:55:34.0968 2224 mraid35x - ok
09:55:34.0984 2224 MRxDAV - ok
09:55:35.0000 2224 MRxSmb - ok
09:55:35.0015 2224 Msfs - ok
09:55:35.0031 2224 MSKSSRV - ok
09:55:35.0046 2224 MSPCLOCK - ok
09:55:35.0062 2224 MSPQM - ok
09:55:35.0062 2224 mssmbios - ok
09:55:35.0078 2224 MSTEE - ok
09:55:35.0093 2224 Mup - ok
09:55:35.0109 2224 NABTSFEC - ok
09:55:35.0125 2224 NDIS - ok
09:55:35.0125 2224 NdisIP - ok
09:55:35.0140 2224 NdisTapi - ok
09:55:35.0156 2224 Ndisuio - ok
09:55:35.0156 2224 NdisWan - ok
09:55:35.0171 2224 NDProxy - ok
09:55:35.0187 2224 NetBIOS - ok
09:55:35.0187 2224 NetBT - ok
09:55:35.0234 2224 NIC1394 - ok
09:55:35.0250 2224 Npfs - ok
09:55:35.0265 2224 Ntfs - ok
09:55:35.0281 2224 Null - ok
09:55:35.0296 2224 NwlnkFlt - ok
09:55:35.0312 2224 NwlnkFwd - ok
09:55:35.0328 2224 ohci1394 - ok
09:55:35.0328 2224 OMCI - ok
09:55:35.0343 2224 P16X - ok
09:55:35.0359 2224 Parport - ok
09:55:35.0375 2224 PartMgr - ok
09:55:35.0375 2224 ParVdm - ok
09:55:35.0390 2224 PCI - ok
09:55:35.0406 2224 PCIDump - ok
09:55:35.0421 2224 PCIIde - ok
09:55:35.0421 2224 Pcmcia - ok
09:55:35.0437 2224 PDCOMP - ok
09:55:35.0437 2224 PDFRAME - ok
09:55:35.0453 2224 PDRELI - ok
09:55:35.0468 2224 PDRFRAME - ok
09:55:35.0484 2224 perc2 - ok
09:55:35.0484 2224 perc2hib - ok
09:55:35.0515 2224 PfModNT - ok
09:55:35.0546 2224 PptpMiniport - ok
09:55:35.0562 2224 Processor - ok
09:55:35.0578 2224 PSched - ok
09:55:35.0593 2224 Ptilink - ok
09:55:35.0593 2224 pwd_2k - ok
09:55:35.0609 2224 ql1080 - ok
09:55:35.0625 2224 Ql10wnt - ok
09:55:35.0640 2224 ql12160 - ok
09:55:35.0640 2224 ql1240 - ok
09:55:35.0656 2224 ql1280 - ok
09:55:35.0671 2224 RasAcd - ok
09:55:35.0687 2224 Rasl2tp - ok
09:55:35.0703 2224 RasPppoe - ok
09:55:35.0703 2224 Raspti - ok
09:55:35.0718 2224 Rdbss - ok
09:55:35.0734 2224 RDPCDD - ok
09:55:35.0750 2224 RDPWD - ok
09:55:35.0765 2224 redbook - ok
09:55:35.0812 2224 SASDIFSV - ok
09:55:35.0812 2224 SASKUTIL - ok
09:55:35.0843 2224 Secdrv - ok
09:55:35.0875 2224 serenum - ok
09:55:35.0890 2224 Serial - ok
09:55:35.0906 2224 Sfloppy - ok
09:55:35.0937 2224 Simbad - ok
09:55:35.0937 2224 SLIP - ok
09:55:35.0953 2224 Sparrow - ok
09:55:35.0968 2224 splitter - ok
09:55:35.0984 2224 sr - ok
09:55:36.0000 2224 Srv - ok
09:55:36.0031 2224 streamip - ok
09:55:36.0046 2224 swenum - ok
09:55:36.0046 2224 swmidi - ok
09:55:36.0078 2224 symc810 - ok
09:55:36.0078 2224 symc8xx - ok
09:55:36.0093 2224 sym_hi - ok
09:55:36.0109 2224 sym_u3 - ok
09:55:36.0125 2224 sysaudio - ok
09:55:36.0140 2224 Tcpip - ok
09:55:36.0156 2224 TDPIPE - ok
09:55:36.0171 2224 TDTCP - ok
09:55:36.0171 2224 TermDD - ok
09:55:36.0203 2224 TosIde - ok
09:55:36.0218 2224 UdfReadr_xp - ok
09:55:36.0234 2224 Udfs - ok
09:55:36.0250 2224 UimBus - ok
09:55:36.0250 2224 Uim_IM - ok
09:55:36.0265 2224 ultra - ok
09:55:36.0281 2224 Update - ok
09:55:36.0296 2224 usbccgp - ok
09:55:36.0312 2224 usbehci - ok
09:55:36.0328 2224 usbhub - ok
09:55:36.0328 2224 usbprint - ok
09:55:36.0343 2224 USBSTOR - ok
09:55:36.0359 2224 usbuhci - ok
09:55:36.0375 2224 usbvideo - ok
09:55:36.0375 2224 VgaSave - ok
09:55:36.0390 2224 ViaIde - ok
09:55:36.0406 2224 vmm - ok
09:55:36.0421 2224 VolSnap - ok
09:55:36.0421 2224 VPCNetS2 - ok
09:55:36.0453 2224 Wanarp - ok
09:55:36.0468 2224 Wdf01000 - ok
09:55:36.0484 2224 WDICA - ok
09:55:36.0484 2224 wdmaud - ok
09:55:36.0500 2224 winachsf - ok
09:55:36.0546 2224 WinUSB - ok
09:55:36.0593 2224 WSTCODEC - ok
09:55:36.0609 2224 WudfPf - ok
09:55:36.0625 2224 WudfRd - ok
09:55:36.0656 2224 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:55:36.0687 2224 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:55:36.0703 2224 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:55:36.0828 2224 \Device\Harddisk0\DR0 - ok
09:55:36.0843 2224 Boot (0x1200) (240311ba0852312be53dfde30aeb841a) \Device\Harddisk0\DR0\Partition0
09:55:36.0843 2224 \Device\Harddisk0\DR0\Partition0 - ok
09:55:36.0843 2224 ============================================================
09:55:36.0843 2224 Scan finished
09:55:36.0843 2224 ============================================================
09:55:36.0859 2884 Detected object count: 0
09:55:36.0859 2884 Actual detected object count: 0
09:55:54.0906 1172 Deinitialize success

Here is the combofix log:

ComboFix 12-02-03.02 - Owner 02/04/2012 10:04:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.605 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e969e902db0329e4.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 14:00 . 2011-07-02 21:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 20:56 . 2010-11-08 18:14 165232 ---ha-w- c:\documents and settings\Owner\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-12-10 21:24 . 2010-07-01 16:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 20:40 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2009-10-14 23:17 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 20:43 152064 ----a-w- c:\windows\system32\schannel.dll
2011-05-03 15:29 . 2010-01-20 18:28 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-12-29 17:34 . 2010-01-20 18:28 574264 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-20 18:28 . 2010-01-20 18:28 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 16:56 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PCCMFSDM.exe" [2008-09-22 126976]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files\Panasonic\MFStation\KmPcFax.exe" [2007-08-28 757760]
"Panasonic IP Address Checker for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PccChgIP.exe" [2008-02-19 131072]
"Panasonic LPD Manager"="c:\program files\Panasonic\MFStation\PCMFSMLM.exe" [2007-06-15 147456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"HipServ Agent"="c:\program files\Verbatim\MediaShare Desktop Applications\HipServAgent\HipServAgent.exe" [2010-03-16 2011424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-15 00:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe"
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PCCMFLPD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Device Simulators 4.2.2\\4.2.2.114 (8300-T-MobileEU)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.330 (9700-T-MobileUS)\\fledge.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Documents and Settings\\Owner\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.5.0\\4.5.0.175 (8830-Verizon)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.5.0\\4.5.0.55 (8820)\\fledge.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Axentra Corporation\\HipServ Setup\\Setup\\MediaShareSetup.exe"=
"c:\\Program Files\\Verbatim\\MediaShare Desktop Applications\\QuickConnect\\AxentraSmartShortcut.exe"=
"c:\\Program Files\\Verbatim\\MediaShare Desktop Applications\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [11/2/2009 4:19 PM 56208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/14/2009 6:32 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/14/2009 6:33 PM 108552]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/14/2009 6:32 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/14/2009 6:32 PM 297752]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [1/12/2010 9:07 AM 33792]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\PANASO~1\LocalCom\lmsrvnt.exe [10/19/2009 11:09 AM 36864]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/16/2012 10:57 AM 909152]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/25/2011 10:42 AM 401920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [10/26/2010 8:07 AM 167264]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/2/2010 9:35 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/2/2010 9:35 PM 8456]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8gkxx245.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.rand=1074355059370&.o=&.l=dik5h8d/o
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"U353QTLYPIOPYRLMV5JFS1QAXG1"=hex:01,00,01,00,00,00,00,00,4d,4f,fb,94,ef,b9,af,
36,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,9f,8c,62,
0b,7a,18,af,d7,9f,e7,11,ed,1f,19,49,96,69,28,1b,48,d1,3b,a8,38,4b,b1,79,de,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}*]
"U353QTLYPIOPYRLMV5JFS1QAXG1"=hex:01,00,01,00,00,00,00,00,4d,4f,fb,94,ef,b9,af,
36,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EB668333-F612-E1D7-2FB00B30B4B4E4AA}\{D1B6E034-64F3-148A-55D2E81E9958627F}\{B02B1958-B4EC-2E2F-D228BAC73E6936F4}*]
"U353QTLYPIOPYRLMV5JFS1QAXG1"=hex:01,00,01,00,00,00,00,00,4d,4f,fb,94,ef,b9,af,
36,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Completion time: 2012-02-04 10:14:34
ComboFix-quarantined-files.txt 2012-02-04 16:14
ComboFix2.txt 2011-11-23 22:51
.
Pre-Run: 20,813,303,808 bytes free
Post-Run: 20,940,550,144 bytes free
.
- - End Of File - - E58A6448DDF1E8BB10DFFEB78829769B


Thanks,
GDirect

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 04 February 2012 - 12:12 PM

How are things running now?

Can you please rerun DDS and post me attach.txt this time (no need for dds.txt)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 04 February 2012 - 02:10 PM

Hi Elise,

My computer seems to be running well.

Here is the attach.txt file from DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x1bf1f18200+1
Install Date: 10/14/2009 12:05:39 PM
System Uptime: 2/4/2012 10:34:23 AM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2392/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 19.536 GiB free.
D: is CDROM ()
E: is CDROM ()
U: is NetworkDisk (NTFS) - 931 GiB total, 924.89 GiB free.
Y: is NetworkDisk (NTFS) - 37 GiB total, 31.634 GiB free.
Z: is NetworkDisk (NTFS) - 931 GiB total, 924.89 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2/4/2012 9:58:42 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Amazon Games & Software Downloader
Apple Application Support
Apple Software Update
AT&T Unified Messaging
Audacity 1.2.6
AVG Free 8.5
BlackBerry Device Simulators 4.2.2.114 (8300-T-MobileEU)
BlackBerry Email and MDS Services Simulators 4.1.4
BlackBerry Smartphone Simulators 4.5.0.175 (8830-Verizon)
BlackBerry Smartphone Simulators 4.5.0.55 (8820)
BlackBerry Smartphone Simulators 5.0.0.330 (9700-T-MobileUS)
Broadcom 440x 10/100 Integrated Controller
BufferChm
Bullzip PDF Printer 4.0.0.463
Conexant D850 56K V.9x DFVc Modem
CreativeProjects
CreativeProjectsTemplates
CueTour
DeductionPro 2009
Dell ResourceCD
Destinations
Director
DriveImage XML (Private Edition)
EASEUS Partition Master 6.1.1 Professional
Easy CD & DVD Creator 6
EasyZip
EMS SQL Manager 2008 Lite for SQL Server
ESET Online Scanner v3
FileZilla Client 3.2.8.1
Five9 Administrator
Google SketchUp 7
GoToMeeting 4.8.0.723
GPL Ghostscript Lite 8.70
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Illinois 2009
H&R Block Illinois 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Install Network Printer Wizard
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
Intel® Extreme Graphics Driver
IrfanView (remove only)
Java Auto Updater
Java Media Framework 2.1.1e
Java™ 6 Update 29
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.60.1.1000
MediaShare Desktop Applications
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
MySQL Connector/ODBC 5.1
MZ-Tools 3.0 for VBA
Notepad++
Novacomd
Overland
Palm webOS® Doctor™ Build Verizon.277.276, webOS 1.4.5.1
Panasonic Multi-Function Station software
Paragon Backup & Recovery™ 10 Free Edition
Paragon Go Virtual™
PCDiskClone 8.0
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS8400
PSPrinters06
QFolder
QuickProjects
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Sound Blaster Live!
Spybot - Search & Destroy
SQLBackupAndFTP 3.4.3
Tool Tracking System
TrayApp
UltraVnc
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/29/2012 7:56:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
.
==== End Of File ===========================

Thanks,
GDirect

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 04 February 2012 - 02:12 PM

Good to hear that! :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 04 February 2012 - 07:00 PM

Hi Elise,

I uninstalled Java 6 update 29, rebooted and installed Java JRE 7u2.
I updated Malwarebytes and ran it. Here is the log file:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DELL [administrator]

2/4/2012 4:19:32 PM
mbam-log-2012-02-04 (16-19-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284163
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks,
GDirect

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 05 February 2012 - 03:34 AM

That all looks good. Lets do one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 February 2012 - 12:33 PM

Hi Elise,

Here is the Eset list of found threats:

C:\Documents and Settings\Owner\Desktop\DownloadedPrograms\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{075956D5-66C7-4D4A-9592-9DBAA4263471}\RP3\A0000393.exe Win32/OpenCandy application deleted - quarantined

Thanks,
GDirect

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 05 February 2012 - 12:56 PM

Nothing harmful there, which means you're good to go! :)

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 February 2012 - 03:15 PM

Hi Elise,

Thank you so much for your help, I really appreciate it!

I know there was a problem, and I know it seems to be fixed.
Is there somewhere I can recap exactly what I was actually infected with and what files have been removed to fix the infections?

Many Thanks,
GDirect

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 05 February 2012 - 03:22 PM

That is hard to say, as it may have been nothing but a cache object removed by your AV. The tools we used did some cleanup, but no active infections were present.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Gdirect

Gdirect
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 05 February 2012 - 05:19 PM

Consider this issue closed.

Thank you again!
GDirect

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:23 PM

Posted 06 February 2012 - 02:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users