trojan horse agent r.xj

View previous topic View next topic Go down

trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 1:10 am

I have had this since yesterday and it is multiplying!!

This is what AVG is showing me:

C:\Windows\System32\wuauclt.exe (5984):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
C:\Windows\System32\wuauclt.exe (5984)";"Trojan horse Agent_r.XJ";""
C:\Windows\explorer.exe (1740):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
C:\Windows\explorer.exe (1740)";"Trojan horse Agent_r.XJ";""
C:\Program Files\Internet Explorer\iexplore.exe (5780):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
C:\Program Files\Internet Explorer\iexplore.exe (5780)";"Trojan horse Agent_r.XJ";""
C:\Program Files\Internet Explorer\iexplore.exe (4472):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
C:\Program Files\Internet Explorer\iexplore.exe (4472)";"Trojan horse Agent_r.XJ";""
C:\Program Files\Internet Explorer\iexplore.exe (4344):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
C:\Program Files\Internet Explorer\iexplore.exe (4344)";"Trojan horse Agent_r.XJ";""

It was found with AVG but it can only remove 1/2 infected files and cannot access the rest to sort. I found your site and followed the instructions to download your software in safe mode, scanned and cleaned. However, after rebooting my computer, AVG is still finding infections - at the moment 10 of which 5 have been sorted, yet your software is now not detecting anything. I am now having to scan in normal mode as although it will come up in safe mode, it now comes up with no taskbar of desktop icons, so cannot do anything in Safe mode.

Not sure what to do next, but I'm extremely concrened about what information is being taken from my computer (if any?)

I am not technical, so I donot know what other information to provide.

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by Pancake on Sun 30 Jan 2011, 8:04 am

Hi.Welcome to the forum


Please run all these programs..


Download the TDSSKiller.exe and extract to your Desktop.


Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.


Attach that log here please.



====================================================


Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.







Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 9:10 pm

2011/01/30 10:05:28.0335 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/30 10:05:28.0335 ================================================================================
2011/01/30 10:05:28.0335 SystemInfo:
2011/01/30 10:05:28.0335
2011/01/30 10:05:28.0335 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/30 10:05:28.0335 Product type: Workstation
2011/01/30 10:05:28.0335 ComputerName: FAMILY-PC
2011/01/30 10:05:28.0350 UserName: Jeanette
2011/01/30 10:05:28.0350 Windows directory: C:\Windows
2011/01/30 10:05:28.0350 System windows directory: C:\Windows
2011/01/30 10:05:28.0350 Processor architecture: Intel x86
2011/01/30 10:05:28.0350 Number of processors: 4
2011/01/30 10:05:28.0350 Page size: 0x1000
2011/01/30 10:05:28.0350 Boot type: Normal boot
2011/01/30 10:05:28.0350 ================================================================================
2011/01/30 10:05:28.0740 Initialize success
2011/01/30 10:05:37.0273 ================================================================================
2011/01/30 10:05:37.0273 Scan started
2011/01/30 10:05:37.0273 Mode: Manual;
2011/01/30 10:05:37.0273 ================================================================================
2011/01/30 10:05:38.0412 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/30 10:05:38.0459 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/30 10:05:38.0490 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/30 10:05:38.0537 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/30 10:05:38.0584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/30 10:05:38.0631 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/30 10:05:38.0693 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/30 10:05:38.0724 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/30 10:05:38.0740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/30 10:05:38.0787 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/30 10:05:38.0818 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/30 10:05:38.0849 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/30 10:05:38.0880 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/30 10:05:38.0911 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/30 10:05:38.0943 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/30 10:05:38.0958 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/30 10:05:38.0989 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/30 10:05:39.0021 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/30 10:05:39.0083 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/30 10:05:39.0114 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/30 10:05:39.0161 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/30 10:05:39.0208 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/30 10:05:39.0333 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/30 10:05:39.0395 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/01/30 10:05:39.0442 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/30 10:05:39.0489 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/01/30 10:05:39.0535 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/01/30 10:05:39.0613 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/01/30 10:05:39.0645 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/01/30 10:05:39.0676 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/01/30 10:05:39.0723 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/30 10:05:39.0785 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/30 10:05:39.0832 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/30 10:05:39.0847 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/30 10:05:39.0910 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/30 10:05:39.0941 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/30 10:05:39.0957 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/30 10:05:39.0988 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/30 10:05:40.0019 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/30 10:05:40.0050 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/30 10:05:40.0066 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/30 10:05:40.0113 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/30 10:05:40.0144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/30 10:05:40.0159 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/30 10:05:40.0206 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/30 10:05:40.0253 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/30 10:05:40.0300 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/30 10:05:40.0315 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/30 10:05:40.0347 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/30 10:05:40.0378 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/30 10:05:40.0409 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/30 10:05:40.0440 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/30 10:05:40.0471 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/30 10:05:40.0503 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/30 10:05:40.0518 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/30 10:05:40.0581 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/30 10:05:40.0627 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/30 10:05:40.0705 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/30 10:05:40.0783 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/30 10:05:40.0830 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/30 10:05:40.0861 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/30 10:05:40.0893 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/30 10:05:40.0924 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/30 10:05:40.0955 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/30 10:05:40.0986 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/30 10:05:41.0017 FlashUSB (e044b5c7cd5cea728d13d30d431b13e0) C:\Windows\system32\DRIVERS\FlashUSB.sys
2011/01/30 10:05:41.0049 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/30 10:05:41.0064 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/30 10:05:41.0095 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/30 10:05:41.0111 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/30 10:05:41.0158 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/30 10:05:41.0220 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/30 10:05:41.0283 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/30 10:05:41.0298 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/30 10:05:41.0345 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/30 10:05:41.0376 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/30 10:05:41.0407 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/30 10:05:41.0423 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/30 10:05:41.0454 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/30 10:05:41.0517 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/30 10:05:41.0548 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/30 10:05:41.0595 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/30 10:05:41.0610 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/30 10:05:41.0641 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/30 10:05:41.0673 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/30 10:05:41.0719 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/30 10:05:41.0751 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/30 10:05:41.0829 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/30 10:05:41.0938 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/30 10:05:41.0969 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/30 10:05:42.0000 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/30 10:05:42.0031 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/30 10:05:42.0063 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/30 10:05:42.0109 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/30 10:05:42.0141 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/30 10:05:42.0172 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/30 10:05:42.0187 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/30 10:05:42.0203 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/30 10:05:42.0234 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/30 10:05:42.0281 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/30 10:05:42.0312 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/30 10:05:42.0343 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/30 10:05:42.0390 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/30 10:05:42.0421 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/30 10:05:42.0453 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/30 10:05:42.0468 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/30 10:05:42.0499 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/30 10:05:42.0531 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/30 10:05:42.0546 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/30 10:05:42.0577 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/30 10:05:42.0593 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/30 10:05:42.0624 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/30 10:05:42.0655 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/30 10:05:42.0687 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/30 10:05:42.0718 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/30 10:05:42.0733 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/30 10:05:42.0780 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/30 10:05:42.0811 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/30 10:05:42.0843 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/30 10:05:42.0889 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/30 10:05:42.0921 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/30 10:05:42.0967 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/30 10:05:42.0999 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/30 10:05:43.0014 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/30 10:05:43.0077 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/30 10:05:43.0123 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/30 10:05:43.0155 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/30 10:05:43.0170 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/30 10:05:43.0217 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/30 10:05:43.0217 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/30 10:05:43.0248 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/30 10:05:43.0264 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/30 10:05:43.0311 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/30 10:05:43.0373 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/30 10:05:43.0404 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/30 10:05:43.0435 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/30 10:05:43.0451 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/30 10:05:43.0467 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/30 10:05:43.0498 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/30 10:05:43.0513 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/30 10:05:43.0545 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/30 10:05:43.0591 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/30 10:05:43.0654 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
2011/01/30 10:05:43.0669 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/30 10:05:43.0685 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/30 10:05:43.0716 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/30 10:05:43.0747 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/30 10:05:44.0013 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/30 10:05:44.0200 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/30 10:05:44.0247 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/30 10:05:44.0278 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/30 10:05:44.0325 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/30 10:05:44.0372 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/30 10:05:44.0387 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/30 10:05:44.0418 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/30 10:05:44.0450 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/30 10:05:44.0465 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/30 10:05:44.0481 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/30 10:05:44.0512 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/30 10:05:44.0543 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/30 10:05:44.0637 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/30 10:05:44.0668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/30 10:05:44.0762 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/30 10:05:44.0808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/30 10:05:44.0855 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/30 10:05:44.0871 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/30 10:05:44.0902 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/30 10:05:44.0949 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/30 10:05:44.0964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/30 10:05:44.0996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/30 10:05:45.0042 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/30 10:05:45.0074 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/30 10:05:45.0105 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/30 10:05:45.0136 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/30 10:05:45.0183 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/30 10:05:45.0198 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/30 10:05:45.0230 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/30 10:05:45.0245 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/30 10:05:45.0292 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/30 10:05:45.0308 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/01/30 10:05:45.0386 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/01/30 10:05:45.0417 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/30 10:05:45.0448 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/30 10:05:45.0542 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/30 10:05:45.0588 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/30 10:05:45.0635 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/30 10:05:45.0651 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/30 10:05:45.0713 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/30 10:05:45.0729 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/30 10:05:45.0760 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/30 10:05:45.0776 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/30 10:05:45.0807 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/30 10:05:45.0838 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/30 10:05:45.0869 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/30 10:05:45.0916 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/30 10:05:45.0978 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/30 10:05:46.0025 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/30 10:05:46.0072 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/30 10:05:46.0103 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/30 10:05:46.0181 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/30 10:05:46.0212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/30 10:05:46.0275 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/30 10:05:46.0322 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/30 10:05:46.0353 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/30 10:05:46.0384 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/30 10:05:46.0415 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/30 10:05:46.0431 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/30 10:05:46.0462 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/30 10:05:46.0524 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/30 10:05:46.0556 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/30 10:05:46.0587 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/30 10:05:46.0618 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/30 10:05:46.0665 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/30 10:05:46.0712 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/30 10:05:46.0743 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/30 10:05:46.0790 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/30 10:05:46.0805 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/30 10:05:46.0836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/30 10:05:46.0852 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/30 10:05:46.0883 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/30 10:05:46.0899 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/30 10:05:46.0930 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/30 10:05:46.0961 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/30 10:05:46.0992 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/30 10:05:47.0008 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/30 10:05:47.0039 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/30 10:05:47.0070 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/30 10:05:47.0086 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/30 10:05:47.0117 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/30 10:05:47.0148 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/30 10:05:47.0180 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/30 10:05:47.0195 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/30 10:05:47.0226 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/30 10:05:47.0242 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/30 10:05:47.0273 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/30 10:05:47.0304 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/30 10:05:47.0320 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/30 10:05:47.0367 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/30 10:05:47.0398 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/01/30 10:05:47.0429 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/30 10:05:47.0476 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/30 10:05:47.0476 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/30 10:05:47.0554 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/30 10:05:47.0585 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/30 10:05:47.0663 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/30 10:05:47.0694 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/30 10:05:47.0757 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/30 10:05:47.0819 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/30 10:05:47.0850 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/30 10:05:47.0882 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/30 10:05:47.0913 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/30 10:05:48.0006 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/30 10:05:48.0006 ================================================================================
2011/01/30 10:05:48.0006 Scan finished
2011/01/30 10:05:48.0006 ================================================================================
2011/01/30 10:05:48.0022 Detected object count: 1
2011/01/30 10:05:56.0181 \HardDisk1 - will be cured after reboot
2011/01/30 10:05:56.0181 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/01/30 10:06:06.0851 Deinitialize success

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 9:14 pm

Thanks for coming back to me and so promptly.

As you can see by the above post, I have performed the 1st action.

I have already got the 2nd piece of software downloaded as this is what I tried first - it said that it had got rid of everything, I checked it, and again it said there was nothing detected, then when AVG was run again, it found other stuff.

I have run AVG this morning and intead of finding 10 with 1/2 removed, it has only found 2 with only one of which to be removed.

I will go and run the malware program again now, followed by AVG to see what comes up - will report back later....

Thanks

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 9:19 pm

Silly question: I assume there is no threat to my computer posting these logs on these open forums??

I've not been in this situation before, and have never used a forum before!!

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 9:21 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5638

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/01/2011 10:20:49
mbam-log-2011-01-30 (10-20-49).txt

Scan type: Quick scan
Objects scanned: 158793
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Sun 30 Jan 2011, 9:33 pm

AVG has not detected anything - does that mean I'm clean??

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by Pancake on Mon 31 Jan 2011, 9:06 pm

Ok.I have got to posting again.Let do one more check.

Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper







ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them. If some of ComboFix's files are removed by AVG, it will not perform its routines properly and the developer has determined this can cause damaging or "unpredictable results". This is an issue with AVG and since it cannot be effectively disabled before running ComboFix, the developer has chosen not to allow his tool to run until AVG is uninstalled first in order to avoid any possible issues.


Run the AVG Removal tool.Read How to run AVG Remover Tool here.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Wed 02 Feb 2011, 4:25 am

ComboFix 11-01-31.02 - Jeanette 01/02/2011 17:17:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.2345 [GMT 0:00]
Running from: c:\users\Jeanette\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-02-01 17:21 . 2011-02-01 17:22 -------- d-----w- c:\users\Jeanette\AppData\Local\temp
2011-02-01 17:21 . 2011-02-01 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 10:03 . 2011-01-30 10:03 -------- d-----w- c:\program files\iPod
2011-01-30 10:03 . 2011-01-30 10:03 -------- d-----w- c:\program files\iTunes
2011-01-29 12:39 . 2011-01-29 12:39 -------- d-----w- c:\users\Jeanette\AppData\Roaming\Malwarebytes
2011-01-29 12:38 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-29 12:38 . 2011-01-29 12:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-29 12:38 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 16:47 . 2011-01-23 16:49 -------- d-----w- c:\windows\.jagex_cache_32
2011-01-20 09:07 . 2011-01-20 09:07 40960 ----a-w- c:\windows\_ds3A62.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 19:34 . 2010-03-06 12:37 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-21 19:34 . 2010-03-06 12:45 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-21 19:34 . 2010-03-06 12:36 270856 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-21 19:33 . 2010-03-06 12:36 218496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 19:43 . 2010-03-06 12:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-04 05:52 . 2010-12-15 12:34 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 12:34 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 12:34 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 12:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-04 7703072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\users\Jeanette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-01 17:23:15
ComboFix-quarantined-files.txt 2011-02-01 17:23

Pre-Run: 816,607,019,008 bytes free
Post-Run: 816,544,538,624 bytes free

- - End Of File - - 54ED45CA3D463627DE23146C399EF607

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Wed 02 Feb 2011, 4:27 am

Thank you for coming back to me.

Above you can see the file from ComboFix after performing the next set of instructions.

I had to uninstall AVG, I have now re-install to ensure protection.

I await to hear from you.

nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by Pancake on Wed 02 Feb 2011, 9:08 am

Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by nebulaphoenix on Wed 02 Feb 2011, 9:40 am

I am so relieved, thank you so much for your help, and I hope that I will not need it again. We are so careful, however, it seems possible that these can still get in.

Once the computer has re-booted, I will look through the advice and tips to prevent further infections.

Thank you once again!


nebulaphoenix

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2011-01-30
Operating System : windows7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by Pancake on Wed 02 Feb 2011, 12:35 pm

Your welcome.Gald to assist.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan horse agent r.xj

Post by Sponsored content Today at 2:42 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum