Hijack Scan, after Rootkit/Agent.KGR delete

[Flutterby]

Hello,

 

A few days ago I scanned my system online at pandasecurity because I just knew something was up with my machine, it wasn't acting right. Avast did not detect it. Panda DID detect it (Rootkit/Agent.KGR file: winpfz33.sys) with vulnerability (MS09-072 - threat level: high) and said it deleted successfully. I decided to go pro with advanced system care and bought IObit Security 360, also. The IObit Malware scanner found the Rootkit/Agent.KGR. I would really like to get rid of this thing and any other vulnerabilities that may be linked to it. Any help would be greatly appreciated, thanks.

 

Here is my Highjack Scan:

 

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart (ATI Smart) - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown - C:\WINDOWS\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

[enoskype]

Hi Flutterby,

 

Please post your IS360 malware scan log here in this thread.

 

Cheers.

[Flutterby]

[2010-02-07]

 

 

IObit Security 360

 

OS:Windows XP

Version:1.4.0.11

Define Version:1321

Time Elapsed:00:03:15

Objects Scanned:48564

Threats Found:13

 

|Name|Type|Description|ID|

Trojan.Win32/Agent - Removed, Folder, C:\WINDOWS\system32\wTR02, 3-1332

Misleading.RegistryDefender - Removed, Folder, C:\Program Files\Angle Interactive\RD Platinum v5.0, 3-2362

Misleading.RegistryDefender - Removed, Folder, C:\Program Files\Angle Interactive\RD Platinum v5.0\repair-bar, 3-2362

Misleading.RegistryDefender - Removed, Folder, C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100, 3-2362

Misleading.RegistryDefender - Removed, Folder, C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse, 3-2362

Misleading.RegistryDefender - Quarantined, File, C:\Program Files\Angle Interactive\RD Platinum v5.0\Updater.exe, 3-2362

Tracking Cookies - Removed, Cookies, http://creativeby2.unicast.com/assets/uc/3.0/v.txt?=0.0886639654636383, 7-1574

Adware - Removed, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465}, 5-756

Adware - Removed, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2}, 5-8669

Adware - Removed, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3}, 5-8670

Trojan.Win32/Agent - Quarantined, File, C:\WINDOWS\system32\msnav32.ax, 4-10121

Adware - Quarantined, File, C:\WINDOWS\system32\zxdnt3d.cfg., 4-14878

Misleading.Spy - Removed, Registry Key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager, 4-27156

[Melvin_Deal]

Hi flutterby!

 

This is mostly a bump post.

 

The agent you originally described appears to be a different one than what IS360 has nailed. If you run 360, re-boot, and re run 360, does the agent come back?

[Flutterby]

I've run 360, rebooted and run again and so far it has not come back. I am still concerned about the quarantine list as to whether I should leave the things that are there alone or to delete them all-together.

[sunny staines]

flutterboy

 

your avast protection is out of date avast ver5 is the latest you still seem to be on ver 4

 

http://majorgeeks.com/Avast_Home_Edition_d1968.html

[Melvin_Deal]

Hi flutterby!

 

If it makes you more comfortable, go ahead and delete them.:-D