Free Malware Removal Forum

[drkilljoy]

I did option 2 on the list, and restored it back to 5/15/2010 again and now it restored the settings back and my internet is back. im not sure if the virus may be back as I see utorrent is on my desktop again so what should I do next?

[askey127]

drkilljoy,
Please post a HijackThis log and the Uninstall list.
Please don't Install or uninstall anything or run any cleaning scans of any kind unless I tell you.
-----------------------------------------------
Download and Install HiJackThis
The Downloads for HiJackThis 2.0.4 are here: http://free.antivirus.com/hijackthis/

• Choose the Installer version and save to your Desktop. It will be named HiJackThis.msi.
• For XP, Double Click, (or for Vista/Win7, Right click and choose "Run as administrator") to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and a text log file will open in notepad.
• Make sure Notepad's Format Menu has Word Wrap Unchecked.
• Copy/Paste the entire log to your next reply please.
• No matter what it says in the QuickStart Guide or elsewhere, DON'T USE the "ANALYZE THIS" button.
  Its Findings can be Dangerous for your machine.
• Please Don't have Hijackthis fix anything yet.
  Most of what it is in the log are legitimate entries, necessary for the operation of your computer.

-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
-----------------------------------------------------------
You probably don't have any antivirus either, so don't surf the Internet except to download tools and post here.

askey127

[drkilljoy]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:32 PM, on 6/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7462 bytes










µTorrent
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CDisplay 1.8
Choice Guard
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
Enigma
ERUNT 1.1j
ESET Online Scanner v3
GTK+ Runtime 2.14.7 rev a (remove only)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPSSupply
iTunes
Java(TM) 6 Update 18
LabelPrint
LG USB Modem driver
Malwarebytes' Anti-Malware
M-Audio Series II MIDI
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.16)
Mozilla Firefox (3.6.4)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Pidgin
Power2Go
PowerDirector
QuickTime
Reason 4.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Servicepoint 3.5.10
Viewpoint Media Player
VLC media player 1.0.2
VoiceOver Kit
WeatherBug Gadget
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

[askey127]

drkilljoy,
Please do these tasks, in this sequence.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Right Click HiJackThis and choose "Run as administrator".
Click Do System Scan Only. When the Scan is complete, Check the following entry:
(This line may be missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, if it exists, and choose Uninstall/Change, and give permission to Continue:
utorrent
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Download a free AntiVirus Program
Download this free anti-virus programs, update it, and allow it to run a full scan without interruption. Have it remove/fix anything it finds.
Consider this an Emergency until you complete it!
AntiVir Free is here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml

Let me know of any task you cannot do, or gives you an error..
askey127

[drkilljoy]

Everything seem to go fine, here is the report just incase of anything



Avira AntiVir Personal
Report file date: Wednesday, June 02, 2010 16:58

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CALLEN-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20
VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55
VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22
VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17
VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17
VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, June 02, 2010 16:58

Starting search for hidden objects.
c:\windows\system32\regsvr32.exe
c:\Windows\System32\regsvr32.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '109' Module(s) have been scanned
Scan process 'Recorder.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '79' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'MSASCui.exe' - '58' Module(s) have been scanned
Scan process 'hphc_service.exe' - '26' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '102' Module(s) have been scanned
Scan process 'ehmsas.exe' - '24' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '30' Module(s) have been scanned
Scan process 'ehtray.exe' - '27' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '32' Module(s) have been scanned
Scan process 'sidebar.exe' - '56' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '77' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '155' Module(s) have been scanned
Scan process 'Dwm.exe' - '35' Module(s) have been scanned
Scan process 'taskeng.exe' - '82' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'QPSched.exe' - '41' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '35' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '31' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'ServicepointService.exe' - '38' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'WLANExt.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '32' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1263' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '48d44d89.qua'.


End of the scan: Wednesday, June 02, 2010 19:26
Used time: 2:27:10 Hour(s)

The scan has been done completely.

29450 Scanned directories
509960 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
509959 Files not concerned
4463 Archives were scanned
0 Warnings
1 Notes
606948 Objects were scanned with rootkit scan
1 Hidden objects were found

[askey127]

drkilljoy,
Doesn't look too bad.
Surf around the internet a bit with Google on familiar sites and see if you are getting redirects.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware

• Start Malwarebytes' Anti-Malware. (Right button click and choose "Run as administrator")
• Click on The Update tab. Choose Check for Updates.
• If an update is found, it will download and install the latest version.
• If necessary, start Malwarebytes Anti-Malware again.
• Once the program is running, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
• The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
• Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt

askey127

[drkilljoy]

Whenever I try to run Malware Anti-bytes it tells me Error Code

[askey127]

drkilljoy,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, choose Uninstall/Change, and give permission to Continue:
Malwarebytes Antimalware
Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.

• After clicking on the download and choosing Save, the "Save to location" dialog will come up.
• Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
• You should now have a desktop icon named mbam-setup.exe.
• Right click it, choose Run as administrator and Continue
• Let it install where it wants to, with the default settings, and click Finish.
• If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
• If necessary, start Malwarebytes Anti-Malware again.
• Once the program has started up, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
• The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents. The logs are listed and named by time/date stamp.

askey127

[drkilljoy]

Now it wont let me uninstall the program no matter how I try also

[askey127]

dr killjoy,
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

• Right button click on Rkill and choose "Run as administrator".
• A command window will open then disappear upon completion, this is normal.

See whether running this once will now allow you to Uninstall your copy of Malwarebytes.
This is not terribly serious, as I do not see any malware on your system right now.
Let me know what happens.
askey127

[drkilljoy]

When I try to unistall it now it says that its missing

[askey127]

drkilljoy,
I cannot see any infections on your machine at this time.
If it's running OK, you should be good to go. Just stay away from file sharing programs like utorrent.
askey127

[drkilljoy]

Alright I sure will, thank you for all your help I really really do appreciate it.

[askey127]

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.