NecroFiendOG

Meant to only delete the bit torrent file, but Roguekiller deleted all of them.

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode with network support User : phoenix [Admin rights] Mode : Remove -- Date : 11/25/2012 11:27:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][NOTFOUND] HKCU\[...]\Run : BitTorrent (rundll32.exe C:\Users\phoenix\AppData\Local\BitTorrent\lnvgkvpz.dll,vlc_entry__1_0_0e) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : svñhîst (C:\Users\phoenix\AppData\Local\temp\cccccc.exe) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\phoenix\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> REPLACED (C:\Users\phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4196169661-3248010569-1916152541-1000\$e2bc573bd6af5595b63a310eacfe0b6a\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4196169661-3248010569-1916152541-1000\$e2bc573bd6af5595b63a310eacfe0b6a\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-65VWA0 ATA Device +++++ --- User --- [MBR] e235f2ec69159c8bdf6821d07cb58a12 [bSP] c5b9dc4d4edaf6efac57e13321f2a738 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD3200AAJS-65VWA0 ATA Device +++++ --- User --- [MBR] 542bb5ad18176a54948742d3d705a757 [bSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 295415 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 605011680 | Size: 9826 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11252012_02d1127.txt >> RKreport[1]_S_11252012_02d1125.txt ; RKreport[2]_D_11252012_02d1127.txt

Recently got my computer functional again after professional help to remove a virus & it seems that I'm right back where I started. Avira & Microsoft Security Essentials are blocked from running or updating by this virus & freshly updated MB didn't find anything. In the last 3 days I have been hit with: Win32/Pdfjsc.AEB, Win32/Sirefef!cfg, Win32/Kargany.E & Hiloti.F. Below are my dds logs. DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by phoenix at 19:37:49 on 2012-11-24 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1518.874 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06112012 uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop uProxyOverride = <local> BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [bitTorrent] rundll32.exe c:\users\phoenix\appdata\local\bittorrent\lnvgkvpz.dll,vlc_entry__1_0_0e uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart uRun: [svñhîst] c:\users\phoenix\appdata\local\temp\cccccc.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: NameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC} : DHCPNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{E19F283A-040B-4D88-8320-26E6997DD217} : DHCPNameServer = 75.75.76.76 75.75.75.75 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\itie7kdd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.rense.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-29 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-29 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-25 66616] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-22 21504] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-1-22 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-1-22 251904] S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-1-1 156928] S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-11-7 913792] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 115168] S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] . =============== Created Last 30 ================ . 2012-11-22 17:45:59 -------- d-----w- c:\users\phoenix\appdata\local\BitTorrent 2012-11-20 08:34:05 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2012-11-20 08:34:04 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{630d8651-2e29-45b5-a5b3-364de76112f2}\gapaengine.dll 2012-11-20 08:33:30 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-20 08:33:01 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{30afc8c1-f8df-4ebf-86f1-95e8d02af95f}\mpengine.dll 2012-11-08 02:54:48 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-08 02:29:33 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-11-08 02:10:25 -------- d-----w- c:\users\phoenix\appdata\local\360Amigo 2012-11-08 02:10:18 -------- d-----w- c:\program files\360Amigo 2012-11-08 02:02:47 -------- d-----w- c:\programdata\IObit 2012-11-08 02:02:40 -------- d-----w- c:\users\phoenix\appdata\roaming\IObit 2012-11-08 02:02:27 -------- d-----w- c:\program files\IObit 2012-11-02 23:56:01 -------- d-----w- c:\programdata\mtgcijbuigdymhb . ==================== Find3M ==================== . 2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . ============= FINISH: 19:38:49.41 =============== DDS (Ver_2012-10-19.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/10/2007 9:43:00 AM System Uptime: 11/24/2012 11:45:45 AM (8 hours ago) . Motherboard: Intel Corporation | | D101GGC Processor: Intel® Celeron® D CPU 3.20GHz | | 3200/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 13.906 GiB free. D: is FIXED (NTFS) - 10 GiB total, 1.32 GiB free. E: is FIXED (NTFS) - 298 GiB total, 1.661 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Enhanced Multimedia PS/2 Keyboard Device ID: ACPI\PNP0303\4&3348267E&0 Manufacturer: HP Name: Enhanced Multimedia PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&3348267E&0 Service: i8042prt . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\4&3348267E&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\4&3348267E&0 Service: i8042prt . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . ==== System Restore Points =================== . . ==== Installed Programs ====================== . µTorrent 360Amigo System Speedup Free AbiWord 2.6.8 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.0 Advanced SystemCare 5 Any Video Converter 3.2.7 Apple Application Support Apple Software Update Audacity 1.3.13 (Unicode) AVI ReComp 1.5.5 Avira AntiVir Personal - Free Antivirus AviSynth 2.5 Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system Content Transfer Convergys Health Checker CyberLink DVD Suite Deluxe DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker DVD Decrypter (Remove Only) Enhanced Multimedia Keyboard Solution ffdshow [rev 2583] [2009-01-05] Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1 Free Download Manager 2.5 Freecorder 5 GoldWave v5.55 Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS ) Haali Media Splitter Hardware Diagnostic Tools Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Customer Feedback HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Picasso Media Center Add-In HP Total Care Advisor HP Update HPPhotoSmartPhotobookWebPack1 Java Auto Updater Java 6 Update 26 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 LabelPrint LightScribe System Software 1.10.16.1 LightScribe Template Labeler Logitech GamePanel Software 2.00 magicJack Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Corporation Microsoft LifeCam Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Miro Mozilla Firefox 17.0 (x86 en-US) Mozilla Maintenance Service MP3 Remix for Winamp muvee autoProducer 6.1 My HP Games NVIDIA Drivers NWZ-E340 WALKMAN Guide OpenOffice.org 2.3 Power2Go PowerDirector PSSWCORE Python 2.5 QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Skype Click to Call Skype™ 5.10 Snapfish Picture Mover Soft Data Fax Modem with SmartCP Sothink Movie DVD Maker Trillian Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VC80CRTRedist - 8.0.50727.4053 Ventrilo Client VideoLAN VLC media player 0.8.6e VideoToolkit01 VirtualDJ Home FREE VirtualDubMOD 1.5.10.3 US VobSub 2.23 WeatherBug Gadget Winamp Windows Live installer Windows Media Player Firefox Plugin WinRAR archiver WinZip 11.2 XEQ Winamp plugin (remove only) Xvid 1.3.0 Xvid Video Codec Yahoo! Detect . ==== End Of File ===========================

While in safe mode I've downloaded & run several versions of the 'Rkill' program to terminate instances of the virus currently running before performing a full scan with MBAM.exe, although they terminate the instances of the virus they immediately pop back up before I can run the scan. I've updated & run the full scan numerous times (in safe & normal modes), but the virus is still there when I restart. What else can I do? Here are the logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6666 Windows 6.0.6000 (Safe Mode) Internet Explorer 7.0.6000.17037 5/24/2011 4:42:14 PM mbam-log-2011-05-24 (16-42-14).txt Scan type: Quick scan Objects scanned: 148325 Time elapsed: 2 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\phoenix\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\phoenix\AppData\Local\Temp\0.9188835689116667.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\programdata\34660112.exe (Trojan.Agent) -> Quarantined and deleted successfully. mbam-log-2011-05-24 (19-09-46).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 320062 Time elapsed: 2 hour(s), 0 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\33742608.exe (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6668 Windows 6.0.6000 (Safe Mode) Internet Explorer 7.0.6000.17037 5/24/2011 8:09:00 PM mbam-log-2011-05-24 (20-09-00).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 323349 Time elapsed: 41 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\34529040.exe (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6674 Windows 6.0.6000 (Safe Mode) Internet Explorer 7.0.6000.17037 5/25/2011 12:11:30 PM mbam-log-2011-05-25 (12-11-30).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 323216 Time elapsed: 38 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NpLvkgdMCjJX (Trojan.FakeAlert) -> Value: NpLvkgdMCjJX -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\nplvkgdmcjjx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\phoenix\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12\a51fecc-5ace1521 (Trojan.FakeAlert) -> Quarantined and deleted successfully.