logs
Database version: v2012.03.26.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TimH :: TOSHIBA_P35-S60 [administrator]
3/26/2012 5:10:37 PM
mbam-log-2012-03-26 (17-10-37).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466389
Time elapsed: 1 hour(s), 46 minute(s), 26 second(s)
Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> 548 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe (Backdoor.Agent.RCGen) -> 2496 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\rSkVSbFvavfCaY.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\All Users\Application Data\rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe (Backdoor.Agent.RCGen) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1606980848-725345543-1003\Dc201.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
(end)
Second Log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.26.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
TimH :: TOSHIBA_P35-S60 [administrator]
3/26/2012 7:44:36 PM
mbam-log-2012-03-26 (19-44-36).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466189
Time elapsed: 1 hour(s), 44 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER log
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-03-26 19:43:24
Windows 5.1.2600 Service Pack 3
Running: h94rnms4.exe; Driver: C:\DOCUME~1\TimH\LOCALS~1\Temp\fwaorkod.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\877570FF05E6de7499D1B370DFE42305\Usage@TrayApp 1081760814
---- EOF - GMER 1.0.15 ----