Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Used RealPlayer Download, various threats

This is a discussion on Used RealPlayer Download, various threats within the Resolved HJT Threads forums, part of the Tech Support Forum category. Since using RealPlayer to download video from a web page, I noticed the C/Documents and settings/network service, folder has been


 
 
Thread Tools Search this Thread
Old 02-22-2012, 10:38 PM   #1
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



Since using RealPlayer to download video from a web page, I noticed the C/Documents and settings/network service, folder has been working over time. Its cookies folder is constantly filling up with "@system.blah blah blah" and is accompanied by several serious threats: jpeg attached..
This is happening as soon as I connect to the net, I am using a ZTE mobile dongle on 3.

Running AVG11 or MWB finds no problems, whether the scan is quick, whole machine or anti-rootkit. And as this routine seems to be establishing itself I think its time to ask the pro's for help.

I have ran DDS and gmer and posted the attached files as instructed, and below I have copied the dds log. Any help would be much appreciated.
If I have forgotten anything just let me know. Thanks in advance.

musodude, thinkpad t60, winxp pro sp2.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by sunflour at 5:15:30 on 2012-02-23
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1450 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 Google
Hosts: 94.63.147.17 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sunflour\application data\mozilla\firefox\profiles\ljc8rnav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-7-26 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2010-2-11 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-4-25 1737464]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-7-26 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-11 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-28 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-28 45424]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-1-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-1-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-1-20 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-6-29 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2011-1-25 20936]
.
=============== Created Last 30 ================
.
2012-02-23 04:04:56 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48:16 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48:16 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-23 01:48:16 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48:16 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48:16 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-19 05:36:12 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-19 04:26:11 98816 ----a-w- c:\windows\sed.exe
2012-02-19 04:26:11 518144 ----a-w- c:\windows\SWREG.exe
2012-02-19 04:26:11 256000 ----a-w- c:\windows\PEV.exe
2012-02-19 04:26:11 208896 ----a-w- c:\windows\MBR.exe
2012-02-19 04:26:02 -------- d-----w- C:\ComboFix
2012-02-18 17:23:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 17:23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 16:21:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-18 16:20:59 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-18 16:20:59 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-18 16:20:59 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-18 16:20:59 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-18 16:20:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-18 16:20:59 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-18 16:20:59 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-18 16:20:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-18 16:20:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-18 16:20:59 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-18 16:20:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-16 02:27:46 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
.
==================== Find3M ====================
.
2008-09-09 10:21:16 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
============= FINISH: 5:16:35.76 ===============
Attached Files
File Type: zip ark.zip (1.2 KB, 17 views)
File Type: zip attach.zip (4.4 KB, 15 views)

__________________
musodude is offline  
Old 03-01-2012, 07:34 PM   #2
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



Hi Guys... really need to get this sorted... any help will be very much appreciated.

musodude

__________________
musodude is offline  
Old 03-03-2012, 07:26 AM   #3
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 03-05-2012, 12:33 PM   #4
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



Thanks for your reply Tetonbob... carrying out your instructions now will post results when finished.
You mentioned subscribing to my post... but am not given the option to subscribe.. only unsubscribe... even though I've never subscribed to it....??

MD
__________________
musodude is offline  
Old 03-05-2012, 12:35 PM   #5
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



You're all set, your user settings must already be set to automatically subscribe to threads you create or reply to.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 03-05-2012, 12:59 PM   #6
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



I have carried out your instructions and attached the requested files.
Hope to hear from your soon.

MD
Attached Files
File Type: txt TDSSKiller.2.7.19.0_05.03.2012_20.34.28_log.txt (55.5 KB, 19 views)
File Type: txt aswMBR.txt (1.8 KB, 15 views)
File Type: zip MBR.zip (519 Bytes, 12 views)
__________________
musodude is offline  
Old 03-05-2012, 01:06 PM   #7
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



Run TDSSKiller once again, and allow it to Cure what it detects. Reboot at the prompt, and send the new log.

Next...I see you've run ComboFix on this machine. Delete any copies you may have.

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 03-05-2012, 03:21 PM   #8
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



ComboFix 12-03-04.02 - sunflour 05/03/2012 23:04:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1308 [GMT 0:00]
Running from: c:\documents and settings\sunflour\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\dfusvjul.log
c:\documents and settings\NetworkService\Local Settings\Application Data\efklttxc.log
c:\documents and settings\NetworkService\Local Settings\Application Data\hxldcfeg.log
c:\documents and settings\sunflour\Application Data\Soas
c:\documents and settings\sunflour\Application Data\Soas\weoce.abi
c:\documents and settings\sunflour\Application Data\Soas\weoce.tmp
c:\documents and settings\sunflour\Local Settings\Application Data\coqfamnl.log
c:\documents and settings\sunflour\Local Settings\Application Data\dfusvjul.log
c:\documents and settings\sunflour\Local Settings\Application Data\efklttxc.log
c:\documents and settings\sunflour\Local Settings\Application Data\hxldcfeg.log
c:\documents and settings\sunflour\Local Settings\Application Data\uoxvlkad.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 22:37 . 2012-03-05 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\program files\RegAce System Suite
2012-03-02 03:59 . 2012-03-02 03:59 -------- d-----w- c:\program files\CCleaner
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Local Settings\Application Data\Identities
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Application Data\Owxua
2012-02-28 15:32 . 2012-02-29 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-02-25 03:40 . 2012-02-25 03:40 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48 . 2008-08-22 11:07 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48 . 2008-08-22 11:07 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-23 01:48 . 2008-08-22 11:07 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48 . 2008-08-22 11:07 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48 . 2008-08-22 11:07 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-19 05:36 . 2012-02-24 05:03 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-18 19:15 . 2012-02-18 19:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-18 17:23 . 2012-02-18 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 17:23 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 02:27 . 2006-01-14 05:25 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
2012-02-15 19:55 . 2012-02-15 19:55 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 10:21 . 2010-11-01 03:29 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_04.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 22:39 . 2012-03-05 22:39 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
- 2012-02-17 05:49 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
+ 2012-02-25 03:40 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
- 2004-08-07 00:17 . 2011-11-07 06:39 67260 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:17 . 2012-02-23 01:47 67260 c:\windows\system32\perfc009.dat
+ 2009-10-04 21:44 . 2012-02-20 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2009-10-04 21:44 . 2012-02-15 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2012-02-17 05:49 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
+ 2012-02-25 03:40 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
- 2012-02-17 05:49 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
+ 2012-02-25 03:40 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
- 2012-02-17 05:49 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
+ 2004-08-07 00:17 . 2012-02-23 01:47 430826 c:\windows\system32\perfh009.dat
- 2004-08-07 00:17 . 2011-11-07 06:39 430826 c:\windows\system32\perfh009.dat
+ 2009-07-13 09:35 . 2009-07-13 09:35 466944 c:\windows\RemoveDevice.dll
- 2012-02-17 05:49 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-28 10:07 . 2012-02-28 10:07 1611776 c:\windows\Installer\29d2e97.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-12-17 116056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-10 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSGuide.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [26/07/2010 17:20 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/02/2010 19:58 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 18:04 13480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [26/07/2010 17:20 132456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/02/2012 17:23 652360]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28/10/2009 00:18 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/02/2012 17:23 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/08/2010 00:56 47360]
S1 gotkfojv;gotkfojv;\??\c:\windows\system32\drivers\gotkfojv.sys --> c:\windows\system32\drivers\gotkfojv.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28/10/2009 00:18 45424]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S3 iahj3eox6.sys;iahj3eox6.sys;\??\c:\windows\system32\drivers\iahj3eox6.sys --> c:\windows\system32\drivers\iahj3eox6.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [20/01/2010 02:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [20/01/2010 02:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [20/01/2010 02:27 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [29/06/2007 09:25 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [25/01/2011 02:14 20936]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/11/2009 22:09 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-02 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-11 00:25]
.
2012-03-04 c:\windows\Tasks\RegAce Scheduled Scan - sunflour.job
- c:\program files\RegAce System Suite\RegAce.exe [2012-03-04 11:28]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 13:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{DCD32B2F-48FF-4370-B758-A7B10A8E4E7D}: NameServer = 217.171.132.1 217.171.135.1
FF - ProfilePath - c:\documents and settings\sunflour\Application Data\Mozilla\Firefox\Profiles\ent9nfc3.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 23:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-03-05 23:13:15
ComboFix-quarantined-files.txt 2012-03-05 23:13
ComboFix2.txt 2012-02-19 04:47
.
Pre-Run: 16,123,625,472 bytes free
Post-Run: 16,214,708,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B9E6C9DFA46F0F225793023BDF5CD6A2
Attached Files
File Type: txt TDSSKiller.2.7.19.0_05.03.2012_22.35.14_log.txt (57.7 KB, 18 views)
__________________
musodude is offline  
Old 03-05-2012, 03:30 PM   #9
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



I should think the computer is acting better now. Let me know.

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    File::
    c:\windows\system32\drivers\gotkfojv.sys
    c:\windows\system32\drivers\iahj3eox6.sys
    Driver::
    gotkfojv
    iahj3eox6.sys
    Folder::
    c:\documents and settings\sunflour\Application Data\Owxua
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 03-06-2012, 01:28 AM   #10
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



ComboFix 12-03-04.02 - sunflour 06/03/2012 8:47.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1189 [GMT 0:00]
Running from: c:\documents and settings\sunflour\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sunflour\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\gotkfojv.sys"
"c:\windows\system32\drivers\iahj3eox6.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\sunflour\Application Data\Owxua
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IAHJ3EOX6.SYS
-------\Service_gotkfojv
-------\Service_iahj3eox6.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-05 22:37 . 2012-03-05 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-03-04 20:53 . 2012-03-04 20:53 -------- d-----w- c:\program files\RegAce System Suite
2012-03-02 03:59 . 2012-03-02 03:59 -------- d-----w- c:\program files\CCleaner
2012-02-29 10:07 . 2012-02-29 10:07 -------- d-----w- c:\documents and settings\sunflour\Local Settings\Application Data\Identities
2012-02-28 15:32 . 2012-02-29 21:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-02-25 03:40 . 2008-01-17 16:50 100864 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-02-25 03:40 . 2012-02-25 03:40 -------- d-----w- c:\windows\system32\SupportApp
2012-02-23 01:48 . 2008-08-22 11:07 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-02-23 01:48 . 2008-08-22 11:07 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-23 01:48 . 2008-08-22 11:07 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-23 01:48 . 2008-08-22 11:07 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-02-23 01:48 . 2008-08-22 11:07 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-19 05:36 . 2012-02-24 05:03 -------- d-----w- c:\windows\system32\%APPDATA%
2012-02-18 19:15 . 2012-02-18 19:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-18 17:23 . 2012-02-18 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 17:23 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 02:27 . 2006-01-14 05:25 81920 ----a-w- c:\windows\system32\ImageDrive.cpl
2012-02-15 19:55 . 2012-02-15 19:55 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 10:21 . 2010-11-01 03:29 3030705 ----a-w- c:\program files\Cartoon Maker.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_04.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 08:55 . 2012-03-06 08:55 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
- 2012-02-17 05:49 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-12-26 17:49 39936 c:\windows\system32\SupportApp\remove64.exe
+ 2012-02-25 03:40 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 33785 c:\windows\system32\SupportApp\remove.exe
- 2012-02-17 05:49 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
+ 2012-02-25 03:40 . 2008-01-17 16:50 60416 c:\windows\system32\SupportApp\file_aut.exe
- 2004-08-07 00:17 . 2011-11-07 06:39 67260 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:17 . 2012-02-23 01:47 67260 c:\windows\system32\perfc009.dat
+ 2009-10-04 21:44 . 2012-02-20 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2009-10-04 21:44 . 2012-02-15 15:00 1984 c:\windows\system32\d3d9caps.dat
- 2012-02-17 05:49 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
+ 2012-02-25 03:40 . 2008-01-18 08:11 372736 c:\windows\system32\SupportApp\Setup\setup.exe
- 2012-02-17 05:49 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
+ 2012-02-25 03:40 . 2007-04-18 13:06 535552 c:\windows\system32\SupportApp\Setup\ISSetup.dll
- 2012-02-17 05:49 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-04-27 05:06 156616 c:\windows\system32\SupportApp\Setup\_Setup.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
- 2012-02-17 05:49 . 2007-09-27 20:07 204800 c:\windows\system32\SupportApp\EXETimer.exe
+ 2004-08-07 00:17 . 2012-02-23 01:47 430826 c:\windows\system32\perfh009.dat
- 2004-08-07 00:17 . 2011-11-07 06:39 430826 c:\windows\system32\perfh009.dat
+ 2009-07-13 09:35 . 2009-07-13 09:35 466944 c:\windows\RemoveDevice.dll
- 2012-02-17 05:49 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-25 03:40 . 2007-09-27 20:07 1412608 c:\windows\system32\SupportApp\cc3260.dll
+ 2012-02-28 10:07 . 2012-02-28 10:07 1611776 c:\windows\Installer\29d2e97.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-12-17 116056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-10 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSGuide.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [26/07/2010 17:20 24304]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/02/2010 19:58 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 18:04 13480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [26/07/2010 17:20 132456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/02/2012 17:23 652360]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28/10/2009 00:18 62320]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/02/2012 17:23 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22/08/2010 00:56 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28/10/2009 00:18 45424]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 23:16 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [20/01/2010 02:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [20/01/2010 02:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [20/01/2010 02:27 121856]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [29/06/2007 09:25 33664]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [25/01/2011 02:14 20936]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/11/2009 22:09 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2012-03-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-11 00:25]
.
2012-03-04 c:\windows\Tasks\RegAce Scheduled Scan - sunflour.job
- c:\program files\RegAce System Suite\RegAce.exe [2012-03-04 11:28]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 13:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{DCD32B2F-48FF-4370-B758-A7B10A8E4E7D}: NameServer = 217.171.132.1 217.171.135.1
FF - ProfilePath - c:\documents and settings\sunflour\Application Data\Mozilla\Firefox\Profiles\ent9nfc3.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-06 08:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-03-06 09:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 09:00
ComboFix2.txt 2012-03-05 23:13
ComboFix3.txt 2012-02-19 04:47
.
Pre-Run: 16,250,101,760 bytes free
Post-Run: 16,129,630,208 bytes free
.
- - End Of File - - 0193E68D7DA34F7EB3916DC9CBCD8A1D
__________________
musodude is offline  
Old 03-06-2012, 06:45 AM   #11
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



Hi musodude. A few more tasks for you.

I see that you have Malwarebytes' Anti-Malware installed.

Please update it's definitions, and run a new Quick Scan.
  • Launch Malwarebytes' Anti-malware
  • On the updates tab, click on Check for Updates
  • If an update is found, it will begin. Once the update is complete..
  • Click on the Scanner tab. Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

-----------------

Your Java is out of date.

Java(TM) 6 Update 22 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Let me know if it does not.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 03-10-2012, 07:00 AM   #12
Registered Member
 
Join Date: Feb 2012
Location: North West, England
Posts: 7
OS: WinXP Pro SP2



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.03.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.5512
sunflour :: THENUTHO-958874 [administrator]

Protection: Enabled

10/03/2012 03:45:49
mbam-log-2012-03-10 (03-45-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 196358
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2428493a93f2904ebe9a5dd53240d570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-10 06:48:18
# local_time=2012-03-10 06:48:18 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1032 16777189 100 96 211617 74518243 0 0
# compatibility_mode=8192 67108863 100 0 4194 4194 0 0
# scanned=97074
# found=126
# cleaned=0
# scan_time=7999
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\36a6a81a-54f66e74 Java/Exploit.CVE-2011-3544.AX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\6b13591c-20aa34fc a variant of Java/Exploit.CVE-2011-3544.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\386fdc27-14f38744 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\50a893a9-409774df Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\4f3ed670-1b762351 Java/Exploit.Agent.NAP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\45c223c9-14c34388 a variant of Java/Exploit.CVE-2011-3544.AV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\regacesetup.exe a variant of Win32/Adware.AntiMalwarePro.AD application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\1FFFXL4U\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[11].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[15].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[16].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[17].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[18].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[19].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[20].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[21].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[22].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\4PMNS5YJ\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[15].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[16].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[19].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[20].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[22].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\6X4ZA9A5\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\9JKL4HRJ\main[2].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\BU47VD0H\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\CS0YLBS1\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\G3QJ6TXF\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\GF2VQE8W\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\KTKN838B\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\OX6JWL6Z\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\SJLREUZ1\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\main[1].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\T1AWYCC2\main[2].htm JS/Kryptik.JL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UBKWX5VU\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[10].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[11].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[12].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[13].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[14].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[3].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[4].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[5].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[6].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[7].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[8].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Desktop\SAFE move-c docset-netser-locsets-tempint-contIe5\UDDA3Q1O\fishki.wen9[9].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\Local Settings\Application Data\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\sunflour\My Documents\Downloads\PC stuff\Babylon8 translator_setup.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\RegAce System Suite\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.JG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\05.03.2012_22.35.15\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I




Since this scan I have deleted the desktop safe folder. It was a folder I placed some items from the C:docs and sets/Network/service folder when I wasn't sure if I should be deleting them.
__________________
musodude is offline  
Old 03-10-2012, 07:35 AM   #13
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



About RegAce System Suite
Registry Cleaners are not recommended. They often cause more problems than they claim to cure.

Our colleague miekiemoes has an excellent writeup here:
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools

Another excellent article by Bill Castner is located here:
AumHa Forums • View topic - AUMHA Discussion: Should I Use a Registry Cleaner?

Another article by Ed Bott is here:
Why I don’t use registry cleaners | Ed Bott

These files and folders can be deleted
C:\Documents and Settings\sunflour\Desktop\regacesetup.exe
C:\Documents and Settings\sunflour\My Documents\Downloads\PC stuff\Babylon8 translator_setup.exe
C:\Documents and Settings\sunflour\Local Settings\Application Data\Babylon
C:\TDSSKiller_Quarantine

Let me know if you have any trouble with that.

This tool will clear out the Java detections, as well as clear temp files and empty your Recycle Bin.

1. Download TFC (Temp File Cleaner)to your desktop, or other location.
http://oldtimer.geekstogo.com/TFC.exe
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.

This computer only has Windows XP Service Pack 2 installed. It should have Service Pack 3. Without SP3 installed, this computer cannot get security updates and is subject to exploit.

I would advise installing SP3 from this link
How to obtain the latest Windows XP service pack
Download: Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers - Microsoft Download Center - Download Details

Additionally, your version of Internet Explorer is badly outdated. IE6 is also subject to exploit. You should install IE8 from this link
Download: Windows Internet Explorer 8 for Windows XP - Microsoft Download Center - Download Details

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall
This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

---------------------------------------------------------------------------------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look here:
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-07-2012, 06:49 PM   #14
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,958
OS: XP Pro; XP Home; Win7 x86 & x64



Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't View Google, Web Threats Piling Up Via Trend Micro
I was reading financial articles online yesterday, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it. Once I re-started, I noticed that I couldn't access anything through the ...
idiotwatch2012 Inactive Malware Help Topics 44 03-13-2012 09:16 AM
Malware/google redirect/various errors
My system started to slow down heavily, it then began redirecting search results to random websites, the cd drive stopped working, msn boots me out everytime i log in so I used malwarebytes and removed about 16 threats and after a reboot the problems were still there. I was following...
mrtrenz Inactive Malware Help Topics 29 03-11-2012 05:58 PM
Safe to download any Javascript Repair Tool?
There's several Javascript Repair tools which seem to be available for download, though none are listed on CNET, which I know is safe. Are any of those tools safe to download? Because there's no Javascript PLUGIN on my system, so I assume the script got corrupted. Any time a site requires...
Minni Mozilla/Firefox Browsers 5 02-26-2012 07:09 PM
E-mail from various internet cafes
Gudday all A friend of mine has a laptop with Win 7 and uses Outlook 2007 as her e-mail client. She wants to use wireless on her travels. With her wireless service at her home she can send/receive e-mails with no problem. However when she goes to internet cafes, wireless hotspots etc: she can...
Tigers! Networking Support 8 02-24-2012 07:52 PM
81.5 kb/s download speed
Hello everyone! I am a new member of this forum. I recently built myself a new pc. These are the specs: http://img843.imageshack.us/img843/5222/f1f676c8f6ea40dcb2905cd.png It's quite weird what I'm experiencing but I'll try to explain. I am using my normal Ethernet cable that I used on...
Yocairo Cabling and Network Cards 9 02-24-2012 04:03 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:15 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts