Used RealPlayer Download, various threats

musodude · 02-22-2012, 10:38 PM

Since using RealPlayer to download video from a web page, I noticed the C/Documents and settings/network service, folder has been working over time. Its cookies folder is constantly filling up with "@system.blah blah blah" and is accompanied by several serious threats: jpeg attached..
This is happening as soon as I connect to the net, I am using a ZTE mobile dongle on 3.

Running AVG11 or MWB finds no problems, whether the scan is quick, whole machine or anti-rootkit. And as this routine seems to be establishing itself I think its time to ask the pro's for help.

I have ran DDS and gmer and posted the attached files as instructed, and below I have copied the dds log. Any help would be much appreciated.
If I have forgotten anything just let me know. Thanks in advance.

musodude, thinkpad t60, winxp pro sp2.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by sunflour at 5:15:30 on 2012-02-23
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1450 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 Google
Hosts: 94.63.147.17 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sunflour\application data\mozilla\firefox\profiles\ljc8rnav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-7-26 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2010-2-11 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-4-25 1737464]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-7-26 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-11 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-28 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-28 45424]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-1-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-1-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-1-20 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-6-29 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2011-1-25 20936]
.
=============== Created Last 30 ================
.
2012-02-23 04:04:56 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48:16 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48:16 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-23 01:48:16 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48:16 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48:16 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-19 05:36:12 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-19 04:26:11 98816 ----a-w- c:\windows\sed.exe
2012-02-19 04:26:11 518144 ----a-w- c:\windows\SWREG.exe
2012-02-19 04:26:11 256000 ----a-w- c:\windows\PEV.exe
2012-02-19 04:26:11 208896 ----a-w- c:\windows\MBR.exe
2012-02-19 04:26:02 -------- d-----w- C:\ComboFix
2012-02-18 17:23:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 17:23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 16:21:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-18 16:20:59 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-18 16:20:59 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-18 16:20:59 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-18 16:20:59 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-18 16:20:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-18 16:20:59 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-18 16:20:59 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-18 16:20:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-18 16:20:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-18 16:20:59 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-18 16:20:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-16 02:27:46 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
.
==================== Find3M ====================
.
2008-09-09 10:21:16 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
============= FINISH: 5:16:35.76 ===============

musodude · 03-01-2012, 07:34 PM

Hi Guys... really need to get this sorted... any help will be very much appreciated.

musodude

tetonbob · 03-03-2012, 07:26 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

musodude · 03-05-2012, 12:33 PM

Thanks for your reply Tetonbob... carrying out your instructions now will post results when finished.
You mentioned subscribing to my post... but am not given the option to subscribe.. only unsubscribe... even though I've never subscribed to it....??

MD

tetonbob · 03-05-2012, 12:35 PM

You're all set, your user settings must already be set to automatically subscribe to threads you create or reply to.

musodude · 03-05-2012, 12:59 PM

I have carried out your instructions and attached the requested files.
Hope to hear from your soon.

MD

tetonbob · 03-05-2012, 01:06 PM

Run TDSSKiller once again, and allow it to Cure what it detects. Reboot at the prompt, and send the new log.

Next...I see you've run ComboFix on this machine. Delete any copies you may have.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

musodude · 03-05-2012, 03:21 PM

ComboFix 12-03-04.02 - sunflour 05/03/2012 23:04:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1308 [GMT 0:00]
Running from: c:\documents and settings\sunflour\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\dfusvjul.log
c:\documents and settings\NetworkService\Local Settings\Application Data\efklttxc.log
c:\documents and settings\NetworkService\Local Settings\Application Data\hxldcfeg.log
c:\documents and settings\sunflour\Application Data\Soas
c:\documents and settings\sunflour\Application Data\Soas\weoce.abi
c:\documents and settings\sunflour\Application Data\Soas\weoce.tmp
c:\documents and settings\sunflour\Local Settings\Application Data\coqfamnl.log
c:\documents and settings\sunflour\Local Settings\Application Data\dfusvjul.log
c:\documents and settings\sunflour\Local Settings\Application Data\efklttxc.log
c:\documents and settings\sunflour\Local Settings\Application Data\hxldcfeg.log
c:\documents and settings\sunflour\Local Settings\Application Data\uoxvlkad.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 22:37 . 2012-03-05 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\program files\RegAce System Suite
2012-03-02 03:59 . 2012-03-02 03:59 -------- d-----w- c:\program files\CCleaner
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Local Settings\Application Data\Identities
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Application Data\Owxua
2012-02-28 15:32 . 2012-02-29 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-02-25 03:40 . 2012-02-25 03:40 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48 . 2008-08-22 11:07 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48 . 2008-08-22 11:07 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-23 01:48 . 2008-08-22 11:07 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48 . 2008-08-22 11:07 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48 . 2008-08-22 11:07 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-19 05:36 . 2012-02-24 05:03 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-18 19:15 . 2012-02-18 19:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-18 17:23 . 2012-02-18 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 17:23 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 02:27 . 2006-01-14 05:25 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
2012-02-15 19:55 . 2012-02-15 19:55 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 10:21 . 2010-11-01 03:29 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_04.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 22:39 . 2012-03-05 22:39 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
- 2012-02-17 05:49 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
+ 2012-02-25 03:40 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
- 2004-08-07 00:17 . 2011-11-07 06:39 67260 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:17 . 2012-02-23 01:47 67260 c:\windows\system32\perfc009.dat
+ 2009-10-04 21:44 . 2012-02-20 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2009-10-04 21:44 . 2012-02-15 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2012-02-17 05:49 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
+ 2012-02-25 03:40 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
- 2012-02-17 05:49 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
+ 2012-02-25 03:40 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
- 2012-02-17 05:49 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
+ 2004-08-07 00:17 . 2012-02-23 01:47 430826 c:\windows\system32\perfh009.dat
- 2004-08-07 00:17 . 2011-11-07 06:39 430826 c:\windows\system32\perfh009.dat
+ 2009-07-13 09:35 . 2009-07-13 09:35 466944 c:\windows\RemoveDevice.dll
- 2012-02-17 05:49 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-28 10:07 . 2012-02-28 10:07 1611776 c:\windows\Installer\29d2e97.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-12-17 116056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-10 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSGuide.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [26/07/2010 17:20 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/02/2010 19:58 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 18:04 13480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [26/07/2010 17:20 132456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/02/2012 17:23 652360]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28/10/2009 00:18 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/02/2012 17:23 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/08/2010 00:56 47360]
S1 gotkfojv;gotkfojv;\??\c:\windows\system32\drivers\gotkfojv.sys --> c:\windows\system32\drivers\gotkfojv.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28/10/2009 00:18 45424]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S3 iahj3eox6.sys;iahj3eox6.sys;\??\c:\windows\system32\drivers\iahj3eox6.sys --> c:\windows\system32\drivers\iahj3eox6.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [20/01/2010 02:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [20/01/2010 02:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [20/01/2010 02:27 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [29/06/2007 09:25 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [25/01/2011 02:14 20936]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/11/2009 22:09 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-02 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-11 00:25]
.
2012-03-04 c:\windows\Tasks\RegAce Scheduled Scan - sunflour.job
- c:\program files\RegAce System Suite\RegAce.exe [2012-03-04 11:28]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 13:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{DCD32B2F-48FF-4370-B758-A7B10A8E4E7D}: NameServer = 217.171.132.1 217.171.135.1
FF - ProfilePath - c:\documents and settings\sunflour\Application Data\Mozilla\Firefox\Profiles\ent9nfc3.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 23:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-03-05 23:13:15
ComboFix-quarantined-files.txt 2012-03-05 23:13
ComboFix2.txt 2012-02-19 04:47
.
Pre-Run: 16,123,625,472 bytes free
Post-Run: 16,214,708,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B9E6C9DFA46F0F225793023BDF5CD6A2

tetonbob · 03-05-2012, 03:30 PM

I should think the computer is acting better now. Let me know.

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
c:\windows\system32\drivers\gotkfojv.sys
c:\windows\system32\drivers\iahj3eox6.sys
Driver::
gotkfojv
iahj3eox6.sys
Folder::
c:\documents and settings\sunflour\Application Data\Owxua
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix may request an update; please allow it.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

musodude · 03-06-2012, 01:28 AM

ComboFix 12-03-04.02 - sunflour 06/03/2012 8:47.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1189 [GMT 0:00]
Running from: c:\documents and settings\sunflour\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sunflour\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\gotkfojv.sys"
"c:\windows\system32\drivers\iahj3eox6.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\sunflour\Application Data\Owxua
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IAHJ3EOX6.SYS
-------\Service_gotkfojv
-------\Service_iahj3eox6.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-05 22:37 . 2012-03-05 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\program files\RegAce System Suite
2012-03-02 03:59 . 2012-03-02 03:59 -------- d-----w- c:\program files\CCleaner
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Local Settings\Application Data\Identities
2012-02-28 15:32 . 2012-02-29 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-02-25 03:40 . 2012-02-25 03:40 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48 . 2008-08-22 11:07 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48 . 2008-08-22 11:07 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-23 01:48 . 2008-08-22 11:07 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48 . 2008-08-22 11:07 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48 . 2008-08-22 11:07 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-19 05:36 . 2012-02-24 05:03 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-18 19:15 . 2012-02-18 19:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-18 17:23 . 2012-02-18 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 17:23 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 02:27 . 2006-01-14 05:25 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
2012-02-15 19:55 . 2012-02-15 19:55 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 10:21 . 2010-11-01 03:29 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_04.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 08:55 . 2012-03-06 08:55 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
- 2012-02-17 05:49 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
+ 2012-02-25 03:40 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
- 2004-08-07 00:17 . 2011-11-07 06:39 67260 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:17 . 2012-02-23 01:47 67260 c:\windows\system32\perfc009.dat
+ 2009-10-04 21:44 . 2012-02-20 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2009-10-04 21:44 . 2012-02-15 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2012-02-17 05:49 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
+ 2012-02-25 03:40 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
- 2012-02-17 05:49 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
+ 2012-02-25 03:40 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
- 2012-02-17 05:49 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
+ 2004-08-07 00:17 . 2012-02-23 01:47 430826 c:\windows\system32\perfh009.dat
- 2004-08-07 00:17 . 2011-11-07 06:39 430826 c:\windows\system32\perfh009.dat
+ 2009-07-13 09:35 . 2009-07-13 09:35 466944 c:\windows\RemoveDevice.dll
- 2012-02-17 05:49 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-28 10:07 . 2012-02-28 10:07 1611776 c:\windows\Installer\29d2e97.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-12-17 116056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-10 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSGuide.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [26/07/2010 17:20 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/02/2010 19:58 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 18:04 13480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [26/07/2010 17:20 132456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/02/2012 17:23 652360]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28/10/2009 00:18 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/02/2012 17:23 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/08/2010 00:56 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28/10/2009 00:18 45424]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [20/01/2010 02:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [20/01/2010 02:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [20/01/2010 02:27 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [29/06/2007 09:25 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [25/01/2011 02:14 20936]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/11/2009 22:09 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-11 00:25]
.
2012-03-04 c:\windows\Tasks\RegAce Scheduled Scan - sunflour.job
- c:\program files\RegAce System Suite\RegAce.exe [2012-03-04 11:28]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 13:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{DCD32B2F-48FF-4370-B758-A7B10A8E4E7D}: NameServer = 217.171.132.1 217.171.135.1
FF - ProfilePath - c:\documents and settings\sunflour\Application Data\Mozilla\Firefox\Profiles\ent9nfc3.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-06 08:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-03-06 09:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 09:00
ComboFix2.txt 2012-03-05 23:13
ComboFix3.txt 2012-02-19 04:47
.
Pre-Run: 16,250,101,760 bytes free
Post-Run: 16,129,630,208 bytes free
.
- - End Of File - - 0193E68D7DA34F7EB3916DC9CBCD8A1D

tetonbob · 03-06-2012, 06:45 AM

Hi musodude. A few more tasks for you.

I see that you have Malwarebytes' Anti-Malware installed.

Please update it's definitions, and run a new Quick Scan.

Launch Malwarebytes' Anti-malware
On the updates tab, click on Check for Updates
If an update is found, it will begin. Once the update is complete..
Click on the Scanner tab. Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

-----------------

Your Java is out of date.

Java(TM) 6 Update 22 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Let me know if it does not.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

musodude · 03-10-2012, 07:00 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.03.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.5512
sunflour :: THENUTHO-958874 [administrator]

Protection: Enabled

10/03/2012 03:45:49
mbam-log-2012-03-10 (03-45-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 196358
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2428493a93f2904ebe9a5dd53240d570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-10 06:48:18
# local_time=2012-03-10 06:48:18 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1032 16777189 100 96 211617 74518243 0 0
# compatibility_mode=8192 67108863 100 0 4194 4194 0 0
# scanned=97074
# found=126
# cleaned=0
# scan_time=7999
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\36a6a81a-54f66e74 Java/Exploit.CVE-2011-3544.AX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\6b13591c-20aa34fc a variant of Java/Exploit.CVE-2011-3544.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\386fdc27-14f38744 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\50a893a9-409774df Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\4f3ed670-1b762351 Java/Exploit.Agent.NAP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\45c223c9-14c34388 a variant of Java/Exploit.CVE-2011-3544.AV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\regacesetup.exe a variant of Win32/Adware.AntiMalwarePro.AD application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[11].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[15].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[16].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[17].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[18].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[19].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[20].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[21].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[22].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[15].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[16].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[19].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[20].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[22].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\main[2].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\main[1].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\main[2].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[11].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Local Settings\Application Data\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\My Documents\Downloads\PC stuff\Babylon8 translator_setup.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\RegAce System Suite\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.JG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I

Since this scan I have deleted the desktop safe folder. It was a folder I placed some items from the C:docs and sets/Network/service folder when I wasn't sure if I should be deleting them.

tetonbob · 03-10-2012, 07:35 AM

About RegAce System Suite
Registry Cleaners are not recommended. They often cause more problems than they claim to cure.

Our colleague miekiemoes has an excellent writeup here:
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools

Another excellent article by Bill Castner is located here:
AumHa Forums • View topic - AUMHA Discussion: Should I Use a Registry Cleaner?

Another article by Ed Bott is here:
Why I don’t use registry cleaners | Ed Bott

These files and folders can be deleted
C:\Documents and Settings\sunflour\Desktop\regacesetup.exe
C:\Documents and Settings\sunflour\My Documents\Downloads\PC stuff\Babylon8 translator_setup.exe
C:\Documents and Settings\sunflour\Local Settings\Application Data\Babylon
C:\TDSSKiller_Quarantine

Let me know if you have any trouble with that.

This tool will clear out the Java detections, as well as clear temp files and empty your Recycle Bin.

1. Download TFC (Temp File Cleaner)to your desktop, or other location.
http://oldtimer.geekstogo.com/TFC.exe
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.

This computer only has Windows XP Service Pack 2 installed. It should have Service Pack 3. Without SP3 installed, this computer cannot get security updates and is subject to exploit.

I would advise installing SP3 from this link
How to obtain the latest Windows XP service pack
Download: Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers - Microsoft Download Center - Download Details

Additionally, your version of Internet Explorer is badly outdated. IE6 is also subject to exploit. You should install IE8 from this link
Download: Windows Internet Explorer 8 for Windows XP - Microsoft Download Center - Download Details

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.

Disconnect from the internet and disable your AntiVirus temporarily.

Go to

-> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

---------------------------------------------------------------------------------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look here:

PC Safety and Security--What Do I Need?

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

tetonbob · 04-07-2012, 06:49 PM

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum