ProcessLogger.exe Virus Assistance Please

C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]
severity low

  1. How was it detected?
  2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
  3. When was it downloaded or received?

My browsers were stalling. Hotmail and Google were not loading. My other laptop found same virus 2 weeks ago and I made an effort not to use the usb that I believe it came from, nor my cellphone (which i believe is also infected) on this computer. But today after the browsers started acting up, I used my digital camera memory stick (which I also used at a internet cafe along with the infected USB). Surprised that Avast didn`t pop up as it did on my other computer. I decided to do a bootscan anyway. When avast popped up on the other computer, thats what it recommended, a boot scan.

The file came from a college library computer. I went to my former colleges library to scan something (same place I brought home a virus from when I first used the computer there 6 years ago); used my usb. when i got home, I used same usb on my laptop. My cell was plugged in cause I was tethering. Browsers stalled, pages wouldnt load, Avast eventually popped up after 15-20 mins (Cant remember if before or after I restarted computer). I pulled out my cell right after seeing the avast warning. My cell wouldnt turn off or on. It was just blank. I pulled out the battery, put it back, then it turned on. I was convinced that it is infected.

  1. What is the exact file name with extension.

C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]

  1. What was the exact wording of the message that the AV program came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!

During the bootscan and now in Avast results:

Error 0xc0000034 object name not found

0xc000009c (Status_Device_Data_Error)

Error 42060 File was not repaired

C:\HP\BIN\Error 0xc000000D {An invalid parameter was passed to a service or function}

When I tried to load and update Malwarebytes, this error appears: DCSH HOST error.

Then, when I try to reload it, “Malwarebytes is already running” but I can’t find it anywhere.

I would greatly appreciate any assistance possible.

Thanks

Hey PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan).

follow this guide if you think your infected.

http://forum.avast.com/index.php?topic=53253.0

good luck

this PUP detection has been reported many times before…(C:\HP\BIN\ProcessLogger.exe ) search the forum and see

the file belongs to a factory installed HP program.
you will also find similar detections from Toshiba an Dell programs reported in here

anyway, avast is just telling you that you have a program that can be used for good or bad if abused

and as already said, PUP scan is default off in quick/full scan but on in boot scan
so you should be prepaired for a scan result like this when running a boot scan

The above posts are entirely accurate. However, the problems you describe sound like they could be from another malware on the system. Please post logs as described in http://forum.avast.com/index.php?topic=53253.0 and wait for a removal expert.

Thanks. And thanks flashgamer001 for recognizing that it could be something else.

Here are my logs for MBAM, OTL, and asmMBR:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.01

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
user :: USER-PC [administrator]

24/08/2012 11:42:59 PM
mbam-log-2012-08-24 (23-42-59).txt

Scan type: Full scan (C:|D:|E:|G:|H:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325559
Time elapsed: 1 hour(s), 31 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36

12:15:36.864 OS Version: Windows 6.0.6000
12:15:36.864 Number of processors: 2 586 0xF0D
12:15:36.864 ComputerName: USER-PC UserName: user
12:15:39.859 Initialize success
12:15:40.452 AVAST engine defs: 12082600
12:16:01.451 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
12:16:01.451 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482 Disk 0 MBR read successfully
12:16:01.482 Disk 0 MBR scan
12:16:01.497 Disk 0 unknown MBR code
12:16:01.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145412 MB offset 63
12:16:01.544 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7210 MB offset 297805824
12:16:01.560 Disk 0 scanning sectors +312571904
12:16:01.638 Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681 Service scanning
12:16:42.340 Modules scanning
12:16:55.834 Disk 0 trace - called modules:
12:16:55.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427 3 ntkrnlpa.exe[82cb07e2] → nt!IofCallDriver → [0x85b23798]
12:16:56.427 5 acpi.sys[8047332a] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283 AVAST engine scan C:\Windows
12:17:01.731 AVAST engine scan C:\Windows\system32
12:19:36.218 AVAST engine scan C:\Windows\system32\drivers
12:19:52.910 AVAST engine scan C:\Users\user
12:25:52.287 AVAST engine scan C:\ProgramData
12:27:13.111 Scan finished successfully
12:29:29.065 Disk 0 MBR has been saved successfully to “C:\Users\user\Desktop\MBR.dat”
12:29:29.080 The log file has been saved successfully to “C:\Users\user\Desktop\aswMBR.txt”

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36

12:15:36.864 OS Version: Windows 6.0.6000
12:15:36.864 Number of processors: 2 586 0xF0D
12:15:36.864 ComputerName: USER-PC UserName: user
12:15:39.859 Initialize success
12:15:40.452 AVAST engine defs: 12082600
12:16:01.451 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
12:16:01.451 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482 Disk 0 MBR read successfully
12:16:01.482 Disk 0 MBR scan
12:16:01.497 Disk 0 unknown MBR code
12:16:01.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145412 MB offset 63
12:16:01.544 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7210 MB offset 297805824
12:16:01.560 Disk 0 scanning sectors +312571904
12:16:01.638 Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681 Service scanning
12:16:42.340 Modules scanning
12:16:55.834 Disk 0 trace - called modules:
12:16:55.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427 3 ntkrnlpa.exe[82cb07e2] → nt!IofCallDriver → [0x85b23798]
12:16:56.427 5 acpi.sys[8047332a] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283 AVAST engine scan C:\Windows
12:17:01.731 AVAST engine scan C:\Windows\system32
12:19:36.218 AVAST engine scan C:\Windows\system32\drivers
12:19:52.910 AVAST engine scan C:\Users\user
12:25:52.287 AVAST engine scan C:\ProgramData
12:27:13.111 Scan finished successfully
12:29:29.065 Disk 0 MBR has been saved successfully to “C:\Users\user\Desktop\MBR.dat”
12:29:29.080 The log file has been saved successfully to “C:\Users\user\Desktop\aswMBR.txt”
12:29:46.189 Disk 0 MBR has been saved successfully to “C:\Users\user\Desktop\MBR.dat”
12:29:46.205 The log file has been saved successfully to “C:\Users\user\Desktop\aswMBR.txt”

Thanks

i see you have IObit advanced system care!
here is some info about that company :-\

http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

I can see no apparent malware, have you tried an uninstal and then reinstal of MBAM ?