Hi,
last night I noticed that the bar that appears on the top of my web browser had disappeared. When I installed trend micro internet security pro 2009, I had an extra bar that had encryption and some other stuff but now is not there anymore. Also, all my programs from the start menu have disappeared except few of them. The administration tools shows an empty message as well as games :/.. Help!
waROxa 0 Newbie Poster
waROxa 0 Newbie Poster
And when I scan my pc with trend it keeps finding like 15 of these: Cookie_(some random name) I scanned with malwarebytes and it found 54 elements affected and with combofix and hijackthis: Here are the following logs:
COMBOFIX:
ComboFix 08-12-26.03 - Maria de los Angeles 2008-12-26 19:30:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.596 [GMT -5:00]
Running from: c:\documents and settings\Maria de los Angeles\My Documents\Downloads\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Familia\Favorites\Download programs.url
c:\documents and settings\Familia\Favorites\Games.url
c:\documents and settings\Familia\Favorites\Translator.url
c:\documents and settings\Familia\Favorites\Videos.url
c:\program files\INSTALL.LOG
c:\windows\system32\acbbcbfbfb.dll
c:\windows\system32\x64
----- BITS: Possible infected sites -----
hxxp://leongkaiyoung.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Service_TDSSserv
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.
2008-12-26 18:40 . 2008-12-26 18:40 53 --a------ c:\windows\DelToolbox.bat
2008-12-26 16:35 . 2008-12-26 16:35 312,847 --------- c:\windows\system32\d1a0316b712dd1a98c30b2e87b5c8766.TMP
2008-12-26 16:35 . 2008-12-26 16:35 312,847 --------- c:\windows\system32\6af957d2d9b1af09fbbcec82fd922c63.TMP
2008-12-26 15:34 . 2008-12-26 15:34 <DIR> d-------- c:\documents and settings\Familia\Application Data\Malwarebytes
2008-12-26 15:11 . 2008-12-26 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrystalIdea Software
2008-12-25 20:13 . 2008-12-25 20:13 312,847 --------- c:\windows\system32\c728f66b4f95670342ad3cacdd36be3c.TMP
2008-12-25 13:35 . 2008-12-25 13:35 312,847 --------- c:\windows\system32\4457c39b1ea318428324d13c07c49c5b.TMP
2008-12-25 00:08 . 2008-12-25 00:08 312,847 --------- c:\windows\system32\30b8adebd008ab6ac48044b41d5f7a0e.TMP
2008-12-25 00:06 . 2008-12-25 00:06 312,847 --------- c:\windows\system32\72a857a53d10f5fcdacc8b0a05d8a7b6.TMP
2008-12-24 16:54 . 2008-12-26 16:30 <DIR> d-------- c:\documents and settings\Familia\Application Data\LimeWire
2008-12-24 16:25 . 2008-12-24 16:25 312,847 --------- c:\windows\system32\db87077127fd5840e6bb279bd0be4a54.TMP
2008-12-24 13:04 . 2008-12-24 13:04 312,847 --------- c:\windows\system32\15405e82afaae575570891523b151e39.TMP
2008-12-24 12:45 . 2008-12-24 12:45 312,847 --------- c:\windows\system32\2e6fc3bfef5edea1b7d5746806389139.TMP
2008-12-24 12:45 . 2008-12-24 12:45 312,847 --------- c:\windows\system32\1ca8afa5938040b8e677681b51b8017f.TMP
2008-12-23 19:16 . 2008-12-23 19:16 312,847 --------- c:\windows\system32\d5a3bf40072fc23855e60492a4dad9cd.TMP
2008-12-23 19:16 . 2008-12-23 19:16 312,847 --------- c:\windows\system32\687f49bf31f9e75d1613bd8b92b3a803.TMP
2008-12-23 17:24 . 2008-12-23 17:24 312,847 --------- c:\windows\system32\22b6b1025f0302843506a6646c2c7b28.TMP
2008-12-22 13:25 . 2008-12-22 13:25 312,847 --------- c:\windows\system32\09291a98c71744f469d8fcb04ef21511.TMP
2008-12-22 12:28 . 2008-12-22 12:28 312,847 --------- c:\windows\system32\e8d5d83107f00bfb789c28739a1d1118.TMP
2008-12-22 12:28 . 2008-12-22 12:28 312,847 --------- c:\windows\system32\a9a9eeecd3d7ab5f36e196bad89bc6ab.TMP
2008-12-21 13:55 . 2008-12-21 13:55 312,847 --------- c:\windows\system32\ae8ec4d9bad89dc32a810d2c4452b322.TMP
2008-12-21 13:55 . 2008-12-21 13:55 312,847 --------- c:\windows\system32\4d3718d88d060710c8c04f408e626a8a.TMP
2008-12-18 18:18 . 2008-12-18 18:18 312,847 --------- c:\windows\system32\42d8fb9e53198d3a2a37e4391d8813ac.TMP
2008-12-18 18:18 . 2008-12-18 18:18 312,847 --------- c:\windows\system32\337fa37c6473342e992c9d32c0521398.TMP
2008-12-17 16:36 . 2008-12-17 16:36 312,847 --------- c:\windows\system32\415d1884868c8c1263db0080b44e69e1.TMP
2008-12-17 16:30 . 2008-12-17 16:30 312,847 --------- c:\windows\system32\31799d05925428ecceea2f536e1508de.TMP
2008-12-17 13:11 . 2008-12-17 13:11 <DIR> d-------- c:\documents and settings\Familia\Application Data\Druide
2008-12-17 01:13 . 2008-12-18 21:27 147 --a------ c:\windows\Antidote.ini
2008-12-17 01:03 . 2008-12-17 01:05 <DIR> d-------- c:\program files\Uninstall Tool
2008-12-17 00:57 . 2008-12-17 00:57 <DIR> d-------- c:\documents and settings\Maria de los Angeles\Application Data\Druide
2008-12-17 00:52 . 2008-12-17 01:12 <DIR> d-------- c:\program files\Druide
2008-12-15 22:53 . 2008-12-15 22:53 419 --a------ c:\windows\BRWMARK.INI
2008-12-15 22:53 . 2008-12-15 22:53 27 --a------ c:\windows\BRPP2KA.INI
2008-12-15 20:09 . 2008-12-15 20:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-15 18:55 . 2008-12-15 18:55 312,847 --------- c:\windows\system32\b996e0ec16ebd1cb78175245a0c62942.TMP
2008-12-15 18:55 . 2008-12-15 18:55 312,847 --------- c:\windows\system32\5c5da3ef0169eedb68fb036a693d575d.TMP
2008-12-15 04:53 . 2008-12-15 04:53 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2008-12-15 00:43 . 2008-12-15 00:44 <DIR> d-------- c:\documents and settings\Maria de los Angeles\Application Data\Ventrilo
2008-12-15 00:42 . 2008-12-15 00:42 <DIR> d-------- c:\program files\Ventrilo
2008-12-15 00:42 . 2008-12-15 00:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 00:42 . 2008-12-15 00:42 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-13 09:57 . 2008-12-13 09:57 312,847 --------- c:\windows\system32\59e8ad0b61000e28ed3d686678183e5f.TMP
2008-12-13 03:08 . 2008-12-13 03:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\pixelStorm
2008-12-12 22:17 . 2008-12-12 22:17 312,847 --------- c:\windows\system32\8bfa8568ecc44c6d0fd4dfc0faa6f86b.TMP
2008-12-11 19:15 . 2008-12-11 19:15 <DIR> d-------- c:\program files\Driver-Soft
2008-12-11 19:15 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-11 19:15 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2008-12-11 18:30 . 2008-12-11 18:37 <DIR> d-------- c:\program files\RegCure
2008-12-09 12:20 . 2008-12-13 15:42 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-09 12:20 . 2008-12-09 12:20 1,409 --a------ c:\windows\QTFont.for
2008-12-08 15:22 . 2008-12-08 15:22 312,847 --------- c:\windows\system32\eac1b6c0d6f56d5efa6fff6ae0e74949.TMP
2008-12-08 15:22 . 2008-12-08 15:22 312,847 --------- c:\windows\system32\b7590a76f10d81edcd8ab3f7e97c13b7.TMP
2008-12-07 12:11 . 2008-12-07 12:11 312,847 --------- c:\windows\system32\2aed54deb4bf9219680743078fdcc6b1.TMP
2008-12-07 11:46 . 2008-12-07 11:46 312,847 --------- c:\windows\system32\aa9612389092e7bf95b6979ec76ee9ea.TMP
2008-12-07 11:46 . 2008-12-07 11:46 312,847 --------- c:\windows\system32\22b5d7be2362641b0037b0e209b4489f.TMP
2008-12-05 21:08 . 2008-12-05 21:08 0 --a------ c:\windows\system32\drivers\zabpfs.sys
2008-12-05 19:51 . 2008-12-05 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-02 20:28 . 2008-12-02 20:28 <DIR> d-------- c:\windows\kdefense
2008-12-02 20:28 . 2008-12-02 20:28 846,336 --a------ c:\windows\system32\kdfinj.dll
2008-12-02 20:28 . 2008-12-26 18:13 722,472 --a------ c:\windows\system32\kdfmgr.exe
2008-12-02 20:28 . 2008-12-26 18:13 192,512 --a------ c:\windows\system32\kdfvmgr.exe
2008-12-02 20:28 . 2008-12-26 18:13 77,824 --a------ c:\windows\system32\kdfapi.dll
2008-12-02 20:28 . 2008-12-26 18:13 53,248 --a------ c:\windows\system32\Kdfhok.dll
2008-12-02 20:10 . 2008-12-02 20:10 <DIR> d-------- c:\windows\LocalSSL
2008-12-02 20:09 . 2008-02-16 01:01 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-02 20:09 . 2008-02-16 01:01 52,496 --a------ c:\windows\system32\drivers\tmactmon.sys
2008-12-02 20:09 . 2008-02-16 01:01 52,240 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2008-12-02 20:08 . 2008-12-02 20:09 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 20:08 . 2008-12-05 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2008-11-29 15:24 . 2008-11-29 15:24 21,840 --a------ c:\windows\system32\SIntfNT.dll
2008-11-29 15:24 . 2008-11-29 15:24 17,212 --a------ c:\windows\system32\SIntf32.dll
2008-11-29 15:24 . 2008-11-29 15:24 12,067 --a------ c:\windows\system32\SIntf16.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 22:09 --------- d-----w c:\program files\Steam
2008-12-26 19:51 --------- d-----w c:\documents and settings\Maria de los Angeles\Application Data\LimeWire
2008-12-25 18:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 02:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-05 02:33 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-24 20:14 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-11-24 19:36 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-24 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2008-11-24 03:04 --------- d-----w c:\documents and settings\Familia\Application Data\Nero
2008-11-23 07:46 --------- d-----w c:\documents and settings\Maria de los Angeles\Application Data\Nero
2008-11-23 05:14 --------- d-----w c:\program files\Common Files\Nero
2008-11-23 04:55 --------- d-----w c:\program files\Nero
2008-11-23 04:53 --------- d-----w c:\program files\Windows Sidebar
2008-11-23 04:32 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-18 01:15 16,384 ----a-w c:\windows\DCEBoot.exe
2008-10-28 17:05 --------- d-----w c:\program files\BitComet
2008-10-28 02:11 --------- d-----w c:\program files\LimeWire
2008-10-27 20:16 --------- d-----w c:\program files\Google
2008-10-27 03:22 --------- d-----w c:\documents and settings\Maria de los Angeles\Application Data\Malwarebytes
2008-10-27 03:21 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-23 08:09 1,090 ----a-w c:\documents and settings\Maria de los Angeles\j_apps.bat
2008-03-26 19:46 113,664 ----a-w c:\windows\inf\hdaudio.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-03-06 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]
"TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-02-15 423248]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-16 492808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 163840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-21 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 131072]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-06 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-26 c:\windows\system32\advpack.dll]
c:\documents and settings\Familia\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [9/18/2008 1:50:21 PM 147456]
c:\documents and settings\Maria de los Angeles\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 6:24:54 PM 98632]
c:\documents and settings\Maria de los Angeles\Start Menu\Programs\Startup\AutorunsDisabled
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [9/18/2008 1:50:21 PM 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3owxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\mari_angel\\condition zero\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Druide\\Antidote\\Gestionnaire Antidote.exe"=
"c:\\Program Files\\Steam\\steamapps\\mari_angel\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26734:TCP"= 26734:TCP:BitComet 26734 TCP
"26734:UDP"= 26734:UDP:BitComet 26734 UDP
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [9/24/2008 2:32:48 PM 935208]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2/16/2008 1:01:44 AM 36368]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [10/22/2008 11:56:51 PM 193840]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2/16/2008 1:01:44 AM 333328]
S0 ati3owxx;ati3owxx;c:\windows\system32\Drivers\ati3owxx.sys []
S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [12/2/2008 8:09:03 PM 52240]
S3 TAP;TAP-Win32 Adapter;c:\windows\system32\DRIVERS\tapdrvr.sys [5/14/2004 12:11:37 AM 23552]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [12/2/2008 8:09:44 PM 488768]
S3 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [12/2/2008 8:09:51 PM 648456]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-12-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-11 18:23]
2008-12-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-11 18:23]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-TDSSmqlt.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 19:51:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\08ac4543c7d19819addf1a770e998d64.sys 36864 bytes
c:\windows\system32\_08ac4543c7d19819addf1a770e998d64.sys_.vir 36864 bytes
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\08ac4543c7d19819addf1a770e998d64]
"ImagePath"="system32\08ac4543c7d19819addf1a770e998d64.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alias\Maya7.0\docs\wrapper.exe
c:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2008-12-26 19:53:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-27 00:53:00
Pre-Run: 94,236,811,264 bytes free
Post-Run: 94,386,331,648 bytes free
258
jholland1964 650 Posting Expert Team Colleague Featured Poster
You shouldn't have run combofix without first posting the MBA-M logs showing items fixed and then the HiJackThis log run after a reboot.
Also combofix was run from c:\documents and settings\ and it should have been run from the desktop.
The administration tools shows an empty message as well as games :/.. Help!
The games were obviously infected as they were removed by combofix.
I need to see the ORIGINAL MBA-M log and also the ORIGINAL HJT log.
Also now update MBA-M and run a new Full System Scan with it, have it REMOVE anything found and save the log. Reboot and run HJT and save the log.
Post back here with both logs.
waROxa 0 Newbie Poster
well I had to run combofix because MBA-M was not going to run, i couldnt run any application and even when I was trying to go online and search anything about antivirus it would shut down by itself. I will post the Hjt AND the MBA-M logs.
waROxa 0 Newbie Poster
Here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:52, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Utilities\Process Explorer\procexp.exe
C:\Program Files\Uninstall Tool\utool.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Utilities\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 8980 bytes
-----------------MAM-B
Malwarebytes' Anti-Malware 1.30
Database version: 1325
Windows 5.1.2600 Service Pack 3
26/10/2008 23:36:21
mbam-log-2008-10-26 (23-36-21).txt
Scan type: Quick Scan
Objects scanned: 56118
Time elapsed: 10 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 19
Folders Infected: 1
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\avmpqrjb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkIBusS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kyjpmz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBrrSMc.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c64c55e-9b1c-4ffb-8fcc-1483c56ff43e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebrrsmc (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0c64c55e-9b1c-4ffb-8fcc-1483c56ff43e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1044c187-2dce-450d-b31d-4d707e73941c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1044c187-2dce-450d-b31d-4d707e73941c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c6aeb8e-b603-439f-bd3c-836ec473aede} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4c6aeb8e-b603-439f-bd3c-836ec473aede} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1044c187-2dce-450d-b31d-4d707e73941c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c64c55e-9b1c-4ffb-8fcc-1483c56ff43e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4c6aeb8e-b603-439f-bd3c-836ec473aede} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e52c17c7-8498-4d09-93b8-0c9227d10aeb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TotalSecure2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bkqxdons.bfno (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bkqxdons.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\397b6b4f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0c64c55e-9b1c-4ffb-8fcc-1483c56ff43e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qnflkotm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vwnskbot (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkibuss -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkibuss -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0070806-59754) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\TS-2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\geBrrSMc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kyjpmz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkIBusS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\SsuBIkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SsuBIkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avmpqrjb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bjrqpmva.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHwUnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfrlsbor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyAsrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMDVN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Local Settings\Temp\IXP001.TMP\IHXORRB.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\TS-2009\totalsecure.s2 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
C:\Program Files\TS-2009\totalsecure.s3 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Application Data\TmpRecentIcons\Total Secure 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Desktop\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Desktop\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Desktop\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria de los Angeles\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbubv.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSShrxm.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSrhyp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSvtql.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Delete on reboot.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.