Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mal/Qbot-b detected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 20th, 2010, 9:50 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2008 2:42:07 PM
System Uptime: 7/20/2010 6:32:43 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 100.474 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.12 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP480: 4/21/2010 7:26:15 PM - System Checkpoint
RP481: 4/23/2010 2:25:02 PM - System Checkpoint
RP482: 4/24/2010 9:10:26 AM - Removed Java(TM) 6 Update 12
RP483: 4/24/2010 9:10:50 AM - Installed Java(TM) 6 Update 20
RP484: 4/25/2010 10:24:17 AM - System Checkpoint
RP485: 4/26/2010 6:52:08 PM - System Checkpoint
RP486: 4/29/2010 8:17:54 PM - System Checkpoint
RP487: 5/1/2010 9:40:29 AM - System Checkpoint
RP488: 5/2/2010 10:20:37 AM - System Checkpoint
RP489: 5/3/2010 6:20:01 PM - System Checkpoint
RP490: 5/4/2010 7:15:01 PM - System Checkpoint
RP491: 5/6/2010 11:52:28 AM - System Checkpoint
RP492: 5/7/2010 12:35:37 PM - System Checkpoint
RP493: 5/8/2010 2:58:34 PM - System Checkpoint
RP494: 5/9/2010 3:13:35 PM - System Checkpoint
RP495: 5/10/2010 5:00:40 PM - System Checkpoint
RP496: 5/11/2010 5:43:14 PM - System Checkpoint
RP497: 5/12/2010 6:50:32 PM - System Checkpoint
RP498: 5/12/2010 6:58:28 PM - Software Distribution Service 3.0
RP499: 5/13/2010 7:24:42 PM - System Checkpoint
RP500: 5/15/2010 5:54:11 AM - System Checkpoint
RP501: 5/17/2010 6:41:06 PM - System Checkpoint
RP502: 5/19/2010 7:11:50 PM - System Checkpoint
RP503: 5/21/2010 6:21:17 PM - System Checkpoint
RP504: 5/22/2010 6:53:59 PM - System Checkpoint
RP505: 5/24/2010 11:48:56 AM - System Checkpoint
RP506: 5/25/2010 7:21:32 PM - Software Distribution Service 3.0
RP507: 5/27/2010 8:02:42 PM - System Checkpoint
RP508: 5/29/2010 12:45:47 PM - System Checkpoint
RP509: 5/30/2010 1:49:57 PM - System Checkpoint
RP510: 5/31/2010 2:43:07 PM - System Checkpoint
RP511: 6/1/2010 6:27:51 PM - System Checkpoint
RP512: 6/4/2010 6:04:08 PM - System Checkpoint
RP513: 6/6/2010 9:33:18 AM - System Checkpoint
RP514: 6/8/2010 7:16:26 PM - Software Distribution Service 3.0
RP515: 6/10/2010 1:26:19 PM - System Checkpoint
RP516: 6/11/2010 1:55:51 PM - System Checkpoint
RP517: 6/12/2010 3:22:28 PM - System Checkpoint
RP518: 6/13/2010 3:56:14 PM - System Checkpoint
RP519: 6/14/2010 5:51:09 PM - System Checkpoint
RP520: 6/15/2010 6:12:36 PM - System Checkpoint
RP521: 6/16/2010 7:26:55 PM - System Checkpoint
RP522: 6/17/2010 7:30:29 PM - System Checkpoint
RP523: 6/19/2010 10:04:10 AM - System Checkpoint
RP524: 6/20/2010 10:09:34 AM - System Checkpoint
RP525: 6/21/2010 7:00:37 PM - System Checkpoint
RP526: 6/22/2010 8:57:33 PM - System Checkpoint
RP527: 6/23/2010 8:07:32 PM - Software Distribution Service 3.0
RP528: 6/25/2010 6:35:00 PM - System Checkpoint
RP529: 6/26/2010 7:16:30 PM - System Checkpoint
RP530: 6/27/2010 7:35:38 PM - System Checkpoint
RP531: 6/29/2010 7:05:18 PM - System Checkpoint
RP532: 6/30/2010 7:23:49 PM - System Checkpoint
RP533: 7/1/2010 7:52:11 PM - System Checkpoint
RP534: 7/3/2010 7:27:18 AM - System Checkpoint
RP535: 7/4/2010 7:28:35 AM - System Checkpoint
RP536: 7/5/2010 8:19:51 AM - System Checkpoint
RP537: 7/6/2010 5:29:15 PM - System Checkpoint
RP538: 7/7/2010 6:55:15 PM - System Checkpoint
RP539: 7/9/2010 3:51:46 PM - System Checkpoint
RP540: 7/10/2010 4:21:20 PM - System Checkpoint
RP541: 7/11/2010 5:16:20 PM - System Checkpoint
RP542: 7/12/2010 6:57:40 PM - System Checkpoint
RP543: 7/14/2010 4:11:09 PM - System Checkpoint
RP544: 7/14/2010 7:41:59 PM - Software Distribution Service 3.0
RP545: 7/17/2010 9:04:00 AM - System Checkpoint
RP546: 7/18/2010 12:53:17 PM - System Checkpoint
RP547: 7/19/2010 3:35:54 PM - System Checkpoint
RP548: 7/20/2010 6:09:13 PM - Removed Ask Toolbar.

==== Installed Programs ======================


2600_Help
2600Trb
2700
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Applian FLV Player
Ask & Record Toolbar 4.00
Ask & Record Toolbar 4.01
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Belarc Advisor 8.1
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
CameraDrivers
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DocProc
DocumentViewer
DocumentViewerQFolder
Ease Video Joiner 1.00
Easy Internet Sign-up
Emicsoft FLV Converter
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Free Photo Viewer
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
GlidePoint Touchpad
Google Chrome
Google Toolbar for Internet Explorer
H.264 Decoder
Handbrake 0.9.4
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart Essential 3.5
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
iTunes
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
MalwareRemovalBot
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
Microsoft XML Parser
MKV Splitter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Naturpic Video Converter 1.40
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org Installer 1.0
Opera 9.52
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2010
QuickTime
RandMap
Readme
RealPlayer
Realtek AC'97 Audio
Remove IntelliMover Demo
Replay Converter 3
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sherlock Holmes Nemesis
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinFF 1.1
WinPatrol 2009
WinRAR archiver
Xvid 1.1.3 final uninstall
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos AutoUpdate Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The ARSVC service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process WinPatrol.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process SAVAdminService.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process rundll32.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process PV.cfxxecfxxe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process nvsvc32.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process mDNSResponder.e.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process MDM.EXE.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process LSSrvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process iTunesHelper.ex.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process issch.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process iPodService.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process IntuitUpdateSer.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process HPZIPM12.EXE.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpwuschd2.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpsysdrv.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpqtra08.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process Hotsync.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process GoogleToolbarNo.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process FLVSrvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehtray.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehSched.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehrecvr.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehmsas.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process dllhost.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process DISCUpdateMgr.e.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ctfmon.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process CALMAIN.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process arservice.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process AppleMobileDevi.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ALsvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ALMon.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process Alcxmntr.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
7/18/2010 12:38:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
7/18/2010 12:38:22 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147500037 (0x80004005).
7/18/2010 12:38:03 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0015F2B4994B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/17/2010 5:15:13 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 60:FB:42:3E:4A:A2. Network operations on this system may be disrupted as a result.
7/17/2010 5:14:48 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0015F2B4994B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm
Advertisement
Register to Remove

Re: Mal/Qbot-b detected

Unread postby km2357 » July 21st, 2010, 11:07 pm

Sorry for the delay in replying, I was away from the computer most of the day (Wednesday)


Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:


  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.

Be sure to re-hide your files once you are finished cleaning your computer.


Delete the following folder, if found:

c:\documents and settings\Tom\Application Data\Inikq


Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 2 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 21st, 2010, 11:41 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4337

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2010 8:35:12 PM
mbam-log-2010-07-21 (20-35-12).txt

Scan type: Quick scan
Objects scanned: 179996
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby km2357 » July 22nd, 2010, 2:17 pm

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 7.0.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.3 is a large program and if you prefer a smaller program you can get Foxit 4.0.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.0.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2 Download and Install Java

  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • From your desktop double-click on the download to install the newest version.


Step # 3: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 23rd, 2010, 9:08 pm

Everything worked fine until I got to the Kaspersky instructions. It says that my "computer does not meet the requirements........." for using Kaspersky. I turned off my Sophos anti-virus software and also disabled the Tea Timer program. I looked at the help instructions but I cant' figure out why my computer does not meet the requirements.

UPDATE:
Sorry, false alarm. I was using the Chrome web browser and I finally realized that the Kaspersky program doesn't support that browser. I switched to IE and Kaspersky is running fine now.
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 24th, 2010, 10:15 am

My computer seems to be working fine but I can no longer see video on my IPod which may be a coincidental quirk that I will investigate today.




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 24, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 23, 2010 22:59:13
Records in database: 4226673
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 174163
Threats found: 13
Infected objects found: 22
Suspicious objects found: 0
Scan duration: 04:27:39


File name / Threat / Threats count
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\13\6deed00d-61d92769 Infected: Exploit.Java.CVE-2009-3867.b 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\14\1e9be28e-1546722f Infected: Trojan-Downloader.Java.Agent.fl 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\14\1e9be28e-1546722f Infected: Trojan-Downloader.Java.Agent.fk 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\14\1e9be28e-1546722f Infected: Trojan-Downloader.Java.Agent.fj 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\25\5028dd99-286d3e09 Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\27\6f530d9b-2f35f169 Infected: Exploit.OSX.Smid.d 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\30\27624d1e-3bbf2357 Infected: Exploit.OSX.Smid.d 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\33\378022e1-43c01fc4 Infected: Trojan.Java.Agent.b 3
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\44\9bf2eec-3c8c2aa3 Infected: Trojan-Downloader.Java.Agent.fl 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\44\9bf2eec-3c8c2aa3 Infected: Trojan-Downloader.Java.Agent.fk 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\44\9bf2eec-3c8c2aa3 Infected: Trojan-Downloader.Java.Agent.fj 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\52\1c30ac74-12178f15 Infected: Trojan-Downloader.Java.OpenStream.ak 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\52\1c30ac74-12178f15 Infected: Trojan-Dropper.Java.Small.h 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\9\13b3e2c9-1e293151 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\9\13b3e2c9-1e293151 Infected: Trojan-Downloader.Java.OpenStream.af 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0133971.exe Infected: Trojan.Win32.Vilsel.agfb 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0133973.exe Infected: Trojan-Downloader.Win32.Genome.axlj 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0133974.exe Infected: Trojan-Downloader.Win32.Genome.axlj 1

Selected area has been scanned.
Last edited by kanakaboyus on July 24th, 2010, 10:21 am, edited 1 time in total.
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 24th, 2010, 10:17 am

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 7:11:44.81 on Sat 07/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2016 [GMT -7:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Touchpad\Gesture.exe
C:\WINDOWS\system32\glidew32.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\program files\common files\installshield\updateservice\issch.exe
svchost.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CirqueGesture] c:\program files\touchpad\Gesture.exe
mRun: [Glide] glidew32.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microso ... 2556477203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2556525015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-9-30 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-9-30 38912]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-5-27 172032]
R3 glidesvc;GlidePoint Mouseclass Service;c:\windows\system32\drivers\glidesvc.sys [2005-10-3 38183]
R3 gpmoups2;GlidePoint PS2 Touchpad Service;c:\windows\system32\drivers\gpmoups2.sys [2005-10-3 14063]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-1-20 56992]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 SAVCleanupService;Sophos Cleanup Service;c:\program files\sophos\sophos anti-virus\SAVCleanupService.exe [2008-7-22 90112]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976]

=============== Created Last 30 ================

2010-07-24 00:50:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-21 02:58:32 9216 --sha-w- C:\Thumbs.db
2010-07-20 00:06:33 0 d-sha-r- C:\cmdcons
2010-07-20 00:02:04 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 00:02:03 98816 ----a-w- c:\windows\sed.exe
2010-07-20 00:02:03 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 00:02:03 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 23:00:30 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-05 02:27:22 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

==================== Find3M ====================

2010-07-24 00:50:37 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-11 13:49:40 1482 ----a-w- c:\docume~1\tom\applic~1\wklnhst.dat
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-27 12:45:06 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2009-06-13 15:46:21 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2008-08-23 17:34:27 382352 ----a-w- c:\program files\jre-6u7-windows-i586-p-iftw.exe
2008-08-23 16:44:32 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2008-08-17 15:55:09 812344 ----a-w- c:\program files\HJTInstall.exe
2006-03-19 23:40:16 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-07-03 16:38:45 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-25 14:56:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 7:12:35.31 ===============
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 24th, 2010, 10:18 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2008 2:42:07 PM
System Uptime: 7/23/2010 6:12:29 PM (13 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 99.636 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.12 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP484: 4/25/2010 10:24:17 AM - System Checkpoint
RP485: 4/26/2010 6:52:08 PM - System Checkpoint
RP486: 4/29/2010 8:17:54 PM - System Checkpoint
RP487: 5/1/2010 9:40:29 AM - System Checkpoint
RP488: 5/2/2010 10:20:37 AM - System Checkpoint
RP489: 5/3/2010 6:20:01 PM - System Checkpoint
RP490: 5/4/2010 7:15:01 PM - System Checkpoint
RP491: 5/6/2010 11:52:28 AM - System Checkpoint
RP492: 5/7/2010 12:35:37 PM - System Checkpoint
RP493: 5/8/2010 2:58:34 PM - System Checkpoint
RP494: 5/9/2010 3:13:35 PM - System Checkpoint
RP495: 5/10/2010 5:00:40 PM - System Checkpoint
RP496: 5/11/2010 5:43:14 PM - System Checkpoint
RP497: 5/12/2010 6:50:32 PM - System Checkpoint
RP498: 5/12/2010 6:58:28 PM - Software Distribution Service 3.0
RP499: 5/13/2010 7:24:42 PM - System Checkpoint
RP500: 5/15/2010 5:54:11 AM - System Checkpoint
RP501: 5/17/2010 6:41:06 PM - System Checkpoint
RP502: 5/19/2010 7:11:50 PM - System Checkpoint
RP503: 5/21/2010 6:21:17 PM - System Checkpoint
RP504: 5/22/2010 6:53:59 PM - System Checkpoint
RP505: 5/24/2010 11:48:56 AM - System Checkpoint
RP506: 5/25/2010 7:21:32 PM - Software Distribution Service 3.0
RP507: 5/27/2010 8:02:42 PM - System Checkpoint
RP508: 5/29/2010 12:45:47 PM - System Checkpoint
RP509: 5/30/2010 1:49:57 PM - System Checkpoint
RP510: 5/31/2010 2:43:07 PM - System Checkpoint
RP511: 6/1/2010 6:27:51 PM - System Checkpoint
RP512: 6/4/2010 6:04:08 PM - System Checkpoint
RP513: 6/6/2010 9:33:18 AM - System Checkpoint
RP514: 6/8/2010 7:16:26 PM - Software Distribution Service 3.0
RP515: 6/10/2010 1:26:19 PM - System Checkpoint
RP516: 6/11/2010 1:55:51 PM - System Checkpoint
RP517: 6/12/2010 3:22:28 PM - System Checkpoint
RP518: 6/13/2010 3:56:14 PM - System Checkpoint
RP519: 6/14/2010 5:51:09 PM - System Checkpoint
RP520: 6/15/2010 6:12:36 PM - System Checkpoint
RP521: 6/16/2010 7:26:55 PM - System Checkpoint
RP522: 6/17/2010 7:30:29 PM - System Checkpoint
RP523: 6/19/2010 10:04:10 AM - System Checkpoint
RP524: 6/20/2010 10:09:34 AM - System Checkpoint
RP525: 6/21/2010 7:00:37 PM - System Checkpoint
RP526: 6/22/2010 8:57:33 PM - System Checkpoint
RP527: 6/23/2010 8:07:32 PM - Software Distribution Service 3.0
RP528: 6/25/2010 6:35:00 PM - System Checkpoint
RP529: 6/26/2010 7:16:30 PM - System Checkpoint
RP530: 6/27/2010 7:35:38 PM - System Checkpoint
RP531: 6/29/2010 7:05:18 PM - System Checkpoint
RP532: 6/30/2010 7:23:49 PM - System Checkpoint
RP533: 7/1/2010 7:52:11 PM - System Checkpoint
RP534: 7/3/2010 7:27:18 AM - System Checkpoint
RP535: 7/4/2010 7:28:35 AM - System Checkpoint
RP536: 7/5/2010 8:19:51 AM - System Checkpoint
RP537: 7/6/2010 5:29:15 PM - System Checkpoint
RP538: 7/7/2010 6:55:15 PM - System Checkpoint
RP539: 7/9/2010 3:51:46 PM - System Checkpoint
RP540: 7/10/2010 4:21:20 PM - System Checkpoint
RP541: 7/11/2010 5:16:20 PM - System Checkpoint
RP542: 7/12/2010 6:57:40 PM - System Checkpoint
RP543: 7/14/2010 4:11:09 PM - System Checkpoint
RP544: 7/14/2010 7:41:59 PM - Software Distribution Service 3.0
RP545: 7/17/2010 9:04:00 AM - System Checkpoint
RP546: 7/18/2010 12:53:17 PM - System Checkpoint
RP547: 7/19/2010 3:35:54 PM - System Checkpoint
RP548: 7/20/2010 6:09:13 PM - Removed Ask Toolbar.
RP549: 7/21/2010 7:45:46 PM - System Checkpoint
RP550: 7/23/2010 5:37:38 PM - Removed Adobe Reader 7.0
RP551: 7/23/2010 5:45:00 PM - Installed Adobe Reader 9.3.3.
RP552: 7/23/2010 5:50:31 PM - Installed Java(TM) 6 Update 21

==== Installed Programs ======================


2600_Help
2600Trb
2700
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Applian FLV Player
Ask & Record Toolbar 4.00
Ask & Record Toolbar 4.01
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Belarc Advisor 8.1
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
CameraDrivers
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DocProc
DocumentViewer
DocumentViewerQFolder
Ease Video Joiner 1.00
Easy Internet Sign-up
Emicsoft FLV Converter
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Free Photo Viewer
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
GlidePoint Touchpad
Google Chrome
Google Toolbar for Internet Explorer
H.264 Decoder
Handbrake 0.9.4
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart Essential 3.5
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
MalwareRemovalBot
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
Microsoft XML Parser
MKV Splitter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Naturpic Video Converter 1.40
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org Installer 1.0
Opera 9.52
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2010
QuickTime
RandMap
Readme
RealPlayer
Realtek AC'97 Audio
Remove IntelliMover Demo
Replay Converter 3
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sherlock Holmes Nemesis
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinFF 1.1
WinPatrol 2009
WinRAR archiver
Xvid 1.1.3 final uninstall
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

7/23/2010 5:30:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.
7/23/2010 5:30:33 PM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/21/2010 7:05:06 PM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 0015F2B4994B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos AutoUpdate Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The ARSVC service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process WinPatrol.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process SAVAdminService.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process rundll32.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process PV.cfxxecfxxe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process nvsvc32.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process mDNSResponder.e.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process MDM.EXE.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process LSSrvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process iTunesHelper.ex.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process issch.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process iPodService.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process IntuitUpdateSer.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process HPZIPM12.EXE.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpwuschd2.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpsysdrv.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process hpqtra08.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process Hotsync.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process GoogleToolbarNo.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process FLVSrvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehtray.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehSched.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehrecvr.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ehmsas.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process dllhost.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process DISCUpdateMgr.e.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ctfmon.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process CALMAIN.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process arservice.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process AppleMobileDevi.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ALsvc.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process ALMon.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [567] - Communication error between on-access driver and service for deletion of process Alcxmntr.exe.
7/20/2010 6:26:26 PM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
7/19/2010 5:14:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
7/19/2010 5:14:15 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147500037 (0x80004005).
7/18/2010 12:38:03 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0015F2B4994B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/17/2010 5:15:13 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 60:FB:42:3E:4A:A2. Network operations on this system may be disrupted as a result.
7/17/2010 5:14:48 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0015F2B4994B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby km2357 » July 24th, 2010, 1:22 pm

Your DDS Log looks good. :)

My computer seems to be working fine but I can no longer see video on my IPod which may be a coincidental quirk that I will investigate today.


Are you still having this problem? If you haven't fixed it yet, you can try updating your IPod so that it has the latest software/drivers for it and see if that fixes it.

If that doesn't do it or you can't solve the problem on your own, it'd be best to start a thread in one of the following forums and they should be able to help you out better than I can. :)

http://forums.macrumors.com/index.php
http://forums.ilounge.com/

All may require free registration before posting for help.


Kaspersky found some infected System Restore points. They are harmless where they are. I'll show you how to remove them and set a new, clean one in an upcoming post.


Step # 1 Clear Java's Cache

Click Start > Control Panel

  • Double-click the Java icon in the control panel. (coffeecup icon)
  • Click Settings under Temporary Internet Files.

    -The Temporary Files Settings dialog box appears.

  • Click Delete Files.

    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.

  • Applications and Applets
  • Trace and Log Files

Make sure both are checked

Click OK on Delete Temporary Files window.

-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Close the Java Control Panel
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 24th, 2010, 4:01 pm

I solved my IPod problem. I just did a complete restart and it's working fine now. Thanks for the other links in case I ever need them.

I also cleared the Java cache.
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby km2357 » July 24th, 2010, 11:28 pm

Nice work on solving the IPod problem. :)

If there are no other problems, then you're good to go. :)

You can delete the following off of your computer:

DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
SysProt.zip
SysProt.exe
The SysProt Log



To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  • This will remove all restore points except the new one you just created.
.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub frames across different domains to Prompt
  5. When all these settings have been made, click on the OK button.
  6. If it asks you if you want to save the settings, press the Yes button.
  7. Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miek ... ntion.html

If your computer is running slow, click here for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 25th, 2010, 10:17 am

Okay, it's all done! Thank you very much for your help. In summary, can you tell me what was infected on my computer? Was it my Java files? Or was it more widespread?
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby km2357 » July 25th, 2010, 1:16 pm

I would say the main thing that was infected on your computer was your Java cache/files. What you originally being reported infected with "Mal/Q-botb", I didn't see any signs of it in any of your first logs you posted. ComboFix did delete some bad files, but nothing I could see related to that infection. Its possible that Sophos cleared up the Q-bot infection before you came here and we just ran cleanup on the leftovers. :)

You're welcome. I'm glad I was able to help you out. :)

Good luck and safe surfing!
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Mal/Qbot-b detected

Unread postby kanakaboyus » July 25th, 2010, 1:56 pm

Yes, I think the Sophos caught and cleaned the Mal/Qbot virus but I'm happy that we found and cleaned up other residual cr*p. Thanks again for your dedicated and thorough help.
kanakaboyus
Regular Member
 
Posts: 48
Joined: August 17th, 2008, 12:44 pm

Re: Mal/Qbot-b detected

Unread postby NonSuch » July 25th, 2010, 6:21 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 507 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware