gr3g0ree

Thx, learned a few more things just by running those apps. Would get a beer for you if u woudnt be 17 lol (as your profile says)

Nah, theres no more issues anymore. Everything is clean and up-to-date. Thx D Hope I wont need this sort of help anymore Thread can be closed.

Yes its better to start a new thread for yourself. You will be advised to do that So delete that post and start a new thread. Or just start a new one straight away. (read the 2 sticky posts at the top of the forum first too ) Chrome was stubborn updating flash , did it via explorer, other than that it went smooth. Proof: Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! AVG 2011 ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 7 Java SE Development Kit 7 Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log````````````

Yes, it deleted everything. Here is the checkup-log: Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! AVG 2011 ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 22 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.1.102.64 ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log````````````

Here is the scan logfile. Seems like theres only quarantined files thats been detected. Will get my hand on the laptop on thursday. The scan gave an option to buy the program to disinfect it, so we just saved the log I plan to delete MBAM quarantined files, before running the next scan. Any other ideas? ;*********************************************************************************************************************************************************************************** ANALYSIS: 2011-08-02 22:15:47 PROTECTIONS: 1 MALWARE: 5 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG 7.5.560 7.5.560 Yes No ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 08558814 W32/Katusha.BN Virus No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp121\a0060948.exe 08558814 W32/Katusha.BN Virus No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp121\a0060950.exe 08558814 W32/Katusha.BN Virus No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp121\a0060949.exe 08558814 W32/Katusha.BN Virus No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-07-22_20.07.29.zip[searchindexer.exe] 08558814 W32/Katusha.BN Virus No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp121\a0060951.exe 08832198 Generic Trojan Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-07-22_20.07.29.zip[flash-player.exe] 08832198 Generic Trojan Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-07-22_20.07.29.zip[flash-player (1).exe] 08857007 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp120\a0060944.sys 08868462 Trj/Hupigon.BDH Virus/Trojan No 0 Yes No c:\system volume information\_restore{2b6b7649-d3b9-459b-90c9-1706b14e78b8}\rp123\a0061128.sys 08891081 HackTool/BitCoinMiner.A HackTools No 0 No No c:\qoobox\quarantine\c\windows\ufa.rar.vir[ufa.exe] ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 206981 HIGH MS09-007 ;===================================================================================================================================================================================

Hi there. Runned MBAM again, there were no updates available, and no infection found. Thx for help. Is there anything else u suggest me to do? Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7315 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/08/2011 22:10:45 mbam-log-2011-08-01 (22-10-45).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 181018 Time elapsed: 21 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7315 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/07/2011 10:05:52 mbam-log-2011-07-29 (10-05-44).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 181490 Time elapsed: 34 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken. Files Infected: c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

Hi, Im still here. Sister took the laptop away and is a complete antitalent. Cant install and run antivirus alone or find the logfiles, so need to be present on skype here is the superantispyware log, malwarebytes will follow tomorrow. After scanning and sending me the logfile, did a restart, as the application requested. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/28/2011 at 09:06 PM Application Version : 4.55.1000 Core Rules Database Version : 7478 Trace Rules Database Version: 5290 Scan type : Complete Scan Total Scan Time : 00:36:07 Memory items scanned : 510 Memory threats detected : 0 Registry items scanned : 6985 Registry threats detected : 20 File items scanned : 13501 File threats detected : 265 Adware.Tracking Cookie C:\Documents and Settings\Maria\Cookies\maria@2o7[1].txt C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt media.whosay.com [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ] s0.2mdn.net [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ] www.pornhub.com [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ] .atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] audit.median.hu [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adtech.de [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .eyewonder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .eyewonder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .xiti.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ru4.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ru4.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.inteletrack.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.inteletrack.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .imrworldwide.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .imrworldwide.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ads.trafficjunky.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ox-d.w00tmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .apmebf.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .weborama.fr [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .weborama.fr [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .clickfuse.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] tracking.vid4u.org [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adverticum.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .uk.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .specificclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adviva.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] tracking.dc-storm.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .e-2dj6wfkyegajkkp.stats.esomniture.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adtech.staticwhich.co.uk [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adtech.staticwhich.co.uk [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] tracking.dc-storm.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .paypal.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .www.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad.velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad.velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.pixeltrack66.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.pixeltrack66.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .go.evolutionmedia.bbelements.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .kantarmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .kantarmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .www.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .www.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ar.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .chitika.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mm.chitika.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tacoda.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tacoda.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .aerlingus.122.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ads.audience2media.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] adserve.ink-publishing.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .server.cpmstar.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .192com.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .kontera.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adxpose.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] track.adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] track.adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mediabrandsww.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .e-2dj6wdlycjajwhp.stats.esomniture.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .usatoday1.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .content.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] accounts.youtube.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] in.getclicky.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tracking.dsmmadvantage.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .avgtechnologies.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.find-fast-answers.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertise.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .liveperson.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] server.iad.liveperson.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www1.addfreestats.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .surveymonkey.122.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tribalfusion.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] w00tpublishers.wootmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adserver.adtechus.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .bs.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .stats.paypal.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adtechus.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .adserving.cpxinteractive.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .toplist.cz [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] sk.search.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .questionmarket.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .questionmarket.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .statcounter.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] statse.webtrendslive.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .yieldmanager.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .content.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] .ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ] Adware.Zango/ShoppingReport HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32 HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32 HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32 HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32 HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version Trojan.Agent/Gen-Nullo[short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060856.EXE

Hi there, had to do a "remote access" to the laptop to run those 2 scans ESET onlinescan found 23 things there. Bitdefender was run from chrome, and found another 4, no log from thatone. Will get my hands on that laptop this weekend and see on my own. ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=577eb158669a864f9ac6346ea83a43d6 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-24 09:54:59 # local_time=2011-07-24 10:54:59 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 1388 1388 0 0 # scanned=35393 # found=23 # cleaned=18 # scan_time=2229 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe.vir Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32_.exe.vir Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\1291427402.sys.vir Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdfs.sys.vir a variant of Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\ufa\ufa.exe.vir a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\update.2\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\update.5.0\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QPN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060461.exe Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060462.exe Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060464.exe a variant of Win32/TrojanDownloader.Delf.QNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060465.exe a variant of Win32/TrojanDownloader.Delf.QPN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060596.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060682.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060704.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060705.exe a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\maxdrive\netbios.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

End result looks good so far. After completing the above process, and last restart, reinstalled malwarebytes, updated, run it, found 4 objects, removed, and it does look like the PC is clean now, lets wait a day or 2 and try a few things to see if there is any weird behaviour. Uninstalled Avast completely before started, and now running an AVG scan. Logs: combofix 1st, than the malwarebytes log. Thx for your time and help to get rid of whatever was hiding in this system, could not do it alone CombofixTXTlog: ComboFix 11-07-22.02 - Maria 22/07/2011 20:07:39.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1619 [GMT 1:00] Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Maria\Desktop\CFScript.txt * Created a new restore point . FILE :: "c:\documents and settings\Maria\My Documents\Downloads\Flash-Player (1).exe" "c:\documents and settings\Maria\My Documents\Downloads\Flash-Player.exe" "c:\windows\l1rezerv.exe" "c:\windows\sysdriver32.exe" "c:\windows\sysdriver32_.exe" "c:\windows\system32\searchindexer.exe" "c:\windows\systemup.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Maria\My Documents\Downloads\Flash-Player (1).exe c:\documents and settings\Maria\My Documents\Downloads\Flash-Player.exe c:\windows\system32\searchindexer.exe c:\windows\ufa c:\windows\ufa\ufa.exe . . --------------- FCopy --------------- . c:\windows\system32\dllcache\netbios.sys --> c:\windows\system32\drivers\netbios.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WSearch -------\Service_WSearch . . ((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))))) . . 2011-07-21 22:35 . 2010-10-12 11:56 220024 ----a-w- c:\windows\sigcheck.exe 2011-07-21 20:11 . 2011-07-21 20:11 -------- d--h--w- c:\windows\PIF 2011-07-21 19:50 . 2011-07-21 19:50 -------- d-----w- c:\documents and settings\Maria\Application Data\URSoft 2011-07-21 19:50 . 2011-07-21 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-07-21 19:50 . 2011-07-21 19:50 -------- d-----w- c:\program files\Your Uninstaller! 7 2011-07-21 19:28 . 2011-07-21 19:33 -------- d-----w- c:\windows\maxdrive 2011-07-21 19:23 . 2011-07-07 12:28 520496 ----a-w- c:\windows\Listdlls.exe 2011-07-21 19:23 . 2011-05-17 11:48 423288 ----a-w- c:\windows\handle.exe 2011-07-20 18:51 . 2011-07-20 19:12 -------- d-----w- C:\Combo-Fix 2011-07-20 17:52 . 2011-07-20 17:52 -------- d-----w- c:\documents and settings\Maria\Application Data\Malwarebytes 2011-07-20 17:52 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-20 17:52 . 2011-07-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-20 17:52 . 2011-07-20 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 17:52 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-20 10:23 . 2011-07-20 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2011-07-20 10:22 . 2011-07-20 10:27 -------- d-----w- c:\program files\Security Task Manager 2011-07-19 14:52 . 2011-07-19 14:52 -------- d-----w- c:\windows\rpcminer 2011-07-19 14:52 . 2011-07-19 14:52 -------- d-----w- c:\windows\phoenix 2011-07-19 14:52 . 2011-07-20 11:02 246272 ----a-w- c:\windows\unrar.exe 2011-07-19 14:44 . 2011-07-19 14:44 -------- d-----w- c:\windows\av_ico 2011-07-19 14:42 . 2011-07-19 14:42 -------- d--h--w- c:\windows\update.tray-7-0 2011-07-06 19:17 . 2011-07-06 19:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-05 22:50 . 2011-07-05 22:50 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 11:43 . 2010-12-04 02:41 40112 ----a-w- c:\windows\avastSS.scr 2011-06-02 14:02 . 2011-02-11 01:36 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2010-12-04 10:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2008-04-14 07:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2008-04-14 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2011-02-11 01:34 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2008-04-14 07:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((( SnapShot_2011-07-21_20.22.52 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-22 19:13 . 2011-07-22 19:13 16384 c:\windows\temp\Perflib_Perfdata_378.dat + 2011-07-22 18:46 . 2011-07-22 18:46 262144 c:\windows\system32\config\systemprofile\NtUser.dat + 2011-07-22 18:55 . 2011-07-22 18:55 229376 c:\windows\ERDNT\22-07-2011\Users\00000002\UsrClass.dat + 2011-07-22 18:55 . 2005-10-20 11:02 163328 c:\windows\ERDNT\22-07-2011\ERDNT.EXE + 2011-07-22 18:55 . 2011-07-22 18:55 4923392 c:\windows\ERDNT\22-07-2011\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2010-10-18 12:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Maria\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Documents and Settings\\Maria\\Desktop\\Games\\Stronghold Crusader\\Stronghold Crusader.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\update.tray-7-0\\svchost.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/12/2010 17:17 691696] S0 cerc6;cerc6; [x] S3 cpuz135;cpuz135;\??\c:\docume~1\Maria\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Maria\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [02/04/2011 19:57 428160] . Contents of the 'Scheduled Tasks' folder . 2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-1606980848-1003Core.job - c:\documents and settings\Maria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-13 02:41] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-1606980848-1003UA.job - c:\documents and settings\Maria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-13 02:41] . 2011-07-22 c:\windows\Tasks\User_Feed_Synchronization-{008EC0C9-0429-484A-81CE-1B3DE7A6972B}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 20:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.Cdfs] "ImagePath"="\*" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2848) c:\windows\system32\WININET.dll c:\documents and settings\Maria\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\stsystra.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-07-22 20:15:35 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-22 19:15 ComboFix2.txt 2011-07-21 20:25 ComboFix3.txt 2011-07-20 19:12 . Pre-Run: 3,730,898,944 bytes free Post-Run: 3,802,279,936 bytes free . - - End Of File - - 358540FE6FF9BD4D77A268E4DC8E0314 Malwarebytes log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7035 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/07/2011 20:37:45 mbam-log-2011-07-22 (20-37-45).txt Scan type: Quick scan Objects scanned: 144133 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Run aswMBR now, here is the log if it helps: run it yesterday late evening and it found netbios.sys infected. aswMBR version 0.9.8.945 Copyright© 2011 AVAST Software Run date: 2011-07-22 07:48:39 ----------------------------- 07:48:39.125 OS Version: Windows 5.1.2600 Service Pack 3 07:48:39.125 Number of processors: 1 586 0xD08 07:48:39.125 ComputerName: MARIA UserName: Maria 07:48:39.500 Initialize success 07:48:51.359 AVAST engine defs: 11072101 07:48:56.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 07:48:56.062 Disk 0 Vendor: WDC_WD400VE-75HDT1 11.07D11 Size: 38154MB BusType: 3 07:48:56.078 Disk 0 MBR read successfully 07:48:56.093 Disk 0 MBR scan 07:48:56.156 Disk 0 Windows XP default MBR code 07:48:56.156 Disk 0 scanning sectors +78124095 07:48:56.250 Disk 0 scanning C:\WINDOWS\system32\drivers 07:49:07.000 Service scanning 07:49:08.062 Modules scanning 07:49:14.343 Disk 0 trace - called modules: 07:49:14.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spui.sys hal.dll >>UNKNOWN [0x89bbc938]<< 07:49:14.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bfbab8] 07:49:14.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89b3fd98] 07:49:15.312 AVAST engine scan C:\WINDOWS 07:49:21.296 AVAST engine scan C:\WINDOWS\system32 07:50:54.953 File: C:\WINDOWS\system32\searchindexer.exe **INFECTED** Win32:Patched-WQ [Trj] 07:51:27.281 AVAST engine scan C:\WINDOWS\system32\drivers 07:51:40.968 AVAST engine scan C:\Documents and Settings\Maria 07:56:40.187 File: C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player (1).exe **INFECTED** Win32:Kryptik-DUA [Trj] 07:56:40.437 File: C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player.exe **INFECTED** Win32:Kryptik-DUA [Trj] 07:56:51.140 AVAST engine scan C:\Documents and Settings\All Users 07:57:32.750 Scan finished successfully 08:09:52.312 Disk 0 MBR has been saved successfully to "F:\Todesktoplog\MBR.dat" 08:09:52.343 The log file has been saved successfully to "F:\Todesktoplog\aswMBR.txt"

The scan result: SystemLook 04.09.10 by jpshortstuff Log created at 07:22 on 22/07/2011 by Maria Administrator - Elevation successful ========== filefind ========== Searching for "netbios.sys" C:\WINDOWS\maxdrive\netbios.sys --a---- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 58F7421393048C12B2F8F2FDE5246375 C:\WINDOWS\system32\dllcache\netbios.sys --a--c- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\system32\drivers\netbios.sys --a---- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 5D81CF9A2F1A3A756B66CF684911CDF0 -= EOF =- RPCMINER and PHOENIX might relate to something called bitcoinminig. Never heard about it. UFA has 1 executable in it only. No idea what it does, might get rid of it

Found out that Daemon Tools is using it, closed it, tried again, still cant test it on virustotal.

Cant make a copy of it. Access denied, close any programs using bla, bla. can make a shortcut, or upload and test the original 1. Is it Ok? To test the original.