Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

windows diagnostic virus, hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

windows diagnostic virus, hijackthis log

Unread postby redbull » March 19th, 2011, 11:10 am

could you please review my log and tell me which files to delete.
Thank you


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:09 AM, on 3/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Melissa\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\mpk.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 8313 bytes
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm
Advertisement
Register to Remove

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 21st, 2011, 6:44 am

Hi redbull,
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\mpk.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine (Into Normal Mode If You Can)
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight any of these Entries that exist, and choose Remove :

AVG 2010
AVG10
AVG

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine (Into Normal Mode If You Can)
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss in the filename is the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Also please tell me the status of Norton Network Security, i.e, is it up to date/paid for or not? Do you want it?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 21st, 2011, 10:31 am

hi Askey127,
I have renamed TDSSKiller.exe and I am still unable to run it. I have done all the steps up to this point, I had uninstalled AVG prior to your reply. I had also removed the non active norton. Yes I would like norton again.
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 21st, 2011, 12:42 pm

redbull,
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    If no luck, we have a few more tricks.
-----------------------------------------------
Please follow the previous instruction once again and see whether you can now run TDSSKiller
Regardless of the outcome, please proceed.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
-----------------------------------------------
Install Antivir
Double click the Avira Antivir Installer you saved on your desktop, and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
For Now, tell it to Quarantine any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 22nd, 2011, 8:34 am

I wasn't able to get the TDSSKiller to run, the run rkill seemed to run, did not delete itself, I tried the first three, could not get the link for the 4th.
The pop up windows and alerts are no longer showing, but everything is still missing from my desktop and start menu although I do see my programs on the add/remove programs list.
1st report was from window that opened after scan, reread your instructions before sending, got report the way you told me, sorry I might be sending you two copies of the same

Avira AntiVir Personal
Report file date: Monday, March 21, 2011 22:06

Scanning for 2519037 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC135561314894

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 20:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 20:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 20:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 20:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 20:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 20:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 20:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 20:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 20:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 20:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 20:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 20:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 20:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 20:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 20:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 20:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 00:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 22:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 00:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 22:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 03:59:20
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 03:59:23
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 03:59:25
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 03:59:27
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 03:59:31
VBASE026.VDF : 7.11.5.9 2048 Bytes 3/21/2011 03:59:32
VBASE027.VDF : 7.11.5.10 2048 Bytes 3/21/2011 03:59:32
VBASE028.VDF : 7.11.5.11 2048 Bytes 3/21/2011 03:59:32
VBASE029.VDF : 7.11.5.12 2048 Bytes 3/21/2011 03:59:33
VBASE030.VDF : 7.11.5.13 2048 Bytes 3/21/2011 03:59:33
VBASE031.VDF : 7.11.5.21 61952 Bytes 3/22/2011 03:59:34
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 20:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/22/2011 04:00:28
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 20:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 20:36:48
AERDL.DLL : 8.1.9.8 639346 Bytes 3/22/2011 04:00:21
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/22/2011 04:00:15
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/22/2011 04:00:09
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 3/22/2011 04:00:07
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 20:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/22/2011 03:59:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 20:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 20:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 20:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 20:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 20:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 20:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 20:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 20:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 20:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 20:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 20:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 20:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, March 21, 2011 22:06

Starting search for hidden objects.
c:\windows\explorer.exe
c:\windows\explorer.exe
[NOTE] The process is not visible.
c:\windows\explorer.exe
c:\windows\explorer.exe

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '65' Module(s) have been scanned
Scan process 'avgnt.exe' - '48' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'explorer.exe' - '119' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '106' Module(s) have been scanned
Scan process 'iexplore.exe' - '68' Module(s) have been scanned
Scan process 'MPK.exe' - '48' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '34' Module(s) have been scanned
Scan process 'javaw.exe' - '46' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '21' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
Scan process 'SaibSVC.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'ctfmon.exe' - '28' Module(s) have been scanned
Scan process 'NPSAgent.exe' - '39' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '64' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'QuickSync.exe' - '64' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '30' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '30' Module(s) have been scanned
Scan process 'HPBTWD.exe' - '25' Module(s) have been scanned
Scan process 'igfxpers.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'igfxtray.exe' - '30' Module(s) have been scanned
Scan process 'STacSV.exe' - '29' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'BOTService.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1762' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Melissa\Application Data\igfxtray.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.dgfv back-door program
C:\Documents and Settings\Melissa\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-34a7593a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
--> pap.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
C:\Documents and Settings\Melissa\My Documents\Downloads\THE KARATE KID 2010\THE KARATE KID 2010.avi
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\Documents and Settings\Melissa\My Documents\Downloads\THE KARATE KID 2010\THE KARATE KID 2010.avi
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '5e24124f.qua'.
C:\Documents and Settings\Melissa\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-34a7593a
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
[NOTE] The file was moved to the quarantine directory under the name '0c09425c.qua'.
C:\Documents and Settings\Melissa\Application Data\igfxtray.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.dgfv back-door program
[NOTE] The file was moved to the quarantine directory under the name '6a6f0da1.qua'.


End of the scan: Tuesday, March 22, 2011 06:17
Used time: 1:47:20 Hour(s)

The scan has been done completely.

28667 Scanned directories
522026 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
522023 Files not concerned
8935 Archives were scanned
0 Warnings
2 Notes
484204 Objects were scanned with rootkit scan
3 Hidden objects were found





Avira AntiVir Personal
Report file date: Monday, March 21, 2011 22:06

Scanning for 2519037 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC135561314894

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 20:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 20:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 20:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 20:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 20:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 20:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 20:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 20:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 20:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 20:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 20:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 20:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 20:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 20:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 20:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 20:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 00:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 22:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 00:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 22:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 03:59:20
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 03:59:23
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 03:59:25
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 03:59:27
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 03:59:31
VBASE026.VDF : 7.11.5.9 2048 Bytes 3/21/2011 03:59:32
VBASE027.VDF : 7.11.5.10 2048 Bytes 3/21/2011 03:59:32
VBASE028.VDF : 7.11.5.11 2048 Bytes 3/21/2011 03:59:32
VBASE029.VDF : 7.11.5.12 2048 Bytes 3/21/2011 03:59:33
VBASE030.VDF : 7.11.5.13 2048 Bytes 3/21/2011 03:59:33
VBASE031.VDF : 7.11.5.21 61952 Bytes 3/22/2011 03:59:34
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 20:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/22/2011 04:00:28
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 20:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 20:36:48
AERDL.DLL : 8.1.9.8 639346 Bytes 3/22/2011 04:00:21
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/22/2011 04:00:15
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/22/2011 04:00:09
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 3/22/2011 04:00:07
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 20:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/22/2011 03:59:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 20:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 20:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 20:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 20:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 20:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 20:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 20:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 20:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 20:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 20:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 20:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 20:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, March 21, 2011 22:06

Starting search for hidden objects.
c:\windows\explorer.exe
c:\windows\explorer.exe
[NOTE] The process is not visible.
c:\windows\explorer.exe
c:\windows\explorer.exe

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '65' Module(s) have been scanned
Scan process 'avgnt.exe' - '48' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'explorer.exe' - '119' Module(s) have been scanned
Scan process 'iexplore.exe' - '125' Module(s) have been scanned
Scan process 'iexplore.exe' - '106' Module(s) have been scanned
Scan process 'iexplore.exe' - '68' Module(s) have been scanned
Scan process 'MPK.exe' - '48' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '34' Module(s) have been scanned
Scan process 'javaw.exe' - '46' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '21' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
Scan process 'SaibSVC.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'ctfmon.exe' - '28' Module(s) have been scanned
Scan process 'NPSAgent.exe' - '39' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '64' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'QuickSync.exe' - '64' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '30' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '30' Module(s) have been scanned
Scan process 'HPBTWD.exe' - '25' Module(s) have been scanned
Scan process 'igfxpers.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'igfxtray.exe' - '30' Module(s) have been scanned
Scan process 'STacSV.exe' - '29' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'BOTService.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1762' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Melissa\Application Data\igfxtray.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.dgfv back-door program
C:\Documents and Settings\Melissa\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-34a7593a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
--> pap.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
C:\Documents and Settings\Melissa\My Documents\Downloads\THE KARATE KID 2010\THE KARATE KID 2010.avi
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\Documents and Settings\Melissa\My Documents\Downloads\THE KARATE KID 2010\THE KARATE KID 2010.avi
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '5e24124f.qua'.
C:\Documents and Settings\Melissa\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-34a7593a
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
[NOTE] The file was moved to the quarantine directory under the name '0c09425c.qua'.
C:\Documents and Settings\Melissa\Application Data\igfxtray.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.dgfv back-door program
[NOTE] The file was moved to the quarantine directory under the name '6a6f0da1.qua'.


End of the scan: Tuesday, March 22, 2011 06:17
Used time: 1:47:20 Hour(s)

The scan has been done completely.

28667 Scanned directories
522026 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
522023 Files not concerned
8935 Archives were scanned
0 Warnings
2 Notes
484204 Objects were scanned with rootkit scan
3 Hidden objects were found
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 22nd, 2011, 1:59 pm

Can you run TDSSKiller now if you rename it?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 22nd, 2011, 2:36 pm

no, I even tried downloading it again and renaming it. Also the avira didn't detect refog keylogger that I installed last year. That does still work from the start menu, just my hot keys for it doesn't work.
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 23rd, 2011, 7:55 am

redbull,
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Skip to the Note below if you already have Malwarebytes AM on your system

Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.

    Note: If you already have Malwarebytes on your system, just click on the Updates tab, have it update itself, and run a quick scan.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.

------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • XP : Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.

So we are looking for the installed programs list, and the logs from malwarebytes and Gmer.
Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 23rd, 2011, 9:23 am

when I downloaded the GMER Rootkit Scanner, before it finished my screen went blank, a message popped up that I didnt have time to read and my computer restarted.
I will try again but I wanted to send you the logs to the first two steps again


Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira AntiVir Personal - Free Antivirus
BitTorrent
BlackBerry Desktop Software 6.0.1
BlackBerry Desktop Software 6.0.1
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Canon i350
Compatibility Pack for the 2007 Office system
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Games
HP Help and Support
HP QuickSync
HP User Guides 0165
HP Webcam-50
HP Wireless Assistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 14
LG USB Modem driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Live Search Toolbar
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PartyPoker
PokerStars
QuickTime
Roxio BackOnTrack
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Roxio Update Manager
Samsung New PC Studio
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Windows Backup Utility
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XP Codec Pack

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6140

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/23/2011 7:09:41 AM
mbam-log-2011-03-23 (07-09-41).txt

Scan type: Quick scan
Objects scanned: 162035
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\MPK (Refog.Keylogger) -> Delete on reboot.

Files Infected:
c:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\cinfo.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\icon.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> Delete on reboot.
c:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\mpknetinstall.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot.
c:\WINDOWS\system32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 23rd, 2011, 9:23 am

when I downloaded the GMER Rootkit Scanner, before it finished my screen went blank, a message popped up that I didnt have time to read and my computer restarted.
I will try again but I wanted to send you the logs to the first two steps again


Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira AntiVir Personal - Free Antivirus
BitTorrent
BlackBerry Desktop Software 6.0.1
BlackBerry Desktop Software 6.0.1
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Canon i350
Compatibility Pack for the 2007 Office system
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Games
HP Help and Support
HP QuickSync
HP User Guides 0165
HP Webcam-50
HP Wireless Assistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 14
LG USB Modem driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Live Search Toolbar
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PartyPoker
PokerStars
QuickTime
Roxio BackOnTrack
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Roxio Update Manager
Samsung New PC Studio
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Windows Backup Utility
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XP Codec Pack

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6140

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/23/2011 7:09:41 AM
mbam-log-2011-03-23 (07-09-41).txt

Scan type: Quick scan
Objects scanned: 162035
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\MPK (Refog.Keylogger) -> Delete on reboot.

Files Infected:
c:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\cinfo.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\icon.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> Delete on reboot.
c:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\mpknetinstall.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot.
c:\WINDOWS\system32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins001.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins002.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 23rd, 2011, 9:33 am

The same thing happened, a warning popped up on a light blue screen, also when I clicked the link to download GMER Rootkit Scanner, it went right to the run/save screen, I did not have the option to choose a file, as well I appologize, when I refreshed my screen I double posted my last entry

.
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 23rd, 2011, 11:54 am

redbull,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Bittorrent

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Run RKILL again
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 23rd, 2011, 12:18 pm

before I start this next step, you also had me install Malwarebytes, should I do something with this program as well?
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm

Re: windows diagnostic virus, hijackthis log

Unread postby askey127 » March 24th, 2011, 11:32 am

We will save the use of Malwarebytes until after the run with ComboFix.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: windows diagnostic virus, hijackthis log

Unread postby redbull » March 24th, 2011, 12:04 pm

I am currently running the combo fix on my computer, I see a blue box with c:\ in the upper right hand corner, it has been like this for almost 10, is this correct and what do I do if it goes to screen saver, as I am not supposed to touch computer?
(I am posting this from my phone)
redbull
Regular Member
 
Posts: 31
Joined: March 18th, 2011, 11:25 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware