ATVman Posted June 21, 2012 ID:562834 Share Posted June 21, 2012 I have recently been hit w/ the Happili Trojan, MBAM says it finds it and cleans it up but I still will randomly get pop ups from Mbam saying it blocked a outgoing attempt to a malicious website, the website IP is different on most notifications.I downloaded DDS and ran it, below are the 2 logs, please help me - Thanks.DDS.TXT.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Run by Ean at 10:14:14 on 2012-06-21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1266 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\HealthMonitor\HealthMonitor.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXEC:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exeC:\Program Files\ClamWin\bin\ClamTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\WINDOWS\system32\wuauclt.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllEB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLuRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exeuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exemRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logonmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startupIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233613307578DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.0.1 216.165.129.158TCP: Interfaces\{8C572FCF-FA1D-495C-A0DC-27D6270921F5} : DhcpNameServer = 192.168.0.1 216.165.129.158Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\ean\application data\mozilla\firefox\profiles\ojdyfr6i.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff.============= SERVICES / DRIVERS ===============.R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]R2 HealthMonitor;HealthMonitor;c:\program files\healthmonitor\HealthMonitor.exe [2005-9-2 24576]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-30 654408]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-30 22344]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-17 18560].=============== Created Last 30 ================.2012-06-15 17:19:29 -------- d-sha-r- C:\cmdcons2012-06-15 17:14:54 98816 ----a-w- c:\windows\sed.exe2012-06-15 17:14:54 518144 ----a-w- c:\windows\SWREG.exe2012-06-15 17:14:54 256000 ----a-w- c:\windows\PEV.exe2012-06-15 17:14:54 208896 ----a-w- c:\windows\MBR.exe2012-06-15 17:14:46 -------- d-----w- C:\ComboFix2012-05-26 19:03:00 -------- d-sh--w- c:\documents and settings\ean\IECompatCache.==================== Find3M ====================.2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 10:15:04.62 ===============ATTACH.TXT.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 1/18/2009 2:11:35 PMSystem Uptime: 6/21/2012 8:36:40 AM (2 hours ago).Motherboard: ASUSTeK Computer INC. | | M2A-VMProcessor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2599/200mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 596 GiB total, 97.456 GiB free.D: is FIXED (NTFS) - 75 GiB total, 30.499 GiB free.E: is RemovableF: is RemovableG: is RemovableH: is CDROM ()I: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Network ControllerDevice ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&CC5B14E&0&28A4Manufacturer:Name: Network ControllerPNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&CC5B14E&0&28A4Service:.==== System Restore Points ===================.RP1003: 3/23/2012 6:28:14 PM - System CheckpointRP1004: 3/24/2012 6:48:00 PM - System CheckpointRP1005: 3/25/2012 10:00:17 PM - System CheckpointRP1006: 3/26/2012 10:06:50 PM - System CheckpointRP1007: 3/27/2012 10:09:22 PM - System CheckpointRP1008: 3/29/2012 9:21:23 AM - System CheckpointRP1009: 3/30/2012 9:32:48 AM - System CheckpointRP1010: 3/30/2012 6:46:39 PM - Removed EPSON PhotoStarter3.2RP1011: 3/30/2012 6:47:50 PM - Removed EPSON CardMonitorRP1012: 3/30/2012 6:48:26 PM - Removed Applet_WebRP1013: 3/30/2012 6:48:32 PM - Removed Applet_AppRP1014: 3/30/2012 6:48:38 PM - Removed Applet_OcrRP1015: 3/30/2012 6:48:44 PM - Removed Applet_EmailRP1016: 3/30/2012 6:48:50 PM - Removed Applet_FileRP1017: 3/30/2012 6:48:58 PM - Removed Applet_CopyToFaxRP1018: 3/30/2012 6:49:03 PM - Removed Applet_VCRP1019: 3/30/2012 6:49:11 PM - Removed Applet_CopyRP1020: 3/30/2012 6:49:16 PM - Removed Smart PanelRP1021: 3/31/2012 7:04:57 PM - System CheckpointRP1022: 4/1/2012 8:16:02 PM - System CheckpointRP1023: 4/2/2012 9:17:06 PM - System CheckpointRP1024: 4/3/2012 10:40:45 PM - System CheckpointRP1025: 4/4/2012 11:03:06 PM - System CheckpointRP1026: 4/5/2012 11:39:30 PM - System CheckpointRP1027: 4/7/2012 12:06:51 AM - System CheckpointRP1028: 4/8/2012 12:51:07 AM - System CheckpointRP1029: 4/9/2012 1:42:18 AM - System CheckpointRP1030: 4/10/2012 2:42:18 AM - System CheckpointRP1031: 4/11/2012 3:35:02 AM - System CheckpointRP1032: 4/12/2012 8:49:19 AM - System CheckpointRP1033: 4/13/2012 9:04:15 AM - System CheckpointRP1034: 4/14/2012 10:27:01 AM - System CheckpointRP1035: 4/15/2012 10:36:31 AM - System CheckpointRP1036: 4/16/2012 11:56:24 AM - System CheckpointRP1037: 4/17/2012 4:04:54 PM - System CheckpointRP1038: 4/18/2012 4:06:45 PM - System CheckpointRP1039: 4/19/2012 4:50:12 PM - System CheckpointRP1040: 4/20/2012 5:50:40 PM - System CheckpointRP1041: 4/22/2012 12:04:24 PM - System CheckpointRP1042: 4/23/2012 12:35:00 PM - System CheckpointRP1043: 4/24/2012 1:33:55 PM - System CheckpointRP1044: 4/25/2012 2:29:05 PM - System CheckpointRP1045: 4/26/2012 3:28:00 PM - System CheckpointRP1046: 4/27/2012 4:13:16 PM - System CheckpointRP1047: 4/28/2012 5:13:16 PM - System CheckpointRP1048: 4/29/2012 6:13:16 PM - System CheckpointRP1049: 4/30/2012 7:17:07 PM - System CheckpointRP1050: 5/1/2012 7:32:01 PM - System CheckpointRP1051: 5/2/2012 8:16:21 PM - System CheckpointRP1052: 5/3/2012 8:42:35 PM - System CheckpointRP1053: 5/4/2012 9:16:21 PM - System CheckpointRP1054: 5/5/2012 10:16:21 PM - System CheckpointRP1055: 5/7/2012 6:08:18 PM - System CheckpointRP1056: 5/8/2012 10:12:17 PM - System CheckpointRP1057: 5/9/2012 11:29:33 PM - System CheckpointRP1058: 5/10/2012 11:46:35 PM - System CheckpointRP1059: 5/11/2012 11:51:02 PM - System CheckpointRP1060: 5/13/2012 12:08:51 AM - System CheckpointRP1061: 5/14/2012 7:57:49 AM - System CheckpointRP1062: 5/15/2012 4:35:13 PM - System CheckpointRP1063: 5/16/2012 4:42:23 PM - System CheckpointRP1064: 5/17/2012 8:08:08 PM - System CheckpointRP1065: 5/18/2012 8:46:24 PM - System CheckpointRP1066: 5/19/2012 9:46:25 PM - System CheckpointRP1067: 5/21/2012 7:24:06 AM - System CheckpointRP1068: 5/22/2012 8:11:30 AM - System CheckpointRP1069: 5/23/2012 9:11:30 AM - System CheckpointRP1070: 5/24/2012 10:11:30 AM - System CheckpointRP1071: 5/25/2012 12:11:43 PM - System CheckpointRP1072: 5/26/2012 1:19:57 PM - System CheckpointRP1073: 5/27/2012 7:33:44 PM - System CheckpointRP1074: 5/28/2012 9:12:01 PM - System CheckpointRP1075: 5/29/2012 9:57:41 PM - System CheckpointRP1076: 5/30/2012 10:19:41 PM - System CheckpointRP1077: 5/31/2012 10:47:11 PM - System CheckpointRP1078: 6/1/2012 11:33:07 PM - System CheckpointRP1079: 6/2/2012 11:58:02 PM - System CheckpointRP1080: 6/4/2012 8:48:18 AM - System CheckpointRP1081: 6/5/2012 9:41:04 AM - System CheckpointRP1082: 6/6/2012 10:41:05 AM - System CheckpointRP1083: 6/7/2012 11:14:40 AM - System CheckpointRP1084: 6/8/2012 12:01:43 PM - System CheckpointRP1085: 6/9/2012 12:36:52 PM - System CheckpointRP1086: 6/11/2012 9:09:22 AM - System CheckpointRP1087: 6/12/2012 1:33:48 PM - System CheckpointRP1088: 6/13/2012 3:50:09 PM - System CheckpointRP1089: 6/14/2012 4:28:42 PM - System CheckpointRP1090: 6/15/2012 5:03:00 PM - System CheckpointRP1091: 6/16/2012 5:07:16 PM - System CheckpointRP1092: 6/17/2012 6:07:16 PM - System CheckpointRP1093: 6/19/2012 9:14:51 AM - System CheckpointRP1094: 6/20/2012 10:12:58 AM - System Checkpoint.==== Installed Programs ======================..AAC DecoderABBYY FineReader 5.0 Sprint PlusAcrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Photoshop 6.0Adobe Reader 9.4.2Adobe Shockwave Player 11.5AMD Processor DriverAnyDVDApple Application SupportApple Mobile Device SupportApple Software UpdateAquAdvisorArcSoft Software SuiteATI - Software Uninstall UtilityATI Catalyst Control CenterATI Display DriverATI Parental Control & EncoderAudacity 1.2.6AutoUpdateAvi2Dvd 0.5AviSynth 2.5BonjourCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization Chinese TraditionalCatalyst Control Center Localization CzechCatalyst Control Center Localization DanishCatalyst Control Center Localization DutchCatalyst Control Center Localization FinnishCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization GreekCatalyst Control Center Localization HungarianCatalyst Control Center Localization ItalianCatalyst Control Center Localization JapaneseCatalyst Control Center Localization KoreanCatalyst Control Center Localization NorwegianCatalyst Control Center Localization PolishCatalyst Control Center Localization PortugueseCatalyst Control Center Localization RussianCatalyst Control Center Localization SpanishCatalyst Control Center Localization SwedishCatalyst Control Center Localization ThaiCatalyst Control Center Localization Turkishccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleaner (remove only)Cisco Packet Tracer 5.3Citrix online plug-in - webCitrix online plug-in (DV)Citrix online plug-in (HDX)Citrix online plug-in (USB)Citrix online plug-in (Web)ClamWin Free Antivirus 0.96.1ConvertHelper 2.2Coupon Printer for WindowsCritical Update for Windows Media Player 11 (KB959772)DivX CodecDivX ConverterDivX PlayerDivX Plus DirectShow FiltersDivX Version CheckerDivX Web PlayerDuplicate Music Files Finder 1.5.5DVD Decrypter (Remove Only)DVD FlickDVD Shrink 3.2DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0Easy-Link internet launch padEPSON Printer Softwareffdshow [rev 2844] [2009-03-30]Free RAR Extract Frog 1.00H.264 DecoderHandBrake 0.9.3HealthMonitor 3.0Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Image Resizer Powertoy for Windows XPImTOO DVD Ripper Platinum 5iTunesiTunes Library UpdaterJ2SE Runtime Environment 5.0 Update 5Java Auto UpdaterJava 6 Update 24LADSPA_plugins-win-0.4.15LAME v3.98.2 for AudacityLeapFrog ConnectLeapFrog My Pals PluginLeapFrog Tag Junior PluginLibra 0.9.2LiveUpdate 2.6 (Symantec Corporation)Macromedia Dreamweaver MXMacromedia Extension ManagerMalwarebytes Anti-Malware version 1.61.0.1400Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMKV SplitterMozilla Firefox (3.5.9)MSNMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 8OGA Notifier 2.0.0048.0pdfsamPeerGuardian 2.0Picasa 3PrimoPDFQuickTimeREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverRecover My FilesScanToWebSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2553089)Security Update for 2007 Microsoft Office System (KB2553090)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office Access 2007 (KB979440)Security Update for Microsoft Office Groove 2007 (KB2552997)Security Update for Microsoft Office InfoPath 2007 (KB2510061)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2586448)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SkinsSpybot - Search & DestroyThomas & Friends - Railway AdventuresTuneUp Companion 1.1.9Turbo Lister 2Ultra PDF Tools 1.5 (build 90618)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789) 32-Bit EditionUpdate for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit EditionUpdate for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office Outlook 2007 (KB2583910)Update for Outlook 2007 Junk Email Filter (KB2596560)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)VC80CRTRedist - 8.0.50727.762Videora iPod Converter 4.04VLC media player 1.0.0VuzeWebFldrs XPWindows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Notifications (KB905474)Windows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11.==== Event Viewer Messages From Past Week ========.6/18/2012 4:32:35 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.6/18/2012 11:16:29 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D.6/16/2012 10:38:27 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\D.6/16/2012 10:32:03 AM, error: Service Control Manager [7022] - The HealthMonitor service hung on starting.6/15/2012 3:30:57 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted June 21, 2012 ID:562837 Share Posted June 21, 2012 Hello ATVman and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.I would like to see what was found from Malwarebytes' Anti-Malware. Please run it, go to Logs tab and with double-click on each line find the log file (the top is the newest) and post it in your next reply. Link to post Share on other sites More sharing options...
ATVman Posted June 21, 2012 Author ID:562870 Share Posted June 21, 2012 Here is the log from MbamMalwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.21.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Ean :: EAN-5784A361F15 [administrator]Protection: Enabled6/21/2012 11:17:23 AMmbam-log-2012-06-21 (11-17-23).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 241342Time elapsed: 7 minute(s), 7 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 4C:\Documents and Settings\Kids\Local Settings\Temp\0.17353914919558944 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Documents and Settings\Kids\Local Settings\Temp\0.3856546594334659 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Documents and Settings\Kids\Local Settings\Temp\0.9491749519361574 (Trojan.Happili) -> Quarantined and deleted successfully.C:\Documents and Settings\Kids\Applications\NT\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
ATVman Posted June 21, 2012 Author ID:562871 Share Posted June 21, 2012 Each time it finds those 4 and says they remove successfully, but it comes back. Link to post Share on other sites More sharing options...
Maniac Posted June 21, 2012 ID:562875 Share Posted June 21, 2012 Thank you! Step 1Please uninstall Vuze, because of our rules:http://forums.malwarebytes.org/index.php?showtopic=97700Step 2Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
ATVman Posted June 21, 2012 Author ID:562913 Share Posted June 21, 2012 Vuze is gone. Here is the ComboFix logComboFix 12-06-21.01 - Ean 06/21/2012 12:51:41.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1186 [GMT -4:00]Running from: c:\documents and settings\Ean\Desktop\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))..2012-06-15 14:24 . 2012-06-15 14:24 -------- d-sh--w- c:\documents and settings\Kids\IECompatCache2012-06-12 13:05 . 2012-06-12 13:05 -------- d-----w- c:\documents and settings\Kids\Applications2012-05-26 19:03 . 2012-05-26 19:03 -------- d-sh--w- c:\documents and settings\Ean\IECompatCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-04 19:56 . 2009-07-31 00:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2011-04-25 05:58 . 2011-04-25 05:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll2011-04-25 06:48 . 2011-04-25 06:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2011-04-25 06:00 . 2011-04-25 06:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2011-04-25 05:59 . 2011-04-25 05:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2011-04-25 05:58 . 2011-04-25 05:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2011-04-25 05:57 . 2011-04-25 05:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2011-04-25 05:58 . 2011-04-25 05:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2011-04-25 05:58 . 2011-04-25 05:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll2011-04-25 05:51 . 2011-04-25 05:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2011-04-25 06:00 . 2011-04-25 06:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2009-01-18 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((( SnapShot@2012-06-15_17.33.20 ))))))))))))))))))))))))))))))))))))))))).+ 2012-06-21 15:41 . 2012-06-21 15:41 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat+ 2012-06-21 15:52 . 2012-06-21 15:52 16384 c:\windows\Temp\Perflib_Perfdata_8dc.dat+ 2001-08-23 11:00 . 2012-06-15 19:22 68796 c:\windows\system32\perfc009.dat- 2001-08-23 11:00 . 2012-03-12 00:54 68796 c:\windows\system32\perfc009.dat+ 2001-08-23 11:00 . 2012-06-15 19:22 436026 c:\windows\system32\perfh009.dat- 2001-08-23 11:00 . 2012-03-12 00:54 436026 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2008-09-03 487424]"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"="c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Documents and Settings\\Kelly\\Desktop\\utorrent.exe"="c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"="c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"=.R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]R2 HealthMonitor;HealthMonitor;c:\program files\HealthMonitor\HealthMonitor.exe [9/2/2005 12:56 PM 24576]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/30/2009 8:13 PM 654408]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/30/2009 8:13 PM 22344]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/18/2009 11:04 PM 47360]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [11/17/2009 7:38 PM 18560].Contents of the 'Scheduled Tasks' folder.2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-682003330-1004Core.job- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-02 01:11].2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-682003330-1004UA.job- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-02 01:11]..------- Supplementary Scan -------.uStart Page = hxxp://google.com/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1 216.165.129.158FF - ProfilePath - c:\documents and settings\Ean\Application Data\Mozilla\Firefox\Profiles\ojdyfr6i.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-06-21 12:58Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(716)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(3120)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2012-06-21 13:00:46ComboFix-quarantined-files.txt 2012-06-21 17:00ComboFix2.txt 2012-06-15 17:35.Pre-Run: 104,577,015,808 bytes freePost-Run: 104,582,737,920 bytes free.- - End Of File - - A6FD0138D107192DD4D47227AADC902E Link to post Share on other sites More sharing options...
Maniac Posted June 21, 2012 ID:562916 Share Posted June 21, 2012 Please open www.virustotal.com and upload the following file:c:\windows\system32\sfcfiles.dllWhen the scan finished, copy/paste the URL and post it in your next reply. Link to post Share on other sites More sharing options...
ATVman Posted June 22, 2012 Author ID:563123 Share Posted June 22, 2012 https://www.virustotal.com/file/bc43d953e24b76a86aa7252a35ce408341fc14e6b1cb5a0c592a92ba4f9325ae/analysis/1340348243/ Link to post Share on other sites More sharing options...
Maniac Posted June 22, 2012 ID:563167 Share Posted June 22, 2012 Thanks!Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
ATVman Posted June 22, 2012 Author ID:563450 Share Posted June 22, 2012 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=446ef88b5f4c914291259598ec8f7749# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-06-22 11:18:08# local_time=2012-06-22 07:18:08 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=2817 16777215 100 100 62309983 64908079 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=127817# found=13# cleaned=13# scan_time=3032C:\Documents and Settings\Ean\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kelly\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kelly\Local Settings\Temp\jar_cache5719936466553698840.tmp Java/Exploit.CVE-2012-0507.BK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\13\547bef0d-157d0899 a variant of Win32/Injector.SQB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Application Data\Apple Computer\Ahead\seooekhsp.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Application Data\{d9631021-81ab-1cc1-e8f5-aabc88d61ea1}\L\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Application Data\{d9631021-81ab-1cc1-e8f5-aabc88d61ea1}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Temp\100.tmp a variant of Win32/Kryptik.AGNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Temp\mpland.dll a variant of Win32/Medfos.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Temp\tempfiles.exe a variant of Win32/Injector.SQB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Kids\Local Settings\Temp\nst231.tmp\seooekhsp.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1095\A0105487.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maniac Posted June 23, 2012 ID:563478 Share Posted June 23, 2012 Download AVPTool from Here to your desktop Run the programme you have just downloaded to your desktop (it will be randomly named) Click the cog in the upper right Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan Allow AVP to delete all infections foundOnce it has finished select report tab (last tab)Select Detected threads report from the left and press Save buttonSave it to your desktop and post it in your next reply. Link to post Share on other sites More sharing options...
ATVman Posted June 23, 2012 Author ID:563750 Share Posted June 23, 2012 Status: Disinfected (events: 8) 6/23/2012 2:19:28 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\0\4fde7d80-45da705b/mp1/p2/C.class High 6/23/2012 2:19:30 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cg C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\35\778e4823-3aeeaa59/Play.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\12\72c8f00c-3a1c94fa/mz1/my/CL.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\53\1e44b9b5-2b96c3b6/json/Parser.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\12\72c8f00c-3a1c94fa High 6/23/2012 12:55:19 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\53\1e44b9b5-2b96c3b6 High 6/23/2012 2:19:28 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\0\4fde7d80-45da705b High 6/23/2012 2:19:30 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cg C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\35\778e4823-3aeeaa59 High Status: Will be deleted when the computer is restarted (events: 1) 6/23/2012 2:20:47 PM Will be deleted when the computer is restarted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Ean\Local Settings\temp\NOD1161.tmp High Status: Deleted (events: 22) 6/23/2012 12:55:48 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\28\3084999c-20c534ad//PE-Crypt.XorPE High 6/23/2012 12:55:42 PM Deleted Trojan program Trojan.Win32.Agent.smek C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\45\5bc711ed-618e7de3//PE-Crypt.XorPE High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:55:42 PM Deleted Trojan program Trojan.Win32.Agent.smek C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\45\5bc711ed-618e7de3 High 6/23/2012 12:55:48 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\28\3084999c-20c534ad High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:56:08 PM Deleted Trojan program Trojan.Win32.Agent.slyh C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\50\2d15d0b2-4d80facb//PE-Crypt.XorPE High 6/23/2012 12:56:08 PM Deleted Trojan program Trojan.Win32.Agent.slyh C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\50\2d15d0b2-4d80facb High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024 High 6/23/2012 12:58:04 PM Deleted Trojan program Trojan-Spy.Win32.Lurk.ze C:\Documents and Settings\Kids\Local Settings\Temp\0.4561690942235387.htm High 6/23/2012 12:58:23 PM Deleted Trojan program Trojan-Spy.Win32.Lurk.ze C:\Documents and Settings\Kids\Local Settings\Temp\E8.tmp High 6/23/2012 1:43:54 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1087\A0100341.exe High 6/23/2012 1:44:19 PM Deleted Trojan program Packed.Win32.Krap.hc C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1094\A0105369.exe High Link to post Share on other sites More sharing options...
Maniac Posted June 24, 2012 ID:563822 Share Posted June 24, 2012 A lot of Java vulnerabilities, let's take care for them:Step 1Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:Please download JavaRa to your desktop. Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.[*]Run JavaRa.exe[*]Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.[*]Open JavaRa.exe again and select Search For Updates.[*]Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.Step 2Download Dr.Web CureIt to the desktop.Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, chose the Complete Scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look and see if you can click the following icon next to the files found:If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner. Link to post Share on other sites More sharing options...
ATVman Posted June 25, 2012 Author ID:564060 Share Posted June 25, 2012 The log didn't copy very welld69fcd3-1f843ef2\rotor/zalux.class;C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\19\d69fcd3-1f843ef2;Exploit.CVE2010-0840.20;;d69fcd3-1f843ef2;C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\19;Container contains infected objects;Moved.;CustomInstallationPlugIn.dll;C:\Documents and Settings\Kelly\Local Settings\Temp\01M7GSE0\kitchen_brigade-setup[1] Setup\plugins\2;Probably STPAGE.Trojan;;jar_cache1483048561033722112.tmp\E.class;C:\Documents and Settings\Kids\Local Settings\Temp\jar_cache1483048561033722112.tmp;Exploit.Java.307;;jar_cache1483048561033722112.tmp;C:\Documents and Settings\Kids\Local Settings\Temp;Container contains infected objects;Moved.;cbr2121;kw=google;sz=728x90;ord=5358208832638516[1];C:\Documents and Settings\Kids\Local Settings\Temporary Internet Files\Content.IE5\75A9R9MB;Probably SCRIPT.Virus;;cbr2121;kw=google;sz=728x90;ord=2998561148723128[1];C:\Documents and Settings\Kids\Local Settings\Temporary Internet Files\Content.IE5\GY2C9IOO;Probably SCRIPT.Virus;;npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;;A0102387.bat;C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1089;Probably BATCH.Virus;;A0105426.bat;C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1095;Probably BATCH.Virus;; Link to post Share on other sites More sharing options...
Maniac Posted June 25, 2012 ID:564104 Share Posted June 25, 2012 How are things now? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 30, 2012 ID:565628 Share Posted June 30, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts