Inactive Trojan horse Generic 32.EGL

S

SRGlobal

"";"Trojan horse Generic32.EGL, C:\Windows\Installer\afcb.msi" ;"Infected"
"";"Trojan horse Generic32.EGL, C:\Windows\Installer\afcb.msi:\Data1.cab:\hpactivecheck.msi:\Cabs.w1.cab\hpdobject.exe ";"Infected"

Severity: High
Infected
Scan

Can someone tell me what this means and what I should do. This is the only infected file that AVG security did not delete or move to vault.

Thank you :)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Thank you for your assistance.

Here is the log from AdwCleaner:

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 14:43:06
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : S - S-PC
# Boot Mode : Normal
# Running from : C:\Users\S\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\S\AppData\Local\Temp\boost_interprocess
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\hhcjnvyi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1108 octets] - [13/03/2013 14:41:36]
AdwCleaner[S1].txt - [306 octets] - [13/03/2013 14:42:39]
AdwCleaner[S2].txt - [1110 octets] - [13/03/2013 14:43:06]

########## EOF - C:\AdwCleaner[S2].txt - [1170 octets] ##########
 
Yes, I did skip the 4step and skimmed right to the bottow. Ok here it is. Thx!

Step 1:
AVG Security software is the anti-virus that I have and it picked up the initial threat that lead to the post.

Step 2:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2013.03.13.12

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
SONYA :: SONYA-PC [administrator]

3/13/2013 4:10:15 PM
mbam-log-2013-03-13 (16-10-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244168
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Step 3:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by S. at 16:24:25 on 2013-03-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.5283 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
M:\BITs\HIREN'S BOOTCD 15.2\HBCD\HBCDMenu.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\S.\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{44148428-F552-497B-99DD-4FE927CBE200} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{68FBCACF-039C-4F31-8597-F74A20B23805} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{68FBCACF-039C-4F31-8597-F74A20B23805}\47563747 : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\S.\AppData\Roaming\Mozilla\Firefox\Profiles\hhcjnvyi.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-12 19:16; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\S.\AppData\Roaming\Mozilla\Firefox\Profiles\hhcjnvyi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-03-12 19:26; abb@amazon.com; C:\Users\S.\AppData\Roaming\Mozilla\Firefox\Profiles\hhcjnvyi.default\extensions\abb@amazon.com.xpi
FF - ExtSQL: 2013-03-12 21:31; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-03-12 21:31; msntoolbar@msn.com; C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF - ExtSQL: 2013-03-12 21:31; {27182e60-b5f3-411c-b545-b44205977502}; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2013-03-12 22:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: !HIDDEN! 2013-03-12 21:31; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/03/05 10:38:25];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-3-5 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-5-15 203264]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2012-3-5 192512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-7-13 233472]
.
=============== Created Last 30 ================
.
2013-03-13 21:04:34 25928 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys
2013-03-13 21:04:34 -------- d-----w- C:\Users\S.\AppData\Roaming\Malwarebytes
2013-03-13 21:04:33 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-13 20:43:30 -------- d-----w- C:\Users\S.\AppData\Roaming\HP Support Assistant
2013-03-13 19:43:10 120 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-03-13 19:39:19 -------- d-----w- C:\Windows\Hewlett-Packard
2013-03-13 11:52:47 -------- d-----w- C:\Users\S.\AppData\Roaming\calibre
2013-03-13 11:52:25 -------- d-----w- C:\Program Files\Calibre2
2013-03-13 11:35:58 -------- d-----w- C:\Users\S.\AppData\Roaming\Box Sync
2013-03-13 11:35:56 -------- d-----w- C:\Users\S.\AppData\Roaming\Box Desktop
2013-03-13 11:34:31 -------- d-----w- C:\Program Files\Box Sync
2013-03-13 11:33:35 -------- d-----w- C:\Users\S.\AppData\Local\Box Sync
2013-03-13 11:32:50 -------- d-----w- C:\Program Files (x86)\Audible
2013-03-13 03:29:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-03-13 02:40:24 -------- d-----w- C:\ProgramData\WEBREG
2013-03-13 02:37:09 -------- d-----w- C:\Users\S.\AppData\Local\HP
2013-03-13 02:31:57 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-03-13 02:31:56 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2013-03-13 02:31:35 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2013-03-13 02:31:06 -------- d-----w- C:\Users\S.\AppData\Roaming\HpUpdate
2013-03-13 02:29:59 -------- d-----w- C:\Windows\SysWow64\spool
2013-03-13 02:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-03-13 02:29:07 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2013-03-13 02:27:58 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp02t.dll
2013-03-13 02:27:51 138752 ----a-w- C:\Windows\System32\hpf3l02t.dll
2013-03-13 02:16:58 906240 ----a-w- C:\Windows\System32\hpwwiax5.dll
2013-03-13 02:16:58 644456 ----a-w- C:\Windows\System32\hpzids40.dll
2013-03-13 02:16:58 553472 ----a-w- C:\Windows\System32\hppldcoi.dll
2013-03-13 02:16:58 488960 ----a-w- C:\Windows\System32\hpovst11.dll
2013-03-13 02:16:58 1422848 ----a-w- C:\Windows\System32\hpwtiop4.dll
2013-03-13 02:09:32 -------- d-----w- C:\Users\S.\AppData\Local\Apple Computer
2013-03-13 02:09:14 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-13 02:08:51 -------- d-----w- C:\Program Files\iPod
2013-03-13 02:08:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-13 02:08:50 -------- d-----w- C:\Program Files\iTunes
2013-03-13 02:08:50 -------- d-----w- C:\Program Files (x86)\iTunes
2013-03-13 02:08:07 -------- d-----w- C:\Users\S.\AppData\Local\Apple
2013-03-13 02:07:25 -------- d-----w- C:\Program Files\Bonjour
2013-03-13 02:07:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-03-13 01:59:06 -------- d-----w- C:\Users\S.\My Scans
2013-03-13 01:51:19 -------- d-----w- C:\Users\S.\AppData\Local\Google
2013-03-13 01:39:17 -------- d-----w- C:\Users\S.\AppData\Local\Adobe_Systems_Incorporate
2013-03-13 01:17:32 -------- d-----w- C:\Users\S.\AppData\Local\CyberLink
2013-03-13 01:17:31 -------- d-----w- C:\Users\S.\AppData\Local\PowerCinema
2013-03-13 01:01:22 -------- d-----w- C:\Users\S.\AppData\Local\Adobe
2013-03-13 00:36:38 -------- d-----w- C:\Users\S.\AppData\Local\Macromedia
2013-03-13 00:33:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 00:33:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 22:08:19 -------- d-----w- C:\Users\S.\AppData\Local\Apps
2013-03-12 21:28:24 -------- d-----w- C:\Users\S.\AppData\Local\Diagnostics
2013-03-12 19:44:31 -------- d-----w- C:\Users\S.\AppData\Local\Mozilla
2013-03-12 19:38:00 -------- d-----w- C:\Users\S.\AppData\Roaming\AVG2013
2013-03-12 19:05:08 -------- d-----w- C:\Users\S.\AppData\Roaming\TuneUp Software
2013-03-12 19:04:47 -------- d--h--w- C:\$AVG
2013-03-12 19:04:47 -------- d-----w- C:\ProgramData\AVG2013
2013-03-12 19:04:07 -------- d-----w- C:\Program Files (x86)\AVG
2013-03-12 18:58:31 -------- d--h--w- C:\ProgramData\Common Files
2013-03-12 18:58:31 -------- d-----w- C:\Users\S.\AppData\Local\MFAData
2013-03-12 18:58:31 -------- d-----w- C:\Users\S.\AppData\Local\Avg2013
2013-03-12 18:58:31 -------- d-----w- C:\ProgramData\MFAData
2013-03-12 18:41:45 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE939C86-4AAB-4E1D-9CD7-C76F3CDA3856}\mpengine.dll
2013-03-12 18:41:45 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-12 18:40:01 -------- d-----w- C:\Users\S.\AppData\Roaming\Python-Eggs
2013-03-12 18:39:54 -------- d-----w- C:\Users\S.\AppData\Roaming\
2013-03-12 18:38:58 -------- d-----w- C:\Program Files (x86)\
2013-03-12 18:35:38 -------- d-----w- C:\Users\S.\AppData\Local\ATI
2013-03-12 18:34:34 -------- d-----w- C:\Users\S.\AppData\Roaming\PictureMover
2013-03-12 18:34:00 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2013-03-12 18:33:44 -------- d-----w- C:\Users\S.\AppData\Local\Hewlett-Packard_Company
2013-03-12 18:33:01 -------- d-----w- C:\Users\S.\AppData\Local\VirtualStore
2013-03-12 18:32:58 139264 ----a-w- C:\Windows\System32\cabview.dll
2013-03-12 18:32:58 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2013-03-12 18:32:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-12 18:32:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-12 18:32:57 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-03-12 18:32:57 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-12 18:29:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-12 18:29:27 -------- d-----w- C:\Users\S.\AppData\Roaming\HP TCS
2013-03-12 18:29:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-12 18:29:07 -------- d-----w- C:\Users\S.\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2013-02-26 23:51:28 21208 ----a-w- C:\Windows\help\OEM\Scripts\PSGRedirector.exe
2013-01-10 00:50:50 1251640 ----a-w- C:\Windows\help\OEM\Scripts\HPSAUpgrade.exe
2013-01-04 21:30:12 32720 ----a-w- C:\Windows\help\OEM\Scripts\PWAlertEnable.exe
2012-12-18 19:20:42 76752 ----a-w- C:\Windows\help\OEM\Scripts\HPSAPopupMessaging.dll
.
============= FINISH: 16:24:47.14 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2013 1:28:10 PM
System Uptime: 3/13/2013 2:44:51 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2499/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 694.578 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.197 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is FIXED (NTFS) - 1863 GiB total, 902.512 GiB free.
M: is FIXED (FAT32) - 149 GiB total, 93.775 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1: 3/12/2013 1:28:40 PM - Windows Update
RP2: 3/12/2013 1:34:47 PM - Windows Update
RP3: 3/12/2013 1:39:12 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
RP4: 3/12/2013 1:54:14 PM - Scripted restore
RP5: 3/12/2013 2:03:55 PM - Installed AVG 2013
RP6: 3/12/2013 2:04:12 PM - Installed AVG 2013
RP7: 3/12/2013 3:03:34 PM - Removed Activate Norton Online Backup
RP8: 3/12/2013 8:28:21 PM - 03/12/2013
RP9: 3/12/2013 9:08:09 PM - Installed iTunes
RP10: 3/12/2013 10:20:53 PM - Installed Adobe Acrobat X Pro - English, Français, Deutsch.
RP11: 3/12/2013 10:26:13 PM - Installed Adobe Acrobat X Pro - English, Français, Deutsch.
RP12: 3/13/2013 6:34:02 AM - Installed Box Sync (64 bit)
RP13: 3/13/2013 6:50:32 AM - Installed calibre 64bit
RP14: 3/13/2013 6:56:04 AM - Installed calibre 64bit
RP15: 3/13/2013 2:39:35 PM - Installed Network64
RP16: 3/13/2013 3:46:48 PM - Windows Modules Installer
RP17: 3/13/2013 3:47:34 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
ActiveCheck component for HP Active Support Library
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Digital Editions 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
AVG 2013
Bing Bar
Bing Bar Platform
Bonjour
Box Sync (64 bit)
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
calibre 64bit
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocMgr
DocProc
Fax
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Easy Backup
HP Games
HP Imaging Device Functions 14.0
HP MAINSTREAM KEYBOARD
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Officejet Pro 8500 A909 Series
HP Remote Solution
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HydraVision
iTunes
LabelPrint
LightScribe System Software
MarketResearch
Microsoft Default Manager
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPM
Network64
OCR Software by I.R.I.S. 14.0
PictureMover
Power2Go
PowerDirector
PowerRecover
ProductContext
Realtek High Definition Audio Driver
Scan
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Visual Studio 2010 x64 Redistributables
WebReg
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
3/13/2013 6:56:21 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
3/13/2013 3:58:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/13/2013 2:47:01 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/13/2013 11:07:46 AM, Error: atikmdag [43034] - Unknown EDID version
.
==== End Of File ===========================
 
Okie dokie, let's do some more steps here:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

We'd still like to help. Topic marked inactive, until your return.
 
You must log in or register to reply here.

Similar threads

Jimmy2x
Custom-written malware discovered across Windows, macOS, and Linux systems
Replies
9
Views
1K
Gezzer
G
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back